Making TN Critical Infrastructure the Most Secure in the Nation – T. Gwyddon ‘Data’ Owen, James Cotter – ASW #359
For OT systems, uptime is paramount. That's a hard rule that makes maintaining, upgrading, and securing them a complex struggle. Tomas "Data" Owens and James Cotter discuss how Tennessee is tackling the organizational and technical challenges that come with hardening OT systems across the state. Those challenges range from old technology (like RS-232 over Wi-Fi!?) to limited budgets. They talk about the different domains where OT appears and provide some examples of how the next generation of builders and breakers can start learning about this space.
Segment Resources:
Free Cyber OT Training (INL): https://ics-training.inl.gov/
Free Cyber Hygiene Training (CISA): https://www.cisa.gov/cyber-hygiene-services
Recommendations for network hardening (CISA): https://www.cisa.gov/shields-up
More OT and ICS resources: https://github.com/biero-el-corridor/OTICSressource_list
Gwyddon (“Gwee-thin”) or ‘data’ (yes, like the character on Star Trek) is a retired Air Force Cyber Warfare Officer who’s been on the cutting edge of cyber security since 2003 and operational technology security since 2012, when his work exposed critical vulnerabilities. These revelations triggered over $1.5 billion in federal spending that year, started programs that are still running today, and at least one Presidential executive order. With over 20 years defeating nation-state adversaries across air, land, sea, space, and cyberspace—and certifications spanning every NSA Red Team and CYBERCOM offensive work role—he now brings that hard-won expertise to Tennessee’s critical infrastructure. As Director of Cyber & Technology for Universal Strategy Group, ‘data’ provides the technical backbone for Tennessee’s ambitious goal to become the most secure State in the Nation. He’s a USAF Academy and Air Force Institute of Technology grad who’s run cyber operations with every Five Eyes partner, and he understands that protecting power grids, water systems, and industrial controls requires a fundamentally different approach than traditional IT security.
James Cotter
Supervisory Special Agent
Cybersecurity Operations, Critical Infrastructure and Grants
James has over 25 years of law enforcement experience and has been with the Department of Safety & Homeland Security for the last 17 years.
In 2008, James joined the Tennessee Department of Safety & Homeland Security as an Agent. He was promoted in 2012 to Supervisory Intelligence Officer and Director of the Tennessee Fusion Center overseeing Homeland Security Intelligence Operations for the State. In 2017, he became the Special Agent Program Manager for Cyber Operations. In 2023, he was promoted to Supervisory Special Agent and supervises the department’s cybersecurity, critical infrastructure, and grant divisions; and serves as an Emergency Services Coordinator for Emergency Support Function 17 (Cyber) and ESF-13 (law enforcement).
James is a graduate of the Naval Post Graduate School Fusion Center Leaders Program, the Southeast Command and Leadership Academy, holds a BS in Criminal Justice, and is a budding ethical hacker. He is a veteran of the United States Marine Corps with deployments to the Middle East, Africa, South and Central America.
Mike Shema
- Stop Hacklore!
- Cloud Threat Modeling 2025 | CSA
CSA also has an article calling for continuous threat modeling. If you look at threat modeling as critical thinking about how an app could be used, that makes sense. But continuous doesn't have to be burdensome or overly formal -- it can be part of the evaluation that goes into a code review or change management process.
- Cloudflare outage on November 18, 2025
It's always unfortunate when a security feature leads to an outage or otherwise degrades performance.
