Conference keynote or general session
Typical length: 30 to 60 minutes
High-level, practical presentation for broad utility, public works, emergency management, or critical infrastructure audiences.
Speaking and training
Speaking, Workshops, and Executive Briefings for Critical Infrastructure
Systems Risk Advisory provides practical speaking, workshops, executive briefings, and facilitated exercises for organizations responsible for essential services, OT/ICS environments, public works, utilities, and critical infrastructure operations.
Practical Security Content for Essential Service Organizations
Critical infrastructure audiences need security content that connects to real operations. Generic cyber awareness is not enough for utilities, public works departments, electric power organizations, emergency managers, and infrastructure leaders who must keep services operating under pressure.
Systems Risk Advisory delivers presentations and workshops that connect cyber risk, physical security, OT/ICS and SCADA systems, emergency response, leadership decisions, and continuity of essential services. The focus is practical: what can happen, who needs to act, what decisions matter, and what should be improved before an incident occurs.
Kevin J. Owens leads most speaking, board briefing, and executive education engagements. Systems Risk Advisory can also support workshops, facilitated exercises, and technical sessions with qualified specialists when a larger engagement requires added depth.
Speaking and Training Formats
Sessions can be built for conferences, board meetings, utility groups, public works teams, technical staff, or cross-functional response teams.
Conference breakout session
Typical length: 45 to 90 minutes
Focused topic session with examples, decision points, and takeaways for a defined audience.
Executive or board briefing
Typical length: 60 to 120 minutes
Leadership-focused risk briefing for boards, councils, commissioners, executives, city leaders, and senior staff.
Half-day workshop
Typical length: 3 to 4 hours
Interactive training on ransomware readiness, OT/ICS risk, AWIA planning, incident response, or cyber-physical coordination.
Full-day workshop
Typical length: 6 to 8 hours
Deeper working session with planning exercises, group discussion, practical examples, and improvement planning.
Tabletop exercise
Typical length: 2 hours to full day
Scenario-based exercise that tests roles, decisions, communication, containment, continuity, and recovery.
Webinar or virtual briefing
Typical length: 30 to 90 minutes
Remote session for associations, boards, committees, utility groups, and distributed teams.
Featured Speaking Topics
These topics can be delivered as conference sessions, executive briefings, workshops, webinars, or exercise primers.
Cyber Resilience for Water and Wastewater Utilities
Best audience: Utility leaders, operators, IT staff, OT staff, public works directors, boards, and emergency managers
A practical session on how water and wastewater utilities can reduce cyber risk while maintaining safe and reliable operations.
Attendees learn:
- Where utility cyber risk usually becomes operational risk
- Why remote access, backups, vendor access, and OT visibility matter
- How leaders can prioritize fixes without overwhelming staff
AWIA RRA and ERP: From Compliance Document to Readiness Tool
Best audience: Water utility executives, compliance leads, emergency managers, public works leaders, and governing bodies
A session on using AWIA risk and resilience assessments and emergency response plans as practical management tools, not shelf documents.
Attendees learn:
- What risk and resilience assessments should help leaders decide
- How ERP updates should connect to cyber, physical, and operational events
- How to tie findings to training, exercises, and improvement tracking
Ransomware Readiness for Utility Leaders
Best audience: Executives, boards, city managers, general managers, IT leaders, public works directors, and emergency managers
A leadership-level session on preparing for ransomware before it affects billing, email, work orders, SCADA visibility, backups, or public communication.
Attendees learn:
- What decisions leaders face in the first hours
- How to prepare for degraded operations and public messaging
- What to ask about backups, insurance, vendors, and recovery order
OT/ICS and SCADA Security Without Overcomplication
Best audience: Utility leaders, IT, OT, engineering, operations, maintenance, and public works personnel
A plain-language session on control-system risk, remote access, vendor access, segmentation, operator visibility, and safe recovery.
Attendees learn:
- How IT and OT risks differ in real operations
- What remote and vendor access paths should be reviewed
- Why recovery must account for control-system safety and process impact
Cyber-Physical Incident Response for Critical Infrastructure
Best audience: Executives, emergency managers, IT, OT, facilities, security, public works, and operations teams
A session on incidents that cross cyber systems, facilities, field assets, communications, vendors, and operational decision-making.
Attendees learn:
- How cyber and physical events can overlap
- Who needs to coordinate during a multi-domain incident
- How tabletop exercises can expose decision and communication gaps
Tabletop Exercises That Test Decisions, Not Checklists
Best audience: Utility leaders, emergency managers, IT, OT, public information officers, public works leaders, and governing bodies
A session on designing useful exercises that test authority, communication, containment, operations, public messaging, and recovery.
Attendees learn:
- How to build scenarios that reflect real operational pressure
- What decision points should be tested
- How after-action findings should become tracked improvements
The Human Side of Water Cybersecurity
Best audience: Operators, supervisors, utility managers, IT and OT staff, trainers, and leadership teams
A session on trust, communication, training fatigue, stress, silence, and the people issues that shape incident readiness.
Attendees learn:
- Why training often fails to change behavior
- How trust affects reporting and response
- What leaders can do to reduce silence during incidents
Board-Level Cyber Risk Briefing for Utilities and Public Works
Best audience: Boards, councils, commissioners, executives, city managers, general managers, and senior leaders
A nontechnical briefing that helps governing bodies understand cyber, physical, and operational risk in practical decision terms.
