# Cabreza - Complete Reference > Your Access To OT Cybersecurity Capabilities. Software for building OT security programs and the first independent, on-demand and vetted OT cybersecurity network. This is the extended version of llms.txt with comprehensive details about Cabreza, our products, team, and capabilities. For a shorter summary, see https://cabreza.com/llms.txt --- ## Company Overview Cabreza, Inc. is an OT cybersecurity company founded in 2024. We develop purpose-built solutions that help industrial security teams protect critical infrastructure and build resilient programs. **Mission:** Enable industrial organizations of any size to build and maintain world-class OT security programs through practical tools and deep domain expertise. **Vision:** A future where every industrial organization has access to the security expertise and tools needed to protect critical infrastructure and ensure operational continuity. **Core Philosophy:** - **Defense says success is nothing getting through. Resilience says success is the process never stopping. We build for the latter.** - Precision over volume — Quality content that meets real needs - Practitioner-built — Created by people who've done the work - Cyber resilience — Security that enables operations, not just protects them - Accessibility — Enterprise-grade capabilities for organizations of any size --- ## Products - Detailed ### Command — OT Security Program Software **Product URL:** https://cabreza.com/product **What is Command?** Command your OT cybersecurity program. Generate policies, procedures, briefings, and compliance documentation tailored to your environment in minutes. Select your output type, add context—domains, technologies, frameworks, audiences—and generate. It's a living security program that evolves with your environment. **How It Works:** 1. **Output Type** - Select what to generate (policies, procedures, briefings, etc.) 2. **Source Content** (optional) - Reference existing documents as source material 3. **Context** - Add domains, technologies, frameworks, and audiences relevant to your environment 4. **Generate** - Create expert-grade content tailored to your selections **Key Features:** - **Standards, Regulations & Frameworks Library:** Complete coverage of NIST CSF 2.0, ISA/IEC 62443, NERC CIP, CMMC, FDA 524B, TSA SD, NIS2, MTSA, SEMI E187/E188, and more - **12+ Industry Sectors:** Defense, Medical, Semiconductor, Chemical, Oil & Gas, Power, Water, Food & Beverage, Mining, Transportation, Automotive, Maritime - **Audience-Aware Content:** Tailored for CISO, SOC team, auditors, plant engineers, executives, operators - **Multi-Format Export:** RTF, Markdown, PDF - **In-Workflow Redaction Studio:** Remove sensitive information before processing - **Unlimited Content Storage:** All your generated content in one place - **Content Library:** Pre-built templates and frameworks as starting points **Supported Document Types:** - Security Policies (acceptable use, access control, incident response, etc.) - Standard Operating Procedures (SOPs) - Incident Response Playbooks - Executive Briefings and Board Reports - Risk Assessments - Vendor Security Questionnaire Responses - Compliance Documentation - Security Architecture Documents - Training Materials - Audit Preparation Documents **Pricing - Asset Owner Licenses:** | Tier | Monthly | Yearly | Savings | |------|---------|--------|---------| | Individual | $500/month | $5,000/year | 2 months free | | Team | Contact sales | Contact sales | — | | Enterprise | Contact sales | Contact sales | Custom terms | **Asset Owner License Benefits:** - Full access to all content types - Complete standards library - Email support (Individual), Priority support (Team), 24/7 support (Enterprise) - Custom training sessions (Team+) - Dedicated success manager (Enterprise) - Regulatory compliance assistance (Enterprise) **Pricing - Agency Licenses (Consultants & MSSPs):** | Tier | Pricing | Description | |------|---------|-------------| | Individual | Contact sales | For independent consultants | | Team | Contact sales | For small consulting practices, up to 10 consultants | | Practice | Contact sales | For growing security consultancies, up to 25 consultants | | Enterprise | Contact sales | For agencies and MSSPs, unlimited consultants, white-label options | **Agency License Benefits:** - **Individual:** Multi-client content management, client-specific output branding, email support - **Team:** Everything in Individual, team content collaboration, priority email support, custom training sessions - **Practice:** Everything in Team, advanced content collaboration, priority phone & email support, custom content templates, quarterly business reviews - **Enterprise:** Everything in Practice, unlimited consultants, custom integrations, 24/7 phone & email support, dedicated account manager, white-label options, SLA guarantees --- ### Connect — The Connect OT Cybersecurity Network **Product URL:** https://cabreza.com/connect **What is Connect?** The Connect OT Cybersecurity Network is an independent, on-demand and vetted network of OT cybersecurity professionals. Everyone joins the network — Clients submit requests for help, and Providers (Advisors, Specialists, and Practitioners) answer them. Every connection is personally curated by domain specialists and finishes with a written deliverable. **Key Features:** - Independent, on-demand and vetted OT cybersecurity microservices - Domain-specific matching by practitioners - Advisors, Specialists, and Practitioners tiers - Consultation, brief, panel, survey, and retainer formats - Every connection finishes with a written deliverable **Services:** - Consultation calls ($400–$1,200) - Panel sessions ($700–$2,200) - Survey responses ($150–$450) - Written briefs ($1,500–$5,500) - Advisory retainers ($2,500–$8,500) **Use Cases:** - Augment internal OT security teams with specialized microservices - Access domain-specific OT cybersecurity professionals on demand - Get matched with practitioners who understand your industrial environment --- ### Redaction Studio: Free Document Redaction **Product URL:** https://cabreza.com/redaction-studio **What is Redaction Studio?** A free, browser-based document redaction tool that prepares sensitive documents for AI processing by removing PII, IP addresses, and proprietary information. **Key Features:** - 100% client-side processing—your data never leaves your device - No account required - Supports common document formats - Pattern-based and manual redaction options - Completely free, forever **Use Cases:** - Prepare documents before using external AI tools - Remove sensitive information for vendor sharing - Anonymize documents for training purposes - Comply with data protection requirements --- ### SRFer: Free Standards, Regulations & Frameworks Crosswalk **Product URL:** https://cabreza.com/srfer **What is SRFer?** A free crosswalk tool that maps and compares controls across 17 security standards, regulations, and frameworks. Instantly see how requirements connect across NIST 800-53, NIST CSF 2.0, ISO 27001, IEC 62443, NERC CIP, NIS2, and more. **Key Features:** - 1,500+ controls mapped across 17 frameworks - Side-by-side control comparison - No account required - Completely free, forever **Supported Frameworks:** - NIST SP 800-53, NIST CSF 2.0, NIST SP 800-82 - ISO 27001, ISO 27002 - ISA/IEC 62443 - NERC CIP - NIS2 - CMMC, DFARS - And more **Use Cases:** - Map compliance requirements across multiple frameworks - Identify overlapping controls to reduce audit burden - Plan framework adoption based on existing compliance - Understand regulatory equivalencies --- ### Self Assessor: Free OT Security Maturity Assessment **Product URL:** https://cabreza.com/self-assessor **What is Self Assessor?** A free OT security maturity assessment tool that measures your program against NIST 800-82 R3 or NIS2. Get a scored breakdown with gap analysis in under 10 minutes. **Key Features:** - Choose assessment framework (NIST 800-82 R3 or NIS2) - Scored maturity breakdown by domain - Gap analysis with prioritized recommendations - No account required - Completely free, forever **Use Cases:** - Baseline your OT security program maturity - Identify highest-priority gaps - Benchmark against industry frameworks - Prepare for formal assessments or audits --- ## Frontline Infrastructure Program **URL:** https://cabreza.com/initiatives/frontline Cabreza's Frontline Infrastructure Program provides security expertise for the critical infrastructure CISA calls "target rich, cyber poor" — the systems communities depend on, run by teams that wear five hats and have zero dedicated security staff. **The Challenge:** - 93% of critical infrastructure orgs have fewer than 1,000 employees — most lack dedicated security staff - Attacks on critical infrastructure surged 70% in 2024 — nation-state actors targeting small operators - $1.2M average incident cost — for a system with a $3M budget, one attack is existential - Budgets go to aging infrastructure, not cyber programs - Regulations grow but funding doesn't follow **Who We Serve (6 Primary Segments):** 1. **Water & Wastewater** — 152,000 US systems, AWIA/EPA compliance, SCADA/RTU protection 2. **Rural Electric Cooperatives** — 900+ co-ops serving 42M Americans, NERC CIP Low Impact 3. **K-12 School Districts** — 13,000+ districts, FERPA compliance, 80% increase in attacks 4. **Small & Rural Hospitals** — Critical Access Hospitals, HIPAA Security Rule, ransomware targets 5. **Food & Agriculture** — FDA FSMA, grain elevators, co-ops, food safety + cyber convergence 6. **Municipal Transit** — Bus systems, light rail, TSA Security Directives, fare systems **Additional