As SCYTHE looks boldly ahead into the new year, the Unicorns welcome the expertise of Megan Samford to the Advisory Council. Her accomplished security background, Master’s degree in Public Administration, and strong presence on numerous security boards are some of her many accomplishments in our community. Megan brings a diverse and unique perspective to the team. She has served on numerous boards, and is currently leading the Command System for Industrial Control Systems (ICS4ICS) effort that aims to make avenues for assistance between organizations and develop a common language for cyber incident response.
Samford, a Leading woman in the Security space, is the first female to earn the title of Chief Product Security Officer (CPSO), without first holding the role of CISO. This alone speaks to her leadership, and we celebrate that accomplishment as we welcome her to the herd.
Megan Samford, VP, Chief Product Security Officer (CPSO) for Energy Management at Schneider Electric, is a security executive with focus on industrial control systems security, critical infrastructure protection, and risk analysis. In her role at Schneider Electric, Megan is responsible for driving the product security strategy and program for Schneider Electric’s Energy Management business. During this time, Megan became the first female CPSO for a major industrial company without first being a CISO, and is currently the only female CPSO in this space. This is a huge achievement for women in industrial control systems security.
Prior to Schneider Electric, Megan was the Global Director of Product Safety and Security for Rockwell Automation, Product Security Leader for GE Global Research and lead for the GE Product Security Incident Response Team. While working in the public sector, she served as the Commonwealth of Virginia’s Critical Infrastructure Protection Coordinator within the Governor’s Offices of Tim Kaine and Bob McDonnell.
Megan brings a unique perspective to the security community, based on her diverse security background, with an interest in utilizing proven concepts from traditional critical infrastructure protection and emergency management foundations, such as Incident Command System and preparedness, and applying those to cyber, in particular for industrial control systems incident response. She is currently leading a community-driven effort, known as Incident Command System for Industrial Control Systems (ICS4ICS,) which seeks to establish a common language for responding to cyber incidents and provide avenues for mutual assistance between organizations.
Megan has served on numerous boards including Virginia Commonwealth University’s School of Electrical and Computer Engineering (ECE), Security Analysis and Risk Management Association (SARMA) Department of Homeland Security’s Control Systems Security Working Group (CSWG), Trusted Computing Group (TCG), and Virginia Aviation Security Advisory Council (VASAC). She is also a returning 2020 Program Chair for the RSA Conference, “Secure All The Things” track.
She holds a bachelor’s degree in homeland security and emergency preparedness as well as a master’s in public administration, both from Virginia Commonwealth University.