Cybersecurity Summit

Get up to speed on the latest in cybersecurity and learn from the experiences of other utilities
May 8 - 10, 2023
Denver, Colorado

Cybersecurity Summit

Cybersecurity is among the top seven concerns that keep public power leaders up at night. Whether you’re just starting the cybersecurity journey at your organization or have a plan you need to refresh in the face of evolving threats, you can’t miss the Cybersecurity Summit. Learn from the nation’s leading experts and from your colleagues that have traveled this road already.

Who Should Participate

Everyone in a utility plays a role in cybersecurity. The program is geared for:

  • Chief information security officers
  • Chief technology officers
  • Chief information officers
  • Cybersecurity professionals
  • IT/OT personnel
  • Senior operations executives
  • Industry partners, including strategic thinkers and subject matter experts

More Information

Email: [email protected]

Email: [email protected]

Email: [email protected]

Email: [email protected]

​Summit Agenda

Monday, May 8

Pre-Summit Seminar

Please note you may only choose one of the following events, the pre-summit seminar or the tour, to register for as they take place concurrently.

8 am – 4 pm

DOE CyberStrike WorkshopFREE!
Get a hands-on, simulated demonstration of a cyberattack, drawing from elements of the 2015 and 2016 cyber incidents in Ukraine, but on the industrial control equipment you routinely encounter. This workshop, developed by the Department of Energy’s Office of Cybersecurity, Energy Security and Emergency Response, in collaboration with the Idaho National Laboratory, prepares critical energy sector owners and industrial control systems operators in the U.S. to respond to a cyber incident. The training involves a series of exercises that challenge participants to defend against a cyberattack using equipment they routinely encounter within operational technology networks. 

For entities interested in participating, it is encouraged that those who have separate IT and OT personnel to have at least one of each participate in the exercise if possible.

This event is only open to direct employees of electric utilities, joint action agencies, or state/regional associations; no outside counsel, consultants, or vendors may attend. Pre-registration required; limited to 50 people.


2 – 5 pm 

NREL’s Advanced Research on Energy Systems Cyber Range allows researchers to replicate cybersecurity scenarios as they would occur on real, complex energy systems. With supercomputing and advanced emulation capabilities, the cyber range makes it possible to build digital twins of real systems and connect the emulated environment to physical devices throughout NREL’s laboratories. NREL is building a new Energy Security Resilience Laboratory, which will be the lab’s operating center for secure and resilient energy systems. The new lab will provide a space for partners to visualize, emulate, and validate their solutions with the full power of ESIF assets and the limitless scale of virtual environments.

**NOTE**Bus will depart from the hotel at 1:30 pm MDT. Pre-registration required; limited to 25 people.


Tuesday, May 9

7:30 – 8:15 am 

Registration and Coffee

8:15 – 8:30 am

Welcome and Introductions

8:30 – 9:45 am 

Understanding the Changing Threat Landscape
Receive a briefing on the threat landscape for the electric sector as a whole and specific concerns facing public power entities. Get an inside perspective from the organizations seeing and analyzing the volume of threats against the industry, including representatives from the Multi-State Information Sharing and Analysis Center, Electricity Information Sharing and Analysis Center, and the Federal Bureau of Investigation (invited).

Casey Cannon, Analyst, Cyber Threat Intelligence, MS-ISAC; Tyler Tiller, ETAC Security Advisor, E-ISAC

9:45 – 10 am

Break with Sponsors


10 – 11 am

Choosing a Cybersecurity Framework 
Behind every successful cybersecurity program is a framework. However, there are dozens of models and standards to consider, as well as potential regulations. Get clear and useful guidance for navigating the maze of cybersecurity frameworks, from an overview of which frameworks are out there, which risks and environments each is designed to cover, and pros and cons of different selections. Discuss how to assess whether a multi-framework environment would be right for you, and how to get maximum value out of whichever path you choose.  

Eric Cardwell, Vice President, Professional Services, and John Fry, Director Cyber Risk Engineering, Axio 

11 – 11:15 am

Break with Sponsors

11:15 am – 12:30 pm

Exploring Options for Exercises and Cyber Incident Response 
A key piece of cyber incident response planning is exercising. There is value in participating in the large national exercises as well as smaller tabletop or regional exercises — not only to be prepared in the event of an incident, but also to forge relationships with other entities who can help. Learn more about how one utility partnered with the National Guard on a cyber exercise and how you can engage with your local unit for a similar activity, or leverage their resources to create your own exercise.  

