Thomas Brandstetter is a widely-recognized OT cybersecurity expert, with more than 20 years of outstanding and diverse experience in multiple technical and management roles. He is known for being an enthusiastic and forward-looking professional character, trying to do the right thing and building things that last.
Thomas started his Infosec career as a security engineer and penetration tester at Siemens, working on everything ranging from single controllers to entire industrial control and energy automation solutions. Consequently, Thomas became the founder of the Siemens Hack-Proof Products program, their earliest secure product development initiative. This job also led to his role as the appointed lead incident handler of the remarkable Stuxnet malware for Siemens in 2010. After having worked in both offensive and preventive security, he went into response and founded the Siemens Product Cyber Emergency Readiness Team, which is still one of the most effective industrial vulnerability and incident response teams worldwide today.
Since 2013, he became co-founder and managing director of Limes Security, a well-established European cyber security company specializing in best-in-class OT security consulting and secure software development coaching, operating out of four major European cities.
Thomas has a passion for teaching security courses, as he is convinced that demand for excellent talent continues to outstrip available workforce by far. On the professional side, he is sharing his experience as instructor both at Limes Security as well as at the prestigious SANS technology institute, where he has been teaching industrial control system security courses throughout Europe and the Middle East since 2015.
He also developed a passion for academia, leading to his appointment as Professor for IT Security at University of Applied Sciences St. Poelten, Austria, where he practically teaches his past career in various security courses like essential hacking tools, penetration testing, industrial security and safety at bachelor and master security programs. For his academic efforts in control system security, he also was appointed as Honorary Professor for Cyber Security at the esteemed Cyber Technology Institute of DeMontfort University Leicester, UK.
When not in classroom, Thomas still likes to spend a certain number of days in projects, supporting industrial vendors and operators to ramp up their security posture, where he has helped to establish and improve numerous industrial security programs and PSIRTs for multinational corporations.
Thomas presented at top-level security conferences such as Blackhat USA, Blackhat Europe and SANS ICS summits, but also at academic conferences like IFIP WG11.10 usually on OT security related topics. Overall, he has presented at more than 40 conferences either as keynote or regular speaker.
Besides speaker engagements, Thomas likes to actively contribute to the security community, where he has another track record of building things up. In his homecountry Austria, already during his first study degree he founded the Hagenberg Kreis association for the promotion of digital security, and kicked off their Securityforum conference series which has been successfully around for more than 20 years now. His latest effort on that side was taking over the it security community exchange (ITSECX) conference as conference director, which is another annual community conference series in Austria with more than 700 attendees. On the international conference series side, he helped to establish the first ICS villages at DEFCON and BruCON. He became conference chair of the dedicated industrial control system cyber security research (ICS-CSR) academic conference series that he pushed from its first inception.
He is the inventor of several security-related patents, holds the renown GSEC, GICSP and GRID certifications from GIAC as well as a CISSP, an academic degree in IT security from the University of Applied Sciences Hagenberg, Austria and a Master’s degree in business administration from the Universities of Augsburg and Pittsburgh.
When not in classroom or office, Thomas likes to think about different ways of how this planet could be saved and improved and enjoys being out in nature in order take care of and harvest physical rewards on his own little eco-farm.