Stephen J. Hilt

~/resume

Stephen Joseph Hilt II

Principal Threat Researcher

ICS Security · Reverse Engineering · Cybercrime Intelligence

Research lead securing industrial control systems (ICS) and critical infrastructure. 10+ years tracking cybercrime and state-aligned operations; published author and frequent speaker. Skilled in protocol fuzzing, RF analysis, campaign attribution, and takedown support.

experience

Principal Threat Researcher

TrendAI Mar 2026 — Present
  • Lead cybercrime and underground researcher, driving investigations into threat actors, illicit markets, and emerging criminal operations.
  • Drive strategic threat intelligence initiatives across ICS/OT and critical infrastructure.
  • Mentor and guide research teams on threat analysis and campaign attribution.
  • Author of reports; frequent conference speaker. See publications.

Sr. Threat Researcher

TrendAI Apr 2015 — Mar 2026
  • Lead research on cybercrime, state-aligned ops, and emerging threats.
  • Design, deploy, and monitor distributed honeypots.
  • RF technologies research for ICS/OT detections and investigations.
  • Author of reports; frequent conference speaker. See publications.

ICS Security Consultant

Digital Bond Inc. Apr 2013 — Apr 2015
  • Led control-system security assessments and gray/black box engagements.
  • Built ICS-focused Nmap scripts: ENIP-info, S7-info, BACnet-info.
  • Protocol fuzzing (Python/Ruby); S4x14 “PLCPwn”.
  • RF assessments (GNU Radio, KillerBee, RFCat); custom Nessus audits; DerbyCon 4.0; S4x15 ICS CTF.

Senior Information Security Specialist

Tennessee Valley AuthorityMar 2009 — Apr 2013
  • Implemented & maintained Tenable SecurityCenter across IT/OT.
  • Led control-systems assessments & penetration tests; regulatory testing (FISMA, NERC).
  • Presenter, ICS Joint Working Group (2010); scenario developer for DHS CyberStorm III & GridEx.
  • NERC CIP SME (CIP-005/007); held US Secret clearance.

Real-time Process Systems Specialist

TVAAug 2006 — Mar 2009
  • Designed OSPF; managed control-system networks; SSL VPN; RSA SecurID.
  • Cisco PIX/ASA/WLC; routing & switching; CA Spectrum; Cisco ACS.
  • Nessus & IBM AppScan vulnerability testing (IT + OT).
  • National SCADA Test Bed — advanced Red Team training.

Systems Administrator

SIU–Carbondale (Curriculum & Instruction)Aug 2004 — May 2006
  • Administered SUSE/Red Hat, macOS Server (Panther/Tiger), and Windows Server 2003.
  • Managed Mac labs and departmental core services.