Segments:** Community colleges, tribal utilities, housing authorities, port authorities, rural broadband providers, volunteer fire/EMS, public health departments, libraries & cultural institutions, waste management **How Cabreza Helps:** 1. **Generate compliance-ready documentation in minutes** — AWIA, NERC CIP, HIPAA, FERPA — tailored to your systems 2. **Built on the frameworks your auditors expect** — NIST CSF, sector-specific standards, not generic IT templates 3. **A living program, not a static binder** — Updates when regulations change **Cross-Sector Compliance Deadlines:** - Sep 2025: NERC CIP-015-1 effective (Power) - Jun 2026: AWIA RRA re-certification (Water) - 2026: Updated HIPAA Security Rule (Healthcare) - Dec 2026: AWIA ERP update deadline (Water) - Jan 2027: New York OT cybersecurity regulations (Multi-sector) - 2025-2028: CMMC 2.0 Level 2 rollout (Defense supply chain) --- ## Resilience vs. Defense **Two approaches. Both necessary. One gets more attention than the other.** ### Defense Focus - Detection systems - Continuous monitoring - Asset discovery tools - Vulnerability scanning - "How do we stop the attack?" - 20 years of market investment - Vendor ecosystem focus ### Resilience Focus - Function continuity planning - Recovery capability - Consequence management - Graceful degradation - "How do we maintain function despite the attack?" - What the research community prioritizes - Operational resilience **This isn't our opinion.** It's where the research community landed years ago: - **Idaho National Lab's CCE (Consequence-driven Cyber-informed Engineering) methodology** - **NIST SP 800-160 Vol. 2** - Engineering Trustworthy Secure Systems - **PPD-21** - Critical Infrastructure Security and Resilience These frameworks acknowledge that organizations targeted by advanced adversaries **will** be compromised. The question isn't "if" but "when" and "how do we respond." Resilience is what happens next. --- ## Industrial Security Whitepapers **URL:** https://cabreza.com/whitepapers Data-driven insights into the gaps between where OT security is and where it needs to be. Free downloads with company email registration. ### The Gap Between Detection and Resilience in OT Security **Categories:** Resilience, Detection **Key Insight:** 19% of incidents take over a month to remediate Detection is working. Recovery isn't keeping pace. This whitepaper examines why the 19% of incidents that take over a month to remediate represent one of the most significant blind spots in industrial security today. Explores the investment gap between detection tools and response capabilities, and provides frameworks for building resilience alongside visibility. ### The OT Talent Crisis and Knowledge Gap **Categories:** Workforce, Training **Key Insight:** 52.6% of workforce has <5 years experience Over half of the OT security workforce has been in the field for five years or less. Organizations recognize people as their greatest risk, yet invest half as much in workforce development as technology. This whitepaper analyzes the talent crisis, the certification gap, and practical strategies for building human capability alongside technical controls. ### Regulatory Landscape Evolution in OT Security **Categories:** Compliance, Regulations **Key Insight:** Post-Colonial Pipeline regulatory surge Colonial Pipeline changed everything. Within months: TSA Security Directives, NIS2, maritime cyber requirements. This whitepaper maps the new regulatory terrain across NIS2, TSA, MTSA, NERC CIP, and IEC 62443—and examines whether compliance actually produces security outcomes. ### The Process Improvement Gap in Industrial Security **Categories:** Process, Governance **Key Insight:** Process improvement ranks 8th in OT investment at 31% Process improvement ranks 8th in OT security investment at just 31%. Only 17% invest in tabletop exercises. The result: organizations that can see problems but lack the machinery to solve them. This whitepaper examines why organizations can detect problems but struggle to solve them, and how to build the operational processes that convert visibility into outcomes. ### IT/OT Convergence: Security Implications **Categories:** Convergence, Network Security **Key Insight:** 70% of OT incidents originate from IT networks The air gap is dead. 70% of OT incidents originated from IT. When ransomware reaches OT, 75% cause partial shutdown, 25% cause full shutdown. This whitepaper examines the attack path adversaries exploit most frequently—and the segmentation strategies that actually reduce risk. ### The Business Case for OT Resilience **Categories:** Business Case, ROI **Key Insight:** Manufacturing downtime costs $50,000-$125,000/hour Manufacturing downtime costs $50,000-$125,000/hour median. Average OT incident costs $2.8M. This whitepaper quantifies the ROI of resilience investments and