Dragos appoints Dawn Cappelli as Director for OT CERT program
Dragos announced the appointment of Dawn Cappelli as OT CERT Director at Dragos. Cappelli will be responsible for launching and leading Dragos’s OT Cyber Emergency Response Team (CERT), an upcoming community resource center that will be available exclusively for industrial asset owners and operators.
Cappelli is a highly respected and globally recognized security leader with extensive expertise in industrial automation and manufacturing. Prior to Dragos, Cappelli served as Vice President and Chief Information Security Officer at Rockwell Automation. There, she was responsible for developing and executing a holistic cybersecurity strategy to protect the company and its Connected Enterprise ecosystem of customers, suppliers, distributors, and partners from the ever-changing global threat landscape.
Cappelli came to Rockwell Automation in 2013 as Director, Insider Risk, and built the company’s Insider Risk Program, which was awarded the Global Team Leadership award by the Society of Women Engineers in 2016.
“As a Principal Engineer from the original CERT Coordination Center, the founder of the CERT Insider Threat Center, and Global CISO for the world’s largest industrial and information company, Dawn brings the complete wishlist of experience, insight, and expertise to the community-oriented work that needs to be undertaken to secure industrial organizations around the globe,” said Ben Miller, Vice President, Services, Dragos, Inc.
“Dawn’s firsthand knowledge and decades of experience from creating the CERT Insider Threat Center and further applications of that model will help us ensure the implementation of the Dragos OT CERT program lives up to its potential as an invaluable resource for asset owners and operators, including the smaller members of the community that struggle with getting the resources they need.”
Prior to Rockwell Automation, Cappelli was part of the world’s first cybersecurity organization – CERT – born at Carnegie Mellon University’s Software Engineering Institute (SEI). She was also the Director and Founder of the CERT Insider Threat Center at Carnegie Mellon’s SEI. In addition, she was the Technical Manager of CERT’s Enterprise Threat & Vulnerability Management Team.
Cappelli also co-authored the book “The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud)”, which was inducted into the Cybersecurity Canon – a list of must-read books for all cybersecurity practitioners. Prior to Carnegie Mellon Cappelli was a software engineer programming nuclear power plants for Westinghouse.
“Dragos has been a vocal advocate for the industrial community, and for years I’ve admired the passion and commitment the company puts into helping companies to secure critical infrastructure around the world,” said Cappelli. “I’m looking forward to working with Dragos’s exemplary leadership team to build the new OT CERT into a world-class resource center that serves both Dragos customers and the greater ICS/OT community to bring about better awareness and preparedness for the safety and security of industrial infrastructure. I’m especially excited about the opportunity to provide resources for small and medium-sized companies in protecting their ICS environments.”
Cappelli is a Certified Information Systems Security Professional, holds a BS in Computer Science and Mathematics from the University of Pittsburgh, is co-founder of the Open Source Insider Threat (OSIT) information sharing group and is a member of the RSA Conference Advisory Board, the Cybersecurity Collaborative Executive Committee, and the CyberWire Hash Table. She was inducted into the ISSA Hall of Fame in 2021, honored as a member of the 2021 CISOs Top 100 CISOs, 2020 Global CISO 100, and was named Pittsburgh CISO of the Year in 2018.
The OT CERT at Dragos will promote preparation, sharing of best practices, and collaboration in a dedicated space for members of the industrial community to engage directly with Dragos and each other to work towards a true collective defense approach to ICS/OT cybersecurity. The OT CERT program will also provide free tools, frameworks, templates, CVE updates, and other useful resources. Further details of the OT CERT program will be available at a later date.