--- title: "River Caudle — Riverman" description: "Twenty-year OT/ICS security practitioner. Operational sovereignty for critical industrial infrastructure. Originator of The SECURE Method™ for IEC 62443. Builder of MarlinSpike, GlassMarlin, CloudMarlin, Conversational Factory, and the Industrial Independence Architecture." canonical: "https://rivercaudle.com/" author: "River Caudle" keywords: - River Caudle - Riverman - OT security - ICS security - operational technology - critical infrastructure - industrial cybersecurity - IEC 62443 - SECURE Method - operational sovereignty - industrial independence - SCADA security - MarlinSpike - GrassMarlin - Conversational Factory - nuclear infrastructure - SRP triad robots: index, follow --- # River Caudle **Riverman.** OT / ICS security. Houston, Texas. > Operational sovereignty, engineered. --- ## Cover I'm an OT security guy from rural Alabama. Twenty years in industry — mining, oil and gas, manufacturing, both process and discrete. Forty of fifty US states, most of Canada, and adjacent work across Southeast Asia, Central America, Australia, Europe, and Africa. I design and defend the control systems behind the things that cannot fail. **The plant comes first. Availability, integrity, confidentiality — in that order — with safety underneath all of it.** | Dimension | Value | |-----------------|------------------------------------------------| | Tenure | 20+ years on the wire | | Footprint | 40 / 50 US states, 6 continents | | Discipline | OT / ICS / industrial networks | | Sectors | Nuclear · energy · oil & gas · mining · manufacturing | | Standard | IEC 62443 underpins everything | | Voice | Published as the *Riverman* | | Contact | river@riverman.io | --- ## § A — Position Sovereignty isn't something somebody gives you. It's something you build. It means owning the infrastructure, training your own engineers, writing your own code, and being able to audit what's running on your networks. > **If you can't do it, you don't own it. And if you don't own it, it's not sovereign.** That principle scales. Digital sovereignty at the national level and operational technology independence at the plant level are the same problem at different scales. Who owns the stack? Who can see the traffic? Who do the devices call home to? Who can alter the firmware? And underneath all of that, the substrate distinction. **Control systems act on physics, not on information.** The plant's substrate is governed by *safety, reliability, and performance* — in that order. The information layer that watches it lives under *confidentiality, integrity, availability*. Two governance models, one architecture. The fractal doesn't collapse at the top: same unit at every level, only scope changes. It's not a policy problem. It's an engineering problem. That's where I work. --- ## § B — Practice I do industrial security consulting. The form that takes, most typically: I work with customers in their brownfield environments to come up with a security plan that works for the operating environment as it sits. The customers right now are mostly discrete manufacturing and a few automotive. Some food and bev. A little chem and pharma. Oil and gas and mining when the geography calls for it. **IEC 62443 underpins everything I do.** ### Current roles - **Chief Strategy Officer · River Risk Partners** *(2024 — present)* Industrial loss prevention. Nuclear, energy, critical infrastructure. Strategy and architecture for operators with high-consequence assets and zero tolerance for downtime. Programs that survive when the cloud, the WAN, and the vendor portal don't. - **Owner / Technical Principal · Northern Shield Rugged Technologies** *(2015 — present)* Industrial wireless across 200+ remote sites in northeast British Columbia. −40 °C to +40 °C operating envelope. Where the truck is a day away and the radio either works or doesn't. - **Founder · Industrial Independence Alliance** *(ongoing)* A coalition and an architectural doctrine for sovereign-per-zone industrial systems. OT and IT are distinct disciplines. Convergence is a marketing word, not an engineering one. --- ## § C — Stack When an installation of one of the most common OT security platforms — and I won't name them — costs a hundred thousand dollars US upfront in professional services plus a minimum of fifty thousand a year in licensing, that's not tenable for the African market. **And honestly, it shouldn't be palatable for the rest of us either.** So I build my own. A doctrine, a method, a platform, and the open-source tooling that the doctrine and the method imply. Each piece is small. They stack. ### C.01 — Industrial Independence Architecture *(doctrine)* One self-contained unit at every zone of an industrial network. Identical at every level. Scope is the only thing that changes. Industrial independence is not a technology position — it is an *operational sovereignty position*. → ### C.02 — Frameworks *(methodologies, