The PMC Group LLC is a Service Disabled Veteran Owned Business providing project management and technical consulting services in the areas of Infrastructure; Information Technology; Management, Operations, and Business Integrated Services; and Real Estate.
With a primary focus on the federal government, The PMC Group LLC helps government and private sector clients stay abreast of the constant changes as a result of legislation, executive orders, and policy that will impact organizations people, processes, and technology.
This Introductory Workshop is intended for those professionals new to the world of cybersecurity, including facility, engineering, physical security, information assurance and other professionals involved with the design, deployment and operation and cybersecuring of building control systems. It will provide a combination of classroom learning modules to teach control system basics, protocols, how to use the information assurance risk management framework and hands-on laboratory exercises using tools and methods to inventory, diagram, identify, attack, exploit, contain and eradicate a cyber event.
This Advanced Workshop is for information assurance professionals who have experience in IT or control systems cybersecurity but need to learn how to apply those skills to building control systems. This Workshop will provide a more technical, in-depth training solution geared towards developing security professionals with the ability to approach security with an attacker mentality. This includes understanding and practicing techniques for footprinting, scanning and enumeration, exploitation, post exploitation, containment and eradication and reporting. Students will use Kali Linux and other exploit tools to gain entrance into the control system, pivot through the network, establish beacon command and control channels, modify logs to mask presence and exfiltrate data. Students will then contain and eradicate the exploit and prepare artifacts, event logs and develop an incident report.
This Workshop is designed to support the U.S. Department of Defense (DoD) facility managers and other facilities-related personnel to better prepare against cyber threats. It is geared to help architects, engineers, contractors, owners, facility managers, maintenance engineers, physical security specialists, information assurance professionals—essentially anyone involved with implementing cybersecurity in the facility life cycle—to learn the best practice techniques to better protect DoD facilities.
This Workshop is intended for building owners, facility managers, engineering, physical security, information assurance and other professionals involved with the design, deployment and operation of building control systems. It will provide a combination of classroom learning modules and hands-on laboratory exercises to learn how to detect, contain, eradicate and recover from a cyber event. It is built around the Advanced Control System Tactics, Techniques and Procedures (TTPs) developed by the U.S. Cyber Command (USCYBERCOM). Attendees will use the Cyber Security Evaluation Tool (CSET), GrassMarlin, Glasswire and Belarc tools to create a fully mission-capable (FMC) baseline, conduct footprinting and learn how to find building control systems exposed on the internet using Google Hacking, Shodan and WhiteScope discovery tools. They will build a Recovery Jump-Kit, use it to find and eradicate the malware using tools such as MalwareBytes and the Microsoft Internals suite, and learn how to perform data collection for forensics. Lastly, attendees will evaluate the cyber severity of the incident and prepare an incident report.