Emmanuele Zambon

Emmanuele Zambon

Assistant Professor

Eindhoven University of Technology


I am an Assistant Professor at the Security Group of the Eindhoven University of Technology, in the Netherlands. I investigate the security of Industrial Control Systems (ICS) to improve their defense capabilities. My research focuses in the areas of network intrusion detection and incident response. I collaborate with the Eindhoven Security Hub Security Operations Center initiative.

I was one of the three founders of the spin-off SecurityMattters, with the goal of bringing to the market SilentDefense, a platform for network monitoring, asset inventory and network intrusion detection for Industrial Control Systems. At SecurityMatters I served as the CTO, and I was responsible of the company’s R&D.

Download my resumé.

  • Industrial Control System Security
  • Intrusion Detection
  • PhD in Computer Science, 2011

    University of Twente

  • MSc in Computer Science, 2005

    Ca’ Foscari University of Venice

  • BSc in Computer Science, 2002

    Ca’ Foscari University of Venice


Eindhoven University or Technology
Jan 2021 – Present Eindhoven
Forescout Technologies BV
Sr. Director of OT Technology
Nov 2018 – Dec 2020 Eindhoven

Responsibilities include:

  • Senior advisor for product architecture and engineering.
  • Supervision of a team of elite engineers (6 engineers).
  • Network security and operation analysis for top customers.
  • Analysis of Industrial Control System network protocols and vulnerabilities.
  • Product development of OT technology support and of new detection mechanisms.
SecurityMatters BV
Jan 2011 – Nov 2018 Eindhoven

Responsibilities include:

  • Research and engineering of new and cutting edge network monitoring and intrusion detection solutions for Operational Technology networks.
  • Product vision, architecture and design.
  • Analysis of Industrial Control System network protocols and vulnerabilities.
  • Management of the product engineering team (20+ engineers).
  • Network security and operation analysis for customer production environments.
  • Coordinator of activities and tasks within national and international research projects.
University of Twente
Postdoc Researcher (part-time)
Jan 2011 – Sep 2016 Enschede (NL)

Responsibilities include:

  • Principal contributor of several national and EU successful research projects.
  • New EU project proposals
  • Supervision of PhD student
  • OT security research
ValueTeam SpA
IT Consultant
Apr 2005 – Aug 2006 Mestre (IT)
Technical and Architectural consulting, design of distributed architectures for accessing the telephone traffic data of Telecom Italia SpA.
KPMG Italy SpA
IT Security Consultant
Sep 2003 – Sep 2004 Treviso (IT)
Penetration Testing and IT Risk Assessment.

Recent Publications

(2017). ECFI: Asynchronous control flow integrity for programmable logic controllers. In ACSAC2017.


(2017). Stealth Low-Level Manipulation of Programmable Logic Controllers I/O by Pin Control Exploitation. In CRITIS2016.

Cite DOI

(2017). Encryption in ICS networks: A blessing or a curse?. In SmartGridComm2017.


(2017). 𝜇Shield: Configurable Code-Reuse Attacks Mitigation For Embedded Systems. In NSS2017.

Cite Code DOI

(2016). Specification Mining for Intrusion Detection in Networked Control Systems. In USENIX Security 16.

PDF Cite Project DOI


Download my PGP key. Fingerprint: AF58 B421 3E79 08FC 0ACE BE6D 3F45 80EA 5293 0E70.

  • e <dot> zambon <dot> n <dot> mazzocato <at> tue <dot> nl
  • +31 040 247 2853
  • P.O. Box 513, Eindhoven, Noord-Brabant 5600 MB
  • Enter the MetaForum (MF) building and take the elevator to the 6th Floor to Office 6.072
  • Tuesday 10:00 to 17:00
    Thursday 10:00 to 17:00