Joel Langill

Director, Industrial Cybersecurity Services

Joel Langill is a part of the Critical Infrastructure Protection team at AECOM where he serves as the Director of Industrial Cybersecurity. Prior to joining AECOM, Joel founded SCADAhacker.com – a site devoted entirely to industrial cyber security. He has worked for over 30 years exclusively in the industrial automation and control industry where he was involved in designing, implementing and supporting automation solutions for global infrastructure projects spanning the globe. His experience was developed working in integrated control system architectural design, product development, project implementation, and system migration in a variety of roles having exposure to most industry sectors. Having worked on both greenfield and brownfield projects around the world, Joel has rare and insightful insight into the risks and mitigation of cyber threats in industrial control systems as they have been designed, deployed, and maintained.

Joel offers one of the leading training courses on ICS cybersecurity, and was the co-author of the popular book on the subject “Industrial Network Security”.  Joel is a member of the ISA 84 and ISA99 committees on functional safety and industrial security for control systems. His certifications include: Certified Ethical Hacker (CEH), Certified Penetration Tester (CPT), Certified SCADA Security Architect (CSSA), and TÜV Functional Safety Engineer (FSEng). Joel has also obtained extensive training through the U.S. Dept. of Homeland Security FEMA Emergency Management Institute having completed ICS-400 on incident command and crisis management. He is a graduate of the University of Illinois – Champaign with a BS (Bronze Tablet University Honors) in Electrical Engineering.

My Sessions

Iatrogenics: Harm Done By The Healer

Main Stage

Iatrogenics (harm caused by the healer) is most tied to medicine, but it should also be considered with ICS security controls. What if a security control actually increases risk of an outage or catastrophe? The panelists will debate how to evaluate if the introduction of a security control or OT component (intervention) impacts the risk […]

Panel / Debate Secure Design & Dev