Mike Hoffman

Mike currently serves as Principal Industrial Consultant with the industrial cybersecurity company Dragos, Inc. He previously held positions with Shell, where he worked for 20 years in ICS Security Engineering, Controls & Automation, Laboratory & Process Analyzers, and Instrumentation & Electrical.  Coming from a technical background gives him the understanding of industrial processes, which is extremely important in understanding the impact of OT system compromise and the nuances of defending those systems. Mike is a SANS Technology Institute graduate, earning his master’s degree in information security engineering with an Industrial Control Systems focus. Besides his work at Dragos, Inc. he teaches ICS612: ICS Cybersecurity In-Depth at SANS.

More About Mike


Getting into Industrial Security was a natural progression from Mike’s background in instrumentation and industrial automation. After working in learning instrumentation and control systems, he moved into analytical systems, as they combined chemistry, instrumentation, and computers. “The online process analyzers were software based and allowed the user to program them and connect them to the plant OT network.” Mike became fascinated by them and started to develop new programs, which eventually led to applying for and completing a B.S. Degree in Computer Information Systems to help in these efforts.

“From then on I moved roles and addresses to use my degree as an Automation and Controls Specialist where I worked as a SCADA Admin, and lead PLC/RTU programmer.” Mike became interested in networking and architecture and started to study for the CCNA certification and take courses at INL for ICS Security. In 2015 he took his first SANS class, ICS410, and he was hooked immediately, “because I knew there was an unlimited amount of learning to be had, and it was an area I could leverage all of my background and continually grow into.” Since then, he took on a global role as ICS security lead and eventually move over to Dragos where Mike is now a Principal Industrial Consultant. “From a personal standpoint I have always held the motto of ’the day you stop learning is the day you begin to die,’ Mike says. “So I saw the need to further my education and applied for and completed the master’s in information security engineering program at SANS Technology Institute."

SANS has been pivotal to Mike, both personally and professionally. “The SANS ICS community has been an extended family for me, and I have very high regard for the instructors and staff. Being able to contribute to the community and give back through teaching at SANS has been a highlight of my career. To ultimately be able to help people grow personally and professionally is what makes it all worthwhile.”

Mike feels he is blessed to have started his journey into OT cyber security in the technical trades working on instrumentation and control systems, because this allows him to understand the underlying mechanical, chemical, and physical aspects of the process. “ICS/OT security is about defending those critical systems that are creating business value, and understanding those industrial processes is extremely important in understanding the impact of IT systems compromise and the nuances of defending those systems.” Mike absolutely loves getting into the engineering aspect of industrial control systems and devices and enjoys showing students how to apply security principles of protection, detection, and recovery in class. “Many students coming into the class never had hands-on experience with industrial devices, systems or programming them. Therefore, many of the concepts are quite challenging at face value. However, I try to compare and contrast technologies or concepts that they are familiar with to allow them to quickly harness the content and empower them to thrive in the course.”

Mike works to engage students where they are when they come into class and try to relate their experiences and backgrounds by providing examples and talking points that are tangible. “Students bring a wealth of knowledge to the class, and I promote open communication and discussions in the class. As students complete challenges and labs, I like to celebrate those successes with them,” Mike says. As OT Security does not end with the class, he therefore likes to promote continual learning beyond the class by providing examples of home labs, DIY solutions, and projects.



You can find more of Mike's contributions:


Vulnerabilities on the Wire: Mitigations for Insecure ICS Device Communication, February 2020

Gaining Endpoint Log Visibility in ICS Environments, March 2019


Gaining Endpoint Log Visibility in ICS Environments, SANS ICS Security Summit 2019

What’s cooking? Starting your own DIY Automation and ICS Security Projects, SANS O&G Security Summit 2019

SANS ICS Concepts: Windows Logging, July 2021

Are you under ATT&CK? How to gain OT visibility necessary for MITRE ATT&CK for ICS Coverage, SANS ICS Security Summit 2021


Detecting PLC Switch Position Changes Through the Network, December 2021

Value of PLC Key Switch Monitoring to Keep Critical Systems More Secure, August 2021

Reflecting on my journey with SANS, June 2020


DIY Project using the ICS612 CLICK PLC to automate home coffee roasting.