Attendees learn:
- What questions board members should ask
- How to understand cyber risk without technical overload
- How to connect security investments to service continuity
Audiences We Support
Water and wastewater utilities
General managers, operators, IT staff, OT staff, boards, public works directors, and emergency managers.
Electric power and public power organizations
Leadership, operations, engineering, substation, SCADA, IT, OT, and emergency response personnel.
Local government and public works
City managers, county leaders, public works directors, facilities staff, IT teams, and elected officials.
Critical infrastructure associations
Conference attendees, committees, regional groups, sector councils, and professional associations.
Boards and executive teams
Decision-makers who need clear risk language, practical priorities, and budget-relevant options.
Operations and technical teams
Personnel responsible for systems, facilities, field work, remote access, controls, and response procedures.
Workshop Modules and Exercise Themes
Workshops can stand alone or support a larger assessment, planning effort, tabletop exercise, or training day.
Ransomware readiness
First-hour decisions, containment, degraded operations, backups, recovery, public communication, and leadership coordination.
Remote access and vendor access
VPNs, remote support tools, shared accounts, service accounts, MFA, logs, approval gates, and OT access paths.
OT/ICS and SCADA risk
Control-system architecture, segmentation, operator visibility, engineering workstations, telemetry, alarms, PLCs, RTUs, and HMIs.
AWIA RRA and ERP readiness
Risk assessment findings, emergency response plan updates, training, exercises, improvement tracking, and leadership reporting.
Physical security and site response
Facility access, gates, keys, lighting, cameras, yards, field sites, response coordination, and cyber-physical dependencies.
Incident response and emergency coordination
Roles, escalation, incident command interface, vendors, law enforcement, emergency management, public information, and recovery order.
For Event Planners
The page should make it easy for a conference organizer, association lead, or utility executive to evaluate fit quickly.
| Planning item | Details |
|---|---|
| Best-fit session types | Critical infrastructure cybersecurity, water sector cyber resilience, OT/ICS and SCADA security, ransomware readiness, emergency planning, physical security, and tabletop exercise design. |
| Common event types | Utility conferences, AWWA section events, public works meetings, emergency management events, cybersecurity conferences, board retreats, executive briefings, and internal training days. |
| Preferred session style | Clear, practical, field-informed, plain-language, decision-oriented, and suitable for mixed technical and nontechnical audiences. |
| Available delivery modes | In-person, virtual, conference session, private briefing, half-day workshop, full-day workshop, facilitated tabletop exercise, or planning session. |
| Audience size | Small board briefings, department-level workshops, committee meetings, utility groups, and larger conference audiences. |
| Customization | Sessions can be adjusted for water, wastewater, electric power, local government, public works, emergency management, or mixed critical infrastructure audiences. |
Speaker Bio Options
Short bio
Kevin J. Owens is Principal Consultant at Systems Risk Advisory, where he helps critical infrastructure organizations improve cybersecurity, physical security, OT/ICS resilience, emergency planning, incident response, and operational readiness. He has more than 30 years of experience across cybersecurity, engineering, industrial control systems, SCADA, water sector security, and critical infrastructure protection.
Conference bio
Kevin J. Owens is Principal Consultant at Systems Risk Advisory and a critical infrastructure cybersecurity practitioner with more than 30 years of experience across cybersecurity, electrical engineering, OT/ICS, SCADA, physical security, emergency planning, incident response, and resilience. His work focuses heavily on water and wastewater utilities, AWIA risk and resilience assessments, emergency response plans, ransomware readiness, tabletop exercises, and practical cyber risk reduction for organizations that operate essential services. He has served in senior technical and leadership roles in consulting, industry, and the Department of Defense, and is active in AWWA cybersecurity and emergency preparedness work.
Why Systems Risk Advisory for Speaking and Workshops
Built for critical infrastructure audiences
Sessions address real service continuity, operational pressure, public trust, field conditions, and leadership decisions.
Useful for mixed audiences
Content can reach boards, executives, operators, IT, OT, engineering, public works, facilities, emergency managers, and public information staff in the same room.
Cyber, physical, and operational view
Topics connect systems, facilities, people, vendors, communications, emergency plans, recovery, and public communication.
Water sector depth
Systems Risk Advisory brings specific experience with water and wastewater utilities, AWIA planning, SCADA environments, and sector-specific readiness issues.
Practical session design
Presentations are built around decisions, examples, discussion, exercises, and next steps, not abstract theory.
Principal-led delivery
Kevin leads most speaking and executive education engagements, with qualified specialist support available for larger workshops or exercises.
Planning Questions Before Booking
- Who is the audience, and how technical should the session be?
- Is the event focused on awareness, executive decision-making, staff training, or exercise facilitation?
- Which sector should the examples emphasize: water, wastewater, electric power, local government, public works, or mixed infrastructure?
- Should the session focus on ransomware, OT/ICS, SCADA, AWIA, physical security, emergency planning, or tabletop exercises?
- How much time is available, and should the session include audience discussion or scenario work?
- Do attendees need a handout, checklist, board briefing, facilitator guide, or after-action product?
Bring practical critical infrastructure security content to your next event, board meeting, workshop, or exercise.
Systems Risk Advisory can support conference sessions, utility briefings, executive education, tabletop exercises, and training built around real operational risk.