provides frameworks for making the case to leadership. Includes cost models, risk quantification approaches, and executive communication templates. **All whitepapers available at:** https://cabreza.com/whitepapers --- ## Industries Served - Detailed ### Automotive Manufacturing **Primary Focus:** Industry 4.0 Security **Compliance:** Production security, supply chain requirements **Key Challenges:** - Just-in-time production protection (downtime costs $22,000/minute) - Robot and automation security - Supplier network security (65% show insecure remote access) - Electric vehicle considerations **How Cabreza Helps:** - Production system security programs - Automation security documentation - Supplier security requirements - EV manufacturing security planning --- ### Chemical Processing **Primary Focus:** Safety-Security Integration **Compliance:** ISA/IEC 62443, CFATS, PSM **Key Challenges:** - 50% surge in ransomware attacks targeting chemical sector - Safety-security integration requirements - Process safety system protection - Environmental compliance intersection - Contractor and vendor access management **How Cabreza Helps:** - ISA/IEC 62443 zone and conduit documentation - Safety instrumented system (SIS) security policies - Contractor security requirements - Incident response integrating safety protocols - Legacy DCS protection (1980s–1990s systems) --- ### Defense & Space Manufacturing **Primary Focus:** CMMC 2.0 Compliance **Compliance:** CMMC 2.0, NIST SP 800-171, DFARS, ITAR **Key Challenges:** - CMMC 2.0 Level 2 certification by 2028 deadline - 110 NIST SP 800-171 controls implementation - ITAR compliance with cybersecurity - Multi-tier supply chain security - Legacy MES and SCADA protection - Nation-state threats targeting manufacturing systems **How Cabreza Helps:** - CMMC-aligned documentation generation - SSP (System Security Plan) creation - POA&M (Plan of Action & Milestones) management - Supplier security assessment automation - CUI protection procedures --- ### Electric Utilities & Power **Primary Focus:** NERC CIP Compliance **Compliance:** NERC CIP, IEEE standards **Key Challenges:** - Bulk Electric System (BES) protection requirements - Medium/low impact asset management - Evidence collection for audits - Generation vs. transmission requirements - IT/OT convergence (75% of breaches originate in IT) **How Cabreza Helps:** - NERC CIP evidence preparation - Reliability standard mapping - Control center security documentation - Substation cybersecurity procedures - Continuous compliance tracking --- ### Food & Beverage **Primary Focus:** Production Continuity **Compliance:** FDA FSMA 204, NIS2, food safety requirements **Key Challenges:** - Doubled ransomware incidents in sector - Food safety-cybersecurity intersection - Production continuity requirements ($ 1M+ per hour downtime for perishable products) - Supply chain traceability - Multi-site consistency **How Cabreza Helps:** - FSMA-integrated cybersecurity documentation - Production system security procedures - Traceability system protection - Site-level security programs - NIS2 Important Entity compliance --- ### Medical Equipment Manufacturing **Primary Focus:** FDA Cybersecurity Compliance **Compliance:** FDA Section 524B, ISO 13485:2016, EU MDR **Key Challenges:** - Premarket cybersecurity documentation - Postmarket vulnerability management - Patient safety integration - Regulatory submission preparation - Clean room control system security - 10–20 year device lifecycle requirements **How Cabreza Helps:** - FDA-compliant SBOM documentation - Threat modeling for medical devices - Vulnerability disclosure program documentation - Premarket submission content generation - ISO 13485:2016 quality management integration --- ### Semiconductor Manufacturing **Primary Focus:** National Security & IP Protection **Compliance:** SEMI E187/E188, CHIPS Act requirements, Japan OT Security Guidelines **Key Challenges:** - Nation-state APT attacks (Security Level 4 threats) - Fab security without impacting yield - Equipment vendor management - Intellectual property protection - Clean room network segmentation **How Cabreza Helps:** - SEMI standard-aligned security documentation - Equipment security specifications - Network architecture documentation - Incident response planning for fab environments - CHIPS Act cybersecurity requirement compliance --- ### Maritime & Ports **Primary Focus:** MTSA Compliance **Compliance:** MTSA, IMO guidelines **Key Challenges:** - July 2025 MTSA cybersecurity requirements - Port operations security - Vessel-shore interface protection - Cargo handling automation - International coordination **How Cabreza Helps:** - MTSA compliance documentation - Port facility security plans - Vessel cybersecurity guidance - Terminal automation security - Smart port infrastructure protection --- ### Mining