Emmanuele Zambon

Emmanuele Zambon

Assistant Professor

Eindhoven University of Technology


I am an Assistant Professor at the Security Group of the Eindhoven University of Technology, in the Netherlands. I investigate the security of Industrial Control Systems (ICS) to improve their defense capabilities. My research focuses in the areas of network intrusion detection and incident response. I collaborate with the Eindhoven Security Hub Security Operations Center initiative.

I was one of the three founders of the spin-off SecurityMattters, with the goal of bringing to the market SilentDefense, a platform for network monitoring, asset inventory and network intrusion detection for Industrial Control Systems. At SecurityMatters I served as the CTO, and I was responsible of the company’s R&D.

Download my resumé.

  • Industrial Control System Security
  • Intrusion Detection
  • PhD in Computer Science, 2011

    University of Twente

  • MSc in Computer Science, 2005

    Ca’ Foscari University of Venice

  • BSc in Computer Science, 2002

    Ca’ Foscari University of Venice


Eindhoven University or Technology
Jan 2021 – Present Eindhoven
Forescout Technologies BV
Sr. Director of OT Technology
Nov 2018 – Dec 2020 Eindhoven

Responsibilities include:

  • Senior advisor for product architecture and engineering.
  • Supervision of a team of elite engineers (6 engineers).
  • Network security and operation analysis for top customers.
  • Analysis of Industrial Control System network protocols and vulnerabilities.
  • Product development of OT technology support and of new detection mechanisms.
SecurityMatters BV
Jan 2011 – Nov 2018 Eindhoven

Responsibilities include:

  • Research and engineering of new and cutting edge network monitoring and intrusion detection solutions for Operational Technology networks.
  • Product vision, architecture and design.
  • Analysis of Industrial Control System network protocols and vulnerabilities.
  • Management of the product engineering team (20+ engineers).
  • Network security and operation analysis for customer production environments.
  • Coordinator of activities and tasks within national and international research projects.
University of Twente
Postdoc Researcher (part-time)
Jan 2011 – Sep 2016 Enschede (NL)

Responsibilities include:

  • Principal contributor of several national and EU successful research projects.
  • New EU project proposals
  • Supervision of PhD student
  • OT security research
ValueTeam SpA
IT Consultant
Apr 2005 – Aug 2006 Mestre (IT)
Technical and Architectural consulting, design of distributed architectures for accessing the telephone traffic data of Telecom Italia SpA.
KPMG Italy SpA
IT Security Consultant
Sep 2003 – Sep 2004 Treviso (IT)
Penetration Testing and IT Risk Assessment.

Recent Publications

(2022). Characterizing Building Automation System Attacks and Attackers. In EuroS&PW2022.

PDF Cite Project

(2022). You Can't Protect What You Don't Understand: Characterizing an Operational Gas SCADA Network. In SafeThings 2022.

PDF Cite Project

(2017). ECFI: Asynchronous control flow integrity for programmable logic controllers. In ACSAC2017.


(2017). Stealth Low-Level Manipulation of Programmable Logic Controllers I/O by Pin Control Exploitation. In CRITIS2016.

Cite DOI


Download my PGP key. Fingerprint: AF58 B421 3E79 08FC 0ACE BE6D 3F45 80EA 5293 0E70.

  • e <dot> zambon <dot> n <dot> mazzocato <at> tue <dot> nl
  • +31 040 247 2853
  • P.O. Box 513, Eindhoven, Noord-Brabant 5600 MB
  • Enter the MetaForum (MF) building and take the elevator to the 6th Floor to Office 6.072
  • Tuesday 10:00 to 17:00
    Thursday 10:00 to 17:00