Why I Founded EmberOT: My Journey from Geek to OT Defender

Jori VanAntwerp

CEO and Founder at EmberOT || Web

For over two decades, Jori has enabled industrial and IT organizations to be successful in reducing risk, increasing compliance, and improving their overall security efforts. He has had the pleasure of working with companies such as Gravwell, Dragos, CrowdStrike, FireEye, McAfee, and is now CEO & Founder at EmberOT, a cybersecurity startup focused on making security a reality for critical infrastructure.

I founded EmberOT because I have always been a geek at heart, fascinated by how things work, and driven by a love of superheroes. I wanted to help, to fight the wrongs in the world, and to use my technical abilities to make a real difference.
Nearly 12 years ago, my path led me to Operational Technology (ICS, SCADA, industrial, cyber physical… the terms may vary, but the missions are all critical). I quickly became captivated by how these systems power our cities, manufacture goods, and maintain the many processes that keep society functioning.

Today, I’d like to share the story of how a simple observation at a dam reinforced my determination to build solutions that serve operators on the front lines of OT security and resiliency.

The Giant Bolt That Sparked Inspiration

🔩 It all started with a giant bolt. I was on a tour of a facility where a massive power-generating turbine was at work. Next to that turbine was a giant bolt the size of my noggin, secured by an equally giant wrench. I asked how the operators removed and replaced that massive bolt, expecting some cutting-edge mechanical system.

Instead, the answer was both low-tech and incredibly efficient: a giant wrench, hoisted by a cherry picker, with six people hanging off of it to provide enough force to turn the bolt.

That sight brought everything into focus for me.

OT systems rely on simplicity and reliability, often running for 20 or 30 years with minimal intervention. Just like that giant wrench, these systems can be impressive in their durability, yet they sometimes lack built-in security measures or authentication methods. This is no accident.

Many of these environments were never meant to be connected to networks or exposed to the complexities of modern IT systems. Over time, though, intranets and even the internet started to become part of the process, changing the security equation.

Founding EmberOT: Illuminating and Bridging the Gaps

When the convergence of IT and OT began to hit full stride, I saw operators wrestling with solutions that didn’t fully respect the unique requirements of industrial environments. Some predecessors and regulators were pushing for organizations to rebuild their systems from the ground up, a process that could take decades. Some asset owners hoped that limited connectivity to their critical infrastructure environments might keep those systems safe.

My goal was to find a way forward that would help asset owners, defenders, and operators TODAY.

That’s when I realized we needed a platform that was lightweight, hardware-agnostic, and genuinely approachable for people on the plant floor as well as analysts in the SOC. I founded EmberOT to create a software-based security solution that meets operators exactly where they are today.

Our goal is to provide real-time monitoring, complete asset inventory, and the ability to respond to threats or anomalies before they impact operations. EmberOT also helps organizations with efficiency, resiliency, regulatory compliance, and planning for the future.

An Operator-Focused Approach

A central lesson I learned while watching that giant wrench in action is that operators themselves are the ultimate defenders of these environments. They need tools that are compatible with older infrastructures, work in rugged or remote conditions, and can handle everything from typical daily tasks to the rare but serious threat of a state-level cyber attack.

Our main EmberOT software solution is built with this operator-focused mindset. It processes data at the edge, collects detailed insights from distributed control systems, PLCs, and SCADA systems, and displays actionable information without drowning operators in noise.

Because OT environments vary wildly in size, from single-building operations to sprawling campuses and thousands of miles of pipeline, our software is designed to be deployed in any footprint without overcomplicating the infrastructure.

The EmberOT Software Solution

EmberOT’s flagship software provides comprehensive asset inventory, real-time risk indexing, and robust visibility that caters to both security analysts and frontline operators. We made sure it could be installed locally without cloud connectivity if needed. That way, facilities with strict regulations or limited internet access can still benefit from modern security practices.

Our software solution doesn’t ask you to rip and replace your existing systems. Instead, it runs alongside them, passively monitoring traffic, detecting anomalies, and flagging potential threats.
Operators get meaningful data to make decisions that keep processes running smoothly, and if something does go wrong, they can take quick action.

Expanding Our Toolkit: Free PCAP Analyzer

As the industry evolved, we saw an opportunity to help the broader community by creating a free PCAP Analyzer tool. This analyzer handles both PCAP and PCAPNG files, allowing users to examine network captures without any complex setup. We wanted to remove barriers and let operators take a proactive stance in understanding what’s happening on their networks.
This tool supports organizations of all sizes. Maybe you’ve got one small facility that wants to inspect a suspicious packet capture, or a larger enterprise that needs a simple way to analyze traffic without spinning up new servers.

Either way, the PCAP Analyzer helps analysts and operators investigate potential issues and quickly understand network data. It’s our way of offering a community-focused resource that anyone can use to better understand their network.

Portable OT Security with IgniteOnsite

Most recently, we launched IgniteOnsite, a portable OT security bundle. IgniteOnsite addresses situations where you need quick deployment and visibility in remote or distributed sites.

It’s a self-contained tool that you can bring on location, set up rapidly, and immediately start gathering critical data about your operations. This extends the same philosophy behind the EmberOT software solution to a portable format that is perfect for maintenance teams or consultants who travel between industrial sites.

Like the rest of our suite, IgniteOnsite is built with simplicity and reliability in mind. You can leverage the data it collects to make fast decisions about troubleshooting, efficiency improvements, and security vulnerabilities.

Whether you’re in a single location or moving between multiple facilities, IgniteOnsite helps you keep an eye on your OT environment and respond effectively to potential threats or network anomalies.

A Vision for the Future

The day I first saw that giant wrench in action at the dam, I realized these systems have to be resilient above all else.

EmberOT, our free PCAP Analyzer, and IgniteOnsite are built on the principle that operators are the frontline defenders. We’re committed to giving them the right tools for the job. Past experience has shown me that there’s no one-size-fits-all solution, which is why our offerings emphasize flexibility, speed, and a focus on operator needs.

As OT and IT continue to converge in ways we never expected, our mission is to help people defend and optimize industrial processes right now, without waiting decades for complete infrastructure overhauls.

I founded EmberOT with a desire to serve the operators who keep our power grids, manufacturing lines, and cities running every single day. The future is bright if we face these challenges together, embracing simplicity where possible and applying rigorous security where necessary.

~Jori 🤘🔥