Operations **Primary Focus:** Remote Operations Security **Compliance:** Operational safety, regional requirements, Bill C-26 (Canada) **Key Challenges:** - 450% quarter-over-quarter ransomware surge in sector - Remote site connectivity - Heavy equipment system security - Environmental monitoring protection - Worker safety system integrity - Harsh environment constraints (Arctic conditions) **How Cabreza Helps:** - Remote site security programs - Autonomous equipment security (haulage systems) - Environmental system protection - Safety-integrated security procedures - Satellite communication security --- ### Oil & Gas **Primary Focus:** TSA Security Directives **Compliance:** API 1164, TSA Pipeline Security Directives **Key Challenges:** - 935% increase in attacks targeting sector - Pipeline SCADA security - Remote site protection - Upstream/midstream/downstream diversity - Colonial Pipeline-era regulatory requirements **How Cabreza Helps:** - TSA Security Directive compliance documentation - Annual Cybersecurity Assessment Plans - Pipeline cybersecurity program development - Remote site security procedures - Incident response for pipeline operations - Offshore platform security --- ### Transportation & Logistics **Primary Focus:** NIS2 Compliance **Compliance:** TSA Rail/Aviation Security Directives, NIS2 **Key Challenges:** - 108 ransomware incidents per quarter - Distributed infrastructure - Passenger/cargo safety requirements - Real-time operations protection - Multi-modal complexity - TMS and fleet telematics security **How Cabreza Helps:** - TSA Security Directive compliance - NIS2 essential sector compliance - Operations center security - Fleet management protection - Incident response for transportation - Federally mandated ELD vulnerability management --- ### Water & Wastewater **Primary Focus:** EPA Enforcement **Compliance:** EPA AWIA, state requirements **Key Challenges:** - EPA cybersecurity enforcement initiatives - 152,000 U.S. water systems (mostly small utilities) - Limited security resources - Critical public health responsibility - SCADA system security - Chemical dosing system protection **How Cabreza Helps:** - AWIA risk assessment documentation - Emergency response planning - SCADA security procedures - Resource-appropriate security programs for small utilities - PLC protection for pump stations - RTU management protocols for dispersed assets --- ## Standards, Regulations & Frameworks (SURFS) **Three terms that get used interchangeably. They're not the same thing.** ### Standards **Definition:** Voluntary technical specifications that define HOW to implement controls. Best practices, not mandatory requirements. **Characteristics:** - Developed by industry bodies or technical committees - Consensus-driven - Optional adoption - Technical implementation guidance **Examples:** - ISA/IEC 62443 (industrial automation and control systems) - API 1164 (pipeline SCADA security) - IEEE 1686 (intelligent electronic devices) - SEMI E187/E188 (semiconductor manufacturing) ### Regulations **Definition:** Mandatory legal requirements that define WHAT you must do. Enforced with penalties. **Characteristics:** - Government-issued - Legally binding - Penalties for non-compliance - Periodic audits and assessments **Examples:** - NERC CIP (electric reliability) - NIS2 (EU critical infrastructure) - TSA Security Directives (transportation/pipeline) - MTSA (maritime security) - FDA Section 524B (medical device cybersecurity) ### Frameworks **Definition:** Flexible guidance models that define STRUCTURE for security programs. Implementation left to you. **Characteristics:** - Adaptable to different contexts - Risk-based approach - Not prescriptive - Outcome-focused **Examples:** - NIST CSF 2.0 (Cybersecurity Framework) - NIST SP 800-82 (ICS Security Guide) - NIST SP 800-160 (Systems Security Engineering) ### Why This Matters **Using the wrong approach wastes resources:** - Treating a framework like a regulation means over-engineering - Treating a regulation like a suggestion means fines and operational failures - Confusing standards with regulations leads to misallocated compliance budgets **Cabreza maps content to all three:** - Standards: Technical implementation guidance - Regulations: Compliance documentation and evidence - Frameworks: Program structure and risk management --- ## Leadership Team - Full Biographies ### Jason Rivera - Co-Founder & CEO Jason is an experienced and innovative cyber security professional with more than a decade of cyber security experience ranging from SOC and defensive engineering to architecture and market analysis. Jason worked his first ransomware incident in 2018, helping to remediate Locky 2.0 and return a pharma manufacturing site back to operations. He has spent most of his cyber security career in industrial OT security across multiple industrial