Tim Pospisil, Nebraska Public Power District

12:30 am – 1:45 pm 

Sponsored Lunch with Exhibitors

1:45 – 3 pm 

Defending Against Ransomware
Ransomware strategies and mechanisms are ever evolving, but a constant threat. Get insight into the latest ploys of recent threats and review the steps you should consider taking to protect your community and employees. Discuss what problems you may encounter following an attack and how to respond and repair the systems and customer relationships affected by any attack.

Che Bhatia, Managing Director, Aon Cyber Solutions; Phil Kealy, Senior Consulting Leader – Incident Response, Mandiant, a Google Cloud company; Hafid Elabdellaoui, Oracle, VP, Cybersecurity – Oracle Energy and Water

3 – 3:30 pm

Break with Sponsors 

3:30 – 4:30 pm 

Zero Trust and the Smart Grid: Where Two Architectures Intersect
Get an introduction to two concepts established by the National Institute of Standards and Technology: Zero Trust Architecture and Guidelines for Smart Grid Cybersecurity. Understand the suggested strategy behind these concepts and learn how to integrate the practices into your cybersecurity program. Focus on how integrating these elements affects various roles and responsibilities, training and awareness protocols, and technical guidelines at public power utilities.

Jason Vigh, Principal Consultant – Industrial Cybersecurity, 1898 & Co., part of Burns & McDonnell 

5 – 6 pm Reception

Wednesday, May 10

7:30 – 8:30 am

Networking and Coffee

8:15 – 9 am

Managing the Nuances of IT/OT
It is challenging for IT and OT groups to secure their respective environments. In public power, this challenge is often compounded by differing views on how to apply cybersecurity policies and principles between the utility and its associated municipality. Learn how IT and OT groups can align with a common framework based while ensuring that the unique characteristics of each environment are addressed. Hear about ways to design and implement such a program, including governance, best practices, and procedures.

Doug Westlund, Senior Vice President and Principal Consultant, AESI-US, Inc.

9 – 9:15 am

Break with Sponsors 

9:15 – 10:15 am 

Mitigating Supply Chain Risk
Your vendors are not just providing a service or product, they are either partners or liabilities in your risk management program. Review how to adequately assess new vendors and mitigate the cybersecurity risk they pose to your organization, regardless of your size, including what tools can help you in the vetting and contracting process. 

Chris Poulin, Deputy CTO, Director of Technology and Strategy, BitSight; and Dave Sonheim, Chief of Cybersecurity - Supervisor Region 8, U.S. Department of Homeland Security, Cybersecurity and Infrastructure Security Agency

10:15 – 10:30 am

Break with Sponsors

10:30 – 11:30 am

Getting Management and Board Buy-In
An effective cybersecurity program requires significant support in the form of time and money. Securing the necessary resources requires being able to effectively communicate the importance of the activities, systems, and supports to utility leaders and governing boards. Review strategies for making the case for investing in your cybersecurity program and discuss what resources utilities need to be successful.

Michael Fish, Senior Director, Cyber Security, Salt River Project, Phoenix, Arizona; Jared Price, Chief Information Officer, American Municipal Power, Inc. 

10:30 – 11:30 am

Your Cybersecurity Toolbox
Investing in cybersecurity isn’t all about having a robust budget for the latest gadgets — there are numerous low-cost or no-cost tools and resources available. Explore the various resources public power professionals can use to improve your cybersecurity posture and how you can utilize them.

Richard Condello, Utility Cybersecurity Deployment Manager, American Public Power Association; Cynthia Hsu, IT Cybersecurity Specialist, Office of Cybersecurity, Energy Security and Emergency Response, U.S. Department Energy; and Dustin Thorne, Cyber Security Manager, Lincoln Electric System, Nebraska

12:30 pm

Summit Adjourns

10:30 – 11:30 am

Cyber Defense Community Meeting (includes a working lunch)
The monthly gathering of the Cybersecurity Defense Community, which provides input and feedback on APPA’s cybersecurity programs, cooperative agreements, cyber mutual aid, and publications and discusses industry/government cybersecurity proposals.

This meeting is limited to CDC members only. Eligible members interested in joining the CDC may reach out to [email protected] for more information.  




Registration Fees

**This event is closed to the press.**


Before April 14

After April 14







Not yet an American Public Power Association member? Join today and save $845 on your Cybersecurity Summit registration. Contact [email protected] to learn more. 

Group Discounts

Save money on each registration for the Cybersecurity Summit when your organization registers 5 or more people. The larger your group, the more you save!

Number of registrants

(per person)









25+ $200

Your group discount will be automatically applied when you register a group of 5 or more people. Registrations must be submitted on the same order (at the same time) to qualify for the group discount; discounts cannot be retroactively applied to previous orders.

Cancellation, Refund, and Substitution Policy

Registrants who cancel in writing on or before Tuesday, May 1, 2023, are entitled to a refund of their registration fee, minus a $50 cancellation fee. Registrants who cancel after May 1 will not receive a refund, but attendee substitutions will be allowed for the 2023 Cybersecurity Summit only. Registrants and no-shows who do not cancel on or before May 1 are responsible for the full registration fee and are not entitled to a refund of their registration fee. 

Cancellation requests must be made through your portal, or addressed to: [email protected].

Code of Conduct

Attendees of American Public Power Association meetings agree to abide by the APPA Code of Conduct. If attendees engage in unacceptable behavior as outlined in the Code of Conduct, the Association may take any action it deems appropriate, including, but not limited to, expulsion from the current and future meetings with no warning or refund.

Contact Us

Registration: [email protected]

Program/Content: [email protected]

Hotel: [email protected]

Billing: [email protected]


Hotel Information

The 2023 Cybersecurity Summit will take place at the:

Hilton Denver City Center  
1701 California Street
Denver, CO  80202


  • Phone: (303) 297-1300
  • Group Rate: $249 (Single/Double) per night (plus State and Local Taxes)
  • Room Rate Cut-off Date: April 17
  • Group Code: American Public Power Association
  • Online Reservation Link


  • Check-in: 4 p.m.; Check-out: 11 a.m.
  • Valet Parking: Valet Parking $54/overnight; Self-Parking $34/overnight

Please note: It is possible that the block of rooms could sell out prior to April 17, so make your hotel reservations early.

Reservations & Cancellations

Please contact the hotel directly to reserve and manage your reservation. If you need assistance making reservations, contact [email protected].

Internet Access

WiFi may only be available in hotel common areas (sleeping rooms and hotel lobby) and will not be available in meet­ing rooms. Please make arrangements to use cellular data on your device or bring a MiFi or Internet hotspot for personal use. APPA will not provide a password for WiFi.


All courses will be held in the Hilton Denver City Center. The hotel is located about 25 miles from the Denver International Airport (DIA). Please contact the hotel for transportation options.

Travel Arrangements/Hotel Parking

Travel arrangements and costs associated with hotel parking are the responsibility of the participants. APPA will not reimburse for changes in travel expenditures regardless of the cause.

Scam Alert

Please do NOT make hotel reservations through any third party that may contact you by phone or email. Use only the online reservation links, phone numbers, and discount codes available directly from APPA —in conference brochures and the website at

Frequently Asked Questions

What is the policy on refunds, cancellations and attendee substitutions?

Registrants who cancel in writing on or before May 2, 2023, are entitled to a refund of their registration fee, minus a $50 cancellation fee. Registrants who cancel after May 2 will not receive a refund, but attendee substitutions will be allowed for the 2023 Cybersecurity Summit only. Registrants and no-shows who do not cancel on or before May 2 are responsible for the full registration fee and are not entitled to a refund.

Can I earn educational credits for attending this conference?

Yes, you can earn the following kinds of educational credits for participating in sessions during the conference:

  • Continuing Education Units (CEUs) from the International Association for Continuing Education and Training (IACET)
  • Professional Development Hours (PDHs) as established by the National Council of Examiners for Engineering and Surveying (NCEES)
  • Continuing Professional Education (CPE) Credits from the National Association of State Boards of Accountancy (NASBA)

To receive a certificate for your participation, participants must complete the online conference evaluation after the event.

Are meals included?

The following food functions/meals are included in the registration fee:

  • Tuesday - Continental Breakfast
  • Tuesday - Welcome Reception
  • Wednesday - Continental Breakfast

What is the conference dress code?

The attire for the conference is business casual. Meeting room temperatures vary, so prepare to dress for cool conditions.

How can I present at the conference?

We welcome your topic and speaker ideas for future conferences and events. To submit your idea for consideration, complete this form. Conference topics are generally determined 6-8 months before the event is held. Ideas will be kept on file for a full year, so if the agenda for the conference has already been determined, your ideas will be considered for the next year’s event, or in case any space opens up in the current year’s program. You will be contacted only if your idea is selected for an upcoming conference.

What is the APPA Code of Conduct for meeting attendees?

Attendees of American Public Power Association meetings agree to abide by the APPA Code of Conduct. If attendees engage in unacceptable behavior as outlined in the Code of Conduct, the Association may take any action it deems appropriate, including but not limited to, expulsion from the current and future meetings, with no warning or refund.

Contact Us

Registration: [email protected]

Program/Content: [email protected]

Hotel: [email protected]

Billing: [email protected]