Dawn Cappelli has been recognized as a thought leader in industrial control system (ICS) security, insider risk mitigation, and overall cybersecurity risk management, and has worked with global industry, government, and intelligence community leaders on strategic cybersecurity issues for more than two decades. Her mission throughout her security career has been to influence the security posture of organizations globally by building communities of interest and developing, sharing, and promoting best practices. She has repeatedly tackled new frontiers in the cybersecurity landscape, including insider threat risk mitigation, how to build a comprehensive ICS/OT (Operational Technology) security program, and mitigating cybersecurity risk in the supply chain. Dawn is very active in networking and outreach across the security community, speaking at conferences and webcasts, in CISO forums, and on social media. She mentors women in security as well as professionals in other fields trying to break into the cybersecurity field.
Dawn is currently the Head of OT-CERT at the industrial cybersecurity company Dragos. Designed to support asset owners and operators of industrial infrastructure, Dragos OT-CERT provides free resources for the ICS/OT community. Cybersecurity risks in OT environments continue to rise, and many organizations struggle with the resources or expertise to address them, especially small to medium-sized businesses (SMB). OT-CERT was created with these organizations in mind. In addition, vulnerabilities discovered by Dragos’s Threat Intelligence team are publicly disclosed through OT-CERT. Dawn coordinates with teams from across Dragos to create OT cybersecurity resources suitable for the SMB community. She is also building and organizing an OT-CERT partnership network of global public and private sector leaders and partners to raise awareness of OT-CERT resources in the SMB community and to expand the Dragos commitment to help mitigate shared ICS OT challenges.
Dawn was Chief Information Security Officer for Rockwell Automation from 2016-2022, where she led the development and execution of a holistic cybersecurity strategy to ensure that Rockwell Automation and its Connected Enterprise Ecosystem - the company’s infrastructure, products, services, customers, and manufacturing - were safe, secure, and resilient. She was also responsible for Global Security: physical security, executive protection, workplace violence prevention, travel security, and crisis management. Before becoming CISO she was Director, Insider Risk, at Rockwell, where she was responsible for designing and building the Insider Risk Management Program to deter, detect and respond to malicious insider activity across the global enterprise while protecting privacy and civil liberties of employees. The Rockwell Insider Risk Program was awarded the Society of Women Engineers Global Team Leadership Award in 2016.
Previously, Dawn was Founder and Director of the Carnegie Mellon Software Engineering Institute CERT Insider Threat Center, where her team worked on the insider threat problem in partnership with the Department of Defense, the Department of Homeland Security, the U.S. Secret Service, other federal agencies, the intelligence community, private industry, academia, and the vendor community. The CERT Insider Threat Center was recognized as the world’s leading resource for insider threat risk mitigation.
Before entering the security field, Dawn started her career as a software engineer programming nuclear power plants for Westinghouse and continued her software engineering career at Carnegie Mellon University and the Software Engineering Institute. She co-authored the book “The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud),” which was inducted into the Cybersecurity Canon - a list of must-read books for all cybersecurity practitioners.
Dawn is a Certified Information Systems Security Professional, holds a BS in Computer Science and Mathematics from the University of Pittsburgh, is co-founder of the Open Source Insider Threat (OSIT) information sharing group and is a member of the RSA Conference Advisory Board, the Cybersecurity Collaborative Executive Committee, the CyberWire Hash Table, and the Georgia Tech School of Cybersecurity and Privacy Industrial Advisory Board. She was awarded the 2022 CIO Choice Lifetime Achievement Award by the Pittsburgh Technology Council, inducted into the ISSA Hall of Fame in 2021, honored as a member of the 2021 CISOs Top 100 CISOs, 2020 Global CISO 100, and was named Pittsburgh CISO of the Year in 2018.