Author

 Steven Paul Romero
LinkedIn
RSS
E-Mail

Profile of Steven Paul Romero

SANS Instructor and Sr. SCADA Network Engineer, Chevron
Member Since: 10/30/2018
Author
News & Commentary Posts: 1
Comments: 1

A native Houstonian and proud Texan by birth, Steven's cultural and technical roots are naturally and irreversibly intertwined within the oil and gas industry. His range of operations, engineering, and major capital project experience spans multiple sectors within this very diverse energy vertical.

Professionally, Steven's 22-year career inside engineering offices, operations centers, control rooms, refineries, chemical plants, shipyards, ports, as well as onshore and offshore oil and gas production facilities around the world provide him with a unique perspective concerning society's fundamental dependency upon resilient critical infrastructure. This insight gives Steven a deep appreciation and love for the culture that defines oil and gas, and a thorough understanding of the stringent requirements by which organizations must adhere to ensure safe, reliable, and secure operations under very unforgiving and harsh environmental conditions.

Steven blends information security risk management, industrial control systems (ICS) engineering, safety instrumented systems (SIS) engineering, SCADA infrastructure engineering, maritime navigation and communications facilities installation, terrestrial and wireless telephony design, and management of core IT infrastructure services for the largest oil and gas organizations in the world into an interesting package focused on safety, security and resiliency.

Articles by Steven Paul Romero
Microsoft President: Governments Must Cooperate on Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/8/2018
5 Reasons Why Threat Intelligence Doesn't Work
Jonathan Zhang, CEO/Founder of WhoisXML API and TIP,  11/7/2018
Why Password Management and Security Strategies Fall Short
Steve Zurier, Freelance Writer,  11/7/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-6260
PUBLISHED: 2018-11-13
NVIDIA graphics driver contains a vulnerability that may allow access to application data processed on the GPU through a side channel exposed by the GPU performance counters. Local user access is required. This is not a network or remote attack vector.
CVE-2018-16850
PUBLISHED: 2018-11-13
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.
CVE-2018-17187
PUBLISHED: 2018-11-13
The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl(...)' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with options...
CVE-2018-1792
PUBLISHED: 2018-11-13
IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947.
CVE-2018-1808
PUBLISHED: 2018-11-13
IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. IBM X-Force ID: 149828.