Josh Carpman, CISSP, GICSP, GSEC
Details
Chemical Engineering
Rice University
1990 : 1994
Milton Academy
1986 : 1990
- Establish and lead transformative OT cybersecurity program
- Assessment of OT cybersecurity maturity levels for 40 global productions facilities with a variety of criticalities and business lines
- Interface between management stakeholders, enterprise IT teams, and production leaders
- Definition of global OT cybersecurity standards and policies
- Selection of specific technologies and network designs to close assessed security gaps, including BeyondTrust PRA and Claroty CTD.
2023 : Present
Veolia Water Technologies & Solutions
OT Cybersecurity Leader
Responsibilities :
- Maintenance, configuration, installation and monitoring of Palo Alto IPS/firewall appliances at 200+ industrial facilities in North and South America
- Design and implementation of industrial network zone segmentation model (Purdue ISA-99) utilizing VLAN insertion feature of Palo Alto
- Maintenance, configuration, installation and monitoring (SolarWinds Orion) of managed industrial network switches (HP Aruba and ProCurve)
- Syslog analysis using Splunk as well as automated script coding (Python) for intrusion detection and forensics
- System administrator for Bomgar (BeyondTrust) Privileged Remote Access system, supporting >1500 industrial endpoints and >1000 users 24/7
- Network mapping, site assessment, asset management and documentation for all industrial networks
2014 : 2023
Air Liquide
Industrial Network Security Engineer
Responsibilities :
- DeltaV DCS control logic configuration, graphics design and configuration, hardware setup and testing, virtual machine administration and workstation configuration
- Factory acceptance testing as well as on-site consultation and support
2013 : 2014
Puffer Sweiven
Application Specialist
Responsibilities :
- Design and upkeep of user interface for corporation-wide SCADA system for the Operations Control Center
- Configuration of Modbus communications for data collection from remote devices, including Foxboro I/A DCS, Siemens APACS DCS, DeltaV DCS, Elliot/Omni/Dynamic/Fisher/Emerson gas custody transfer meters, WonderWare HMI, various serial devices
- Process information database management (proprietary SCADA system based in Linux)
- C program development and integration for specialty applications including power monitoring, steam saturation control, tank levels, Siemens TI-505 NITP protocol converter
- Migration of power monitoring application from C to ISaGRAF for use in new generation field RTU
- Development of asset management/issue tracking system for the industrial network
- Process control network security architecture team member
2009 : 2013
Air Liquide Large Industries US LP
Senior Specialist
2001 : 2013
Air Liquide Large Industries U.S. LP
Senior Controls Engineer
Skills
APACS, Asset Management, Automation, Bomgar, C, Chemical Engineering, Commissioning, Control Logic, Control Systems Design, Cybersecurity, DCS, Emerson DeltaV, Energy, Engineering Design, Firewalls, Foxboro I/A, HMI Programming, HMIs, IEC 62443, Industrial Ethernet, Instrumentation, Manufacturing, Modbus, Network Architecture, Network Switches, NIST 800-82, P&ID, Palo Alto Networks, Pipelines, PLC, PLC Programming, Power Generation, Power Plants, Process Automation, Process Control, Process Safety, Programming, Project Engineering, R&D, Reliability, Root Cause Analysis, SCADA, Secure Remote Access, Security Information and Event Management (SIEM), SIS, Software Development, Splunk, Validation, VLAN, Wonderware, ISaGRAF, Moxa, Petrochemical, Process Engineering, Oil/Gas, Process Simulation, Simulations, Industrial Gases, Hydrogen, Gas, Distillation, Air Compressors
About
I am an OT (Industrial Network) Cybersecurity specialist with 10 years of experience in this niche corner of network engineering and security. My career trajectory originates in the controls and SCADA engineering sector, so I am intimately familiar with industrial plant environments and priorities. I have programmed control systems and SCADA systems and started up plants. I have developed solutions when none existed off the shelf.
I have been part of the evolution of a global OT security program from its inception to a mature run state and am familiar with the challenges inherent in such a transformation. I am eager to bring this experience to bear in new environments which need a more mature OT security posture.
Recent specific OT security experience:
- Admin responsibility for fleet of >200 Palo Alto Networks PA-200/220 firewall/IPS appliances with Panorama management
- Admin responsibility for fleet of >400 managed Industrial Network switches (mostly HP Aruba/ProCurve) at >200 primary production facilities leveraging Solarwinds Orion monitoring
- Security analysis and threat detection using Splunk and Python scripting
- Sysadmin for Bomgar (BeyondTrust PAM) secure remote access platform supporting >1600 industrial endpoints and >1000 users
- Design and implementation of OT/Industrial/ICS network segmentation using VLAN insertion feature of Palo Alto next generation firewalls, enabling transition without downtime or changes to control system assets.
- Assessment and documentation of plant industrial networks before and after implementation of said segmentation design
- Asset management for all tracked OT network assets at >200 primary production facilities
Earlier controls engineering experience:
- Interfacing Air Liquide propietary SCADA system with a wide array of industrual control systems
- Collection of raw data using a variety of remote terminal units
- Development of special applications in embedded systems for data collection and analysis
- Development of human interfaces for end data consumers
- Process control network security and administration
- Foxboro (Invensys) DCS programming and communications
- Delta-V (Emerson) DCS programming and communications
- ROC 809 (Emerson) flow computer/PLC programming and communications
- APACS (Siemens) DCS programming and communications
- ISaGRAF (ICS Triplex) PLC programming
- WonderWare HMI programming
- modbus communications protocol
- C application development
Profile Photo