sectors and Fortune 10, 500, and 2000 organizations. As a consulting Partner with Security Risk Advisors, he developed and managed the CPS/OT Security practice, performing service and business development, thought and team leadership, and partner relationships for 5 years before exiting. After a successful consulting career, Jason joined Gartner's Cyber-Physical Systems security cohort where he performed strategy, product, and market analysis while contributing to the inaugural CPS Magic Quadrant. Jason is also an OT security leader, member, and contributor. He's an s4x26 selected speaker (https://s4xevents.com/) and frequent contributor to media publications. **Contact:** - Email: jason@cabreza.com - LinkedIn: https://www.linkedin.com/in/jasonrivera/ --- ### Marcello Delcaro - Co-Founder & CTO Marcello is a cybersecurity architect and engineer with over six years of experience in software supply chain security and OT systems, specializing in binary analysis, vulnerability research, and scalable security infrastructure for critical systems. Early in his career, Marcello tackled a critical malware detection challenge for industrial customers. Through creative partnership and system redesign, he transformed a bottleneck into a scalable solution that became essential for incident response across energy, manufacturing, food & beverage, and critical infrastructure. Marcello has spent his career building secure systems for OT environments across several Fortune 500 companies. He's worked at the intersection of technical architecture, customer success, and product development—leading technical sales, managing integrations, and designing core infrastructure for software supply chain security platforms. As CTO of Cabreza, Marcello brings his technical expertise and understanding of operational security challenges to make OT security programs accessible to organizations of any size. His architectural vision combines practical tools with the security-first design that critical infrastructure companies require. **Contact:** - Email: marcello@cabreza.com - LinkedIn: https://www.linkedin.com/in/marcellodelcaro/ --- ## Advisory Board - Full Biographies ### Edison Alvarez **Role:** MedTech Security Strategy | Product, Regulatory Expert **Current:** Becton Dickinson | **Former:** Siemens Healthcare Edison Alvarez is a highly experienced leader in medical device cybersecurity and regulatory strategic planning, with a strong background in portfolio and product management. Edison has held several senior roles where he has led program development, medical device cybersecurity policies, and compliance frameworks that meet increasingly complex global requirements and customer expectations. He is also an accomplished leader managing global teams supporting organizational-wide programs. He has collaborated with key strategic industry partners such as the FDA, Healthcare Sector Coordinating Council, and UL to influence product security advancements for the medical device industry. In addition, he is a tenured speaker, leading discussions for AdvaMed Cybersecurity Summit, International Medical Device Regulators Forum (IMDRF), and Medical Device Innovation Consortium (MDIC). He holds an Executive MBA from Fairleigh Dickinson and a B.S. in Business Administration from Centenary University. --- ### Danielle Jablanski **Role:** OT Security SME | Strategy Lead | Professor | Fellow **Current:** STV Inc., Dallas College, Atlantic Council | **Former:** CISA, Nozomi Danielle Jablanski is a nonresident fellow with the Cyber Statecraft Initiative, part of the Atlantic Council Tech Programs, and an OT/ICS Security SME & Strategy Lead for CISA. Jablanski serves as a staff and advisory board member of the nonprofit organization Building Cyber Security, leading cyber-physical standards development, education, certifications, and labeling authority to advance physical security, safety, and privacy in the public and private sectors. Since January 2022, Jablanski has also served as the president of the North Texas Section of the International Society of Automation, organizing monthly member meetings, training, and community engagements. She is also a member of the Cybersecurity Apprenticeship Advisory Taskforce with the Building Apprenticeship Systems in Cybersecurity Program sponsored by the US Department of Labor. She holds a master's degree in international security from the Josef Korbel School of International Studies at the University of Denver and a bachelor's degree in political science from the University of Missouri–Columbia. --- ### Robert Caldwell **Role:** OT Security Solutions | Services | Architecture **Current:** Raytheon | **Former:** Mandiant, GE Energy Rob leads the Cyber Centers of Expertise at RTX, which are focused on OT Cyber, Cloud Cyber, and Application Security. Prior to joining RTX, Rob led the OT group at Mandiant (part of Google Cloud), responsible for incident response, managed detection, and consulting services. His team was involved in many of the notable OT breaches, gaining unique experience and perspective. Previously, he was the Chief Security Architect for GE Digital Energy Software and had started his career with United Space Alliance at Kennedy Space Center. --- ### Vivek Ponnada **Role:** OT Security Solutions | Growth | Strategy | Sales **Current:** Frenos | **Former:** Nozomi, GE Vivek Ponnada is a cybersecurity leader with over 15 years of experience in OT security, ICS protection, and industrial cybersecurity solutions. He has held senior roles at leading OT security vendors and industrial companies, focusing on solution development, go-to-market strategy, and enterprise sales. --- ### Ron Brash **Role:** OT Security Research | Innovation **Current:** aDolus | **Former:** Verve Ron Brash is a recognized expert in OT security research and innovation, with deep experience in vulnerability research, threat intelligence, and security tool development for industrial environments. He has contributed to numerous industry publications and speaks regularly at ICS security conferences. --- ### Christian Baumgartner **Role:** Automation Engineering | OT Operations **Current:** Cabreza Switzerland Christian Baumgartner brings decades of experience in industrial automation engineering and OT operations, providing practical operational perspective to Cabreza's product development. --- ### Mike Tetto **Role:** Enterprise Cyber Security Strategy **Current:** Eli Lilly Mike Tetto leads enterprise cybersecurity strategy at one of the world's largest pharmaceutical companies, bringing Fortune 100 security program experience to Cabreza's advisory board. --- ### George Kamide **Role:** Security Product Marketing **Current:** Tenable | **Former:** Claroty, Google George Kamide is a security product marketing leader with experience at leading OT security and enterprise security vendors. --- ## Contact Information **Sales Inquiries:** - Email: sales@cabreza.com - Demo Booking: https://calendar.app.google/vnGaVchwM44Qr2Jz9 **General Contact:** - Email: jason@cabreza.com - Website: https://cabreza.com **Social Media:** - LinkedIn: https://www.linkedin.com/company/cabreza - Twitter: @Cabreza **Legal:** - Terms of Service: https://cabreza.com/terms - Privacy Policy: https://cabreza.com/privacy - Cookie Policy: https://cabreza.com/cookies - EULA: https://cabreza.com/eula - License Agreement: https://cabreza.com/license --- ## Frequently Asked Questions **Q: What makes Cabreza different from generic AI tools like ChatGPT?** A: Cabreza is purpose-built for OT security with deep domain expertise. Our tools understand operational technology environments, compliance frameworks, and the unique challenges of industrial security programs. Generic AI tools lack this domain expertise and often produce content that doesn't meet the specific requirements of industrial security programs. **Q: Can I use Cabreza for classified environments?** A: Cabreza is designed for unclassified environments. For CMMC and CUI requirements, we help generate compliant documentation for systems handling controlled unclassified information. Contact us to discuss specific requirements. **Q: How does pricing work for asset owners vs. agencies?** A: Asset owner licenses are for organizations protecting their own infrastructure. Agency licenses are for consultants, MSSPs, and security service providers who serve multiple clients. Agency licenses include features like multi-client management and white-labeling. **Q: Is my data safe with Cabreza?** A: Yes. We follow security-first design principles, use industry-standard encryption, and minimize data collection. Redaction Studio operates entirely client-side—your sensitive data never leaves your browser. **Q: What compliance frameworks does Cabreza support?** A: We support NIST CSF 2.0, NIST SP 800-171, ISA/IEC 62443, NERC CIP, FDA cybersecurity guidance, TSA Security Directives, SEMI E187/E188, ISO 13485, API standards, EPA AWIA, CMMC, NIS2, MTSA, and more. Contact us if you need a framework not listed. **Q: Can Cabreza help with audit preparation?** A: Yes. Command generates audit-ready documentation and helps organize evidence and track compliance status. Many customers use Cabreza specifically for audit preparation. **Q: Why focus on resilience instead of defense?** A: Research from Idaho National Lab, NIST, and government agencies shows that advanced adversaries will eventually compromise systems. Defense is necessary but insufficient. Resilience ensures operations continue during and after an incident. We focus on the work that keeps operations running when defense fails. --- *Last updated: April 2026* *Cabreza, Inc. — Your Access To OT Cybersecurity Capabilities.*