# Cabreza - Complete Reference > AI-native ICS/OT security and cyber resilience solutions for industrial security teams This is the extended version of llms.txt with comprehensive details about Cabreza, our products, team, and capabilities. For a shorter summary, see https://cabreza.com/llms.txt --- ## Company Overview Cabreza, Inc. is an AI-native ICS/OT security and cyber resilience company founded in 2024. We develop purpose-built solutions that help industrial security teams protect critical infrastructure, generate security content, and build resilient programs. **Mission:** Enable industrial organizations of any size to build and maintain world-class OT security programs through AI-native tools and deep domain expertise. **Vision:** A future where every industrial organization has access to the security expertise and tools needed to protect critical infrastructure and ensure operational continuity. **Core Values:** - Precision over volume — Quality content that meets real needs - Practitioner-built — Created by people who've done the work - Cyber resilience — Security that enables operations, not just protects them - Accessibility — Enterprise-grade capabilities for organizations of any size --- ## Products - Detailed ### Compose: AI-Native Security Content Generation **Product URL:** https://cabreza.com/compose **What is Compose?** Compose is an AI-native content generation platform specifically designed for ICS/OT security teams. Unlike generic AI tools, Compose understands operational technology environments, compliance requirements, and the unique challenges of industrial cybersecurity. **The 8-Step Guided Workflow:** 1. **Document Type Selection** - Choose from policies, procedures, playbooks, briefings, assessments, or custom documents 2. **Industry Context** - Select your sector for relevant framework alignment (Defense, Medical, Energy, etc.) 3. **Framework Alignment** - Map to applicable standards (NIST, ISA/IEC 62443, NERC CIP, FDA, etc.) 4. **Organizational Context** - Input your specific environment details, assets, and constraints 5. **Audience Selection** - Target content for executives, technical staff, operators, or regulators 6. **Content Generation** - AI generates expert-grade content based on your inputs 7. **Inline Editing** - Refine and customize generated content with AI assistance 8. **Export & Delivery** - Download in Word, PDF, or Markdown format **Key Features:** - **Redaction Studio Integration:** Remove sensitive information before processing. 100% client-side—data never leaves your browser. - **Multi-Format Export:** Generate content in Microsoft Word, PDF, or Markdown for maximum flexibility. - **Framework Alignment:** Automatic mapping to CMMC, FDA 524B, ISA/IEC 62443, NERC CIP, SEMI E187/E188, and more. - **Inline Editing:** AI-assisted editing for refinement after generation. - **Content Library:** Access pre-built templates and frameworks as starting points. - **Version Control:** Track changes and maintain document history. **Supported Document Types:** - Security Policies (acceptable use, access control, incident response, etc.) - Standard Operating Procedures (SOPs) - Incident Response Playbooks - Executive Briefings and Board Reports - Risk Assessments - Vendor Security Questionnaire Responses - Compliance Documentation - Security Architecture Documents - Training Materials - Audit Preparation Documents **Pricing - Asset Owner Licenses:** | Tier | Monthly | Yearly | Savings | |------|---------|--------|---------| | Individual | $150/month | $1,500/year | 2 months free | | Team (min 3 seats) | $100/seat/month | $1,000/seat/year | 2 months free per seat | | Enterprise | Contact sales | Contact sales | Custom terms | **Asset Owner License Benefits:** - Full access to all content types - Complete standards library - Email support (Individual), Priority support (Team), 24/7 support (Enterprise) - Custom training sessions (Team+) - Dedicated success manager (Enterprise) - Regulatory compliance assistance (Enterprise) **Pricing - Agency Licenses (Consultants & MSSPs):** | Tier | Pricing | Description | |------|---------|-------------| | Individual | Contact sales | Independent consultants | | Team | Contact sales | Small consulting teams (up to 3 users) | | Practice | Contact sales | Security practices (up to 20 users) | | Enterprise | Contact sales | Agencies and MSSPs (unlimited users) | **Agency License Benefits:** - Multi-client support - Client portal access (Practice+) - Custom branding options (Practice+) - White-label capabilities (Enterprise) - Dedicated account manager (Enterprise) --- ### Signal: AI-Native Cyber Resilience Workspace **Product URL:** https://cabreza.com/signal **What is Signal?** Signal is the AI-native cyber resilience platform for ICS/OT security programs. It transforms scattered security workflows into a unified, intelligent workspace that generates documentation, translates content for every audience, and keeps everything in sync as your environment changes. **Core Capabilities:** 1. **Unified Security Workspace** - Single source of truth for your security program - Integrated risk register, asset inventory, and compliance tracking - Real-time status across all security domains 2. **Living Knowledge Base** - Automatically updates as your environment changes - Captures institutional knowledge - AI-powered search and retrieval 3. **Audience-Aware Translation** - Generate board-ready summaries from technical details - Create operator-friendly procedures from policy documents - Translate compliance requirements into actionable tasks 4. **Compliance Automation** - Framework mapping and gap analysis - Evidence collection and organization - Audit preparation assistance 5. **Cyber Resilience Planning** - Incident response coordination - Business continuity integration - Recovery planning and documentation **Key Differentiators:** - Designed specifically for OT environments - Understands the operational context of industrial security - Bridges the gap between IT security tools and OT realities - Focus on resilience, not just protection --- ### Redaction Studio: Free Document Redaction **Product URL:** https://cabreza.com/redaction-studio **What is Redaction Studio?** A free, browser-based document redaction tool that prepares sensitive documents for AI processing by removing PII, IP addresses, and proprietary information. **Key Features:** - 100% client-side processing—your data never leaves your device - No account required - Supports common document formats - Pattern-based and manual redaction options - Completely free, forever **Use Cases:** - Prepare documents before using external AI tools - Remove sensitive information for vendor sharing - Anonymize documents for training purposes - Comply with data protection requirements --- ## Industries Served - Detailed ### Defense & Space Manufacturing **Compliance Focus:** CMMC 2.0, NIST SP 800-171, DFARS **Key Challenges:** - Protecting controlled unclassified information (CUI) - Meeting contractor security requirements - Supply chain security - Classified system integration **How Cabreza Helps:** - CMMC-aligned documentation generation - SSP (System Security Plan) creation - POA&M (Plan of Action & Milestones) management - Supplier security assessment automation --- ### Medical Equipment Manufacturing **Compliance Focus:** FDA Section 524B, ISO 13485:2016, EU MDR **Key Challenges:** - Premarket cybersecurity documentation - Postmarket vulnerability management - Patient safety integration - Regulatory submission preparation **How Cabreza Helps:** - FDA-compliant SBOM documentation - Threat modeling for medical devices - Vulnerability disclosure program documentation - Premarket submission content generation --- ### Semiconductor Manufacturing **Compliance Focus:** SEMI E187, SEMI E188 **Key Challenges:** - Fab security without impacting yield - Equipment vendor management - Intellectual property protection - Clean room network segmentation **How Cabreza Helps:** - SEMI standard-aligned security documentation - Equipment security specifications - Network architecture documentation - Incident response planning for fab environments --- ### Chemical Processing **Compliance Focus:** ISA/IEC 62443, CFATS, PSM **Key Challenges:** - Safety-security integration - Process safety system protection - Environmental compliance intersection - Contractor and vendor access **How Cabreza Helps:** - ISA/IEC 62443 zone and conduit documentation - Safety instrumented system (SIS) security policies - Contractor security requirements - Incident response integrating safety protocols --- ### Oil & Gas **Compliance Focus:** API 1164, TSA Pipeline Security Directives **Key Challenges:** - Pipeline SCADA security - Remote site protection - Upstream/midstream/downstream diversity - Colonial Pipeline-era regulatory requirements **How Cabreza Helps:** - TSA Security Directive compliance documentation - Pipeline cybersecurity program development - Remote site security procedures - Incident response for pipeline operations --- ### Electric Power **Compliance Focus:** NERC CIP, IEEE standards **Key Challenges:** - Bulk Electric System (BES) protection - Medium/low impact asset management - Evidence collection for audits - Generation vs. transmission requirements **How Cabreza Helps:** - NERC CIP evidence preparation - Reliability standard mapping - Control center security documentation - Substation cybersecurity procedures --- ### Water & Wastewater **Compliance Focus:** EPA AWIA, state requirements **Key Challenges:** - Limited security resources - Critical public health responsibility - SCADA system security - Small utility constraints **How Cabreza Helps:** - AWIA risk assessment documentation - Emergency response planning - SCADA security procedures - Resource-appropriate security programs --- ### Food & Beverage **Compliance Focus:** FDA FSMA 204, food safety requirements **Key Challenges:** - Food safety-cybersecurity intersection - Production continuity requirements - Supply chain traceability - Multi-site consistency **How Cabreza Helps:** - FSMA-integrated cybersecurity documentation - Production system security procedures - Traceability system protection - Site-level security programs --- ### Mining Operations **Compliance Focus:** Operational safety, regional requirements **Key Challenges:** - Remote site connectivity - Heavy equipment system security - Environmental monitoring protection - Worker safety system integrity **How Cabreza Helps:** - Remote site security programs - Autonomous equipment security - Environmental system protection - Safety-integrated security procedures --- ### Transportation & Logistics **Compliance Focus:** TSA Rail/Aviation Security Directives **Key Challenges:** - Distributed infrastructure - Passenger/cargo safety requirements - Real-time operations protection - Multi-modal complexity **How Cabreza Helps:** - TSA Security Directive compliance - Operations center security - Fleet management protection - Incident response for transportation --- ### Automotive Manufacturing **Compliance Focus:** Production security, supply chain requirements **Key Challenges:** - Just-in-time production protection - Robot and automation security - Supplier network security - Electric vehicle considerations **How Cabreza Helps:** - Production system security programs - Automation security documentation - Supplier security requirements - EV manufacturing security planning --- ### Maritime & Ports **Compliance Focus:** MTSA, IMO guidelines **Key Challenges:** - Port operations security - Vessel-shore interface - Cargo handling automation - International coordination **How Cabreza Helps:** - MTSA compliance documentation - Port facility security plans - Vessel cybersecurity guidance - Terminal automation security --- ## Leadership Team - Full Biographies ### Jason Rivera - Co-Founder & CEO Jason is an experienced and innovative cyber security professional with more than a decade of cyber security experience ranging from SOC and defensive engineering to architecture and market analysis. Jason worked his first ransomware incident in 2018, helping to remediate Locky 2.0 and return a pharma manufacturing site back to operations. He has spent most of his cyber security career in industrial ICS/OT security across multiple industrial sectors and Fortune 10, 500 and 2000. As a consulting Partner with Security Risk Advisors, he developed and managed the CPS/OT Security practice performing service and business development, thought and team leadership and partner relationships for 5 years before exiting. After a successful consulting career, Jason went bigger by joining Gartner's Cyber-Physical Systems security cohort where he performed strategy, product and market analysis while contributing to the inaugural CPS Magic Quadrant. Jason is also an ICS/OT security leader, member and contributor. He's an s4x26 selected speaker (https://s4xevents.com/) and frequent contributor to media publications. **Contact:** - Email: jason@cabreza.com - LinkedIn: https://www.linkedin.com/in/jasonrivera/ --- ### Marcello Delcaro - Co-Founder & CTO Marcello is a cybersecurity architect and engineer with over six years of experience in software supply chain security and ICS/OT systems, specializing in binary analysis, vulnerability research, and scalable security infrastructure for critical systems. Early in his career, Marcello tackled a critical malware detection challenge for industrial customers. Through creative partnership and system redesign, he transformed a bottleneck into a scalable solution that became essential for incident response across energy, manufacturing, food & beverage, and critical infrastructure. Marcello has spent his career building secure systems for ICS/OT environments across several Fortune 500 companies. He's worked at the intersection of technical architecture, customer success, and product development—leading technical sales, managing integrations, and designing core infrastructure for software supply chain security platforms. As CTO of Cabreza, Marcello brings his technical expertise and understanding of operational security challenges to make OT security programs accessible to organizations of any size. His architectural vision combines AI-native content generation with the security-first design that critical infrastructure companies require. **Contact:** - Email: marcello@cabreza.com - LinkedIn: https://www.linkedin.com/in/marcellodelcaro/ --- ## Advisory Board - Full Biographies ### Edison Alvarez **Role:** MedTech Security Strategy | Product, Regulatory Expert **Current:** Becton Dickinson | **Former:** Siemens Healthcare Edison Alvarez is a highly experienced leader in medical device cybersecurity and regulatory strategic planning, with a strong background in portfolio and product management. Edison has held several senior roles where he has led program development, medical device cybersecurity policies, and compliance frameworks that meet increasingly complex global requirements and customer expectations. He is also an accomplished leader managing global teams supporting organizational-wide programs. He has collaborated with key strategic industry partners such as the FDA, Healthcare Sector Coordinating Council, and UL to influence product security advancements for the medical device industry. In addition, he is a tenured speaker, leading discussions for AdvaMed Cybersecurity Summit, International Medical Device Regulators Forum (IMDRF), and Medical Device Innovation Consortium (MDIC). He holds an Executive MBA from Fairleigh Dickinson and a B.S. in Business Administration from Centenary University. --- ### Danielle Jablanski **Role:** OT Security SME | Strategy Lead | Professor | Fellow **Current:** STV Inc., Dallas College, Atlantic Council | **Former:** CISA, Nozomi Danielle Jablanski is a nonresident fellow with the Cyber Statecraft Initiative, part of the Atlantic Council Tech Programs, and an OT/ICS Security SME & Strategy Lead for CISA. Jablanski serves as a staff and advisory board member of the nonprofit organization Building Cyber Security, leading cyber-physical standards development, education, certifications, and labeling authority to advance physical security, safety, and privacy in the public and private sectors. Since January 2022, Jablanski has also served as the president of the North Texas Section of the International Society of Automation, organizing monthly member meetings, training, and community engagements. She is also a member of the Cybersecurity Apprenticeship Advisory Taskforce with the Building Apprenticeship Systems in Cybersecurity Program sponsored by the US Department of Labor. Jablanski has conducted academic and market research on emerging technologies throughout her career. She has independently consulted for the US government and a technology startup on novel technology applications for the military, Department of Defense, and commercial sectors. She began her career with the Stanley Center for Peace and Security evaluating cyber technology impacts to nuclear-weapons policy and use worldwide. Before returning to the world of physical and industrial cybersecurity, Jablanski was a senior research analyst with Guidehouse Insights and spent the two years prior contributing to the creation and development of the Stanford Cyber Policy Center at Stanford University. She holds a master's degree in international security from the Josef Korbel School of International Studies at the University of Denver and a bachelor's degree in political science from the University of Missouri–Columbia. --- ### Robert Caldwell **Role:** OT Security Solutions | Services | Architecture **Current:** Raytheon | **Former:** Mandiant, GE Energy Rob leads the Cyber Centers of Expertise at RTX, which are focused on OT Cyber, Cloud Cyber, and Application Security. Prior to joining RTX, Rob led the OT group at Mandiant (part of Google Cloud), responsible for incident response, managed detection, and consulting services. His team was involved in many of the notable OT breaches, gaining unique experience and perspective. Previously, he was the Chief Security Architect for GE Digital Energy Software and had started his career with United Space Alliance at Kennedy Space Center. --- ### Vivek Ponnada **Role:** OT Security Solutions | Growth | Strategy | Sales **Current:** Frenos | **Former:** Nozomi, GE Vivek Ponnada is a cybersecurity leader with over 15 years of experience in OT security, ICS protection, and industrial cybersecurity solutions. He has held senior roles at leading OT security vendors and industrial companies, focusing on solution development, go-to-market strategy, and enterprise sales. --- ### Ron Brash **Role:** OT Security Research | Innovation **Current:** aDolus | **Former:** Verve Ron Brash is a recognized expert in OT security research and innovation, with deep experience in vulnerability research, threat intelligence, and security tool development for industrial environments. He has contributed to numerous industry publications and speaks regularly at ICS security conferences. --- ### Christian Baumgartner **Role:** Automation Engineering | OT Operations **Current:** Cabreza Switzerland Christian Baumgartner brings decades of experience in industrial automation engineering and OT operations, providing practical operational perspective to Cabreza's product development. --- ### Mike Tetto **Role:** Enterprise Cyber Security Strategy **Current:** Eli Lilly Mike Tetto leads enterprise cybersecurity strategy at one of the world's largest pharmaceutical companies, bringing Fortune 100 security program experience to Cabreza's advisory board. --- ### George Kamide **Role:** Security Product Marketing **Current:** Tenable | **Former:** Claroty, Google George Kamide is a security product marketing leader with experience at leading OT security and enterprise security vendors. --- ## Technical Specifications ### AI Architecture Cabreza products use AI-native architecture, meaning AI is core to the product design rather than bolted on as a feature. Key technical characteristics: - **Domain-specific training:** Models understand ICS/OT security terminology, frameworks, and operational contexts - **Retrieval-augmented generation:** Combines generative AI with authoritative source retrieval - **Security-first design:** Data handling and processing designed for sensitive industrial environments - **Framework embeddings:** Standards and compliance requirements built into the knowledge base ### Security & Privacy - **Client-side processing:** Redaction Studio operates entirely in the browser - **Data minimization:** Only necessary information is processed server-side - **Encryption:** Industry-standard encryption for data in transit and at rest - **Access controls:** Role-based access for team and enterprise deployments - **Compliance:** SOC 2 Type II in progress ### Integration Capabilities - **Export formats:** Microsoft Word (.docx), PDF, Markdown - **API access:** Available for enterprise customers - **SSO:** SAML 2.0 support for enterprise - **Content management:** Integration with document management systems --- ## Contact Information **Sales Inquiries:** - Email: sales@cabreza.com - Demo Booking: https://calendar.app.google/vnGaVchwM44Qr2Jz9 **General Contact:** - Email: jason@cabreza.com - Website: https://cabreza.com **Social Media:** - LinkedIn: https://www.linkedin.com/company/cabreza - Twitter: @Cabreza **Legal:** - Terms of Service: https://cabreza.com/terms - Privacy Policy: https://cabreza.com/privacy - Cookie Policy: https://cabreza.com/cookies - EULA: https://cabreza.com/eula - License Agreement: https://cabreza.com/license-agreement --- ## Frequently Asked Questions **Q: What makes Cabreza different from generic AI tools like ChatGPT?** A: Cabreza is purpose-built for ICS/OT security. Our AI understands operational technology environments, compliance frameworks, and industrial security challenges. Generic AI tools lack this domain expertise and often produce content that doesn't meet the specific requirements of industrial security programs. **Q: Can I use Cabreza for classified environments?** A: Cabreza is designed for unclassified environments. For CMMC and CUI requirements, we help generate compliant documentation for systems handling controlled unclassified information. Contact us to discuss specific requirements. **Q: How does pricing work for asset owners vs. agencies?** A: Asset owner licenses are for organizations protecting their own infrastructure. Agency licenses are for consultants, MSSPs, and security service providers who serve multiple clients. Agency licenses include features like multi-client management and white-labeling. **Q: Is my data safe with Cabreza?** A: Yes. We follow security-first design principles, use industry-standard encryption, and minimize data collection. Redaction Studio operates entirely client-side—your sensitive data never leaves your browser. **Q: What compliance frameworks does Cabreza support?** A: We support NIST CSF 2.0, NIST SP 800-171, ISA/IEC 62443, NERC CIP, FDA cybersecurity guidance, TSA Security Directives, SEMI E187/E188, ISO 13485, API standards, and EPA AWIA. Contact us if you need a framework not listed. **Q: Can Cabreza help with audit preparation?** A: Yes. Compose can generate audit-ready documentation, and Signal helps organize evidence and track compliance status. Many customers use Cabreza specifically for audit preparation. --- *Last updated: December 2025* *Cabreza, Inc. — Building cyber resilience for industrial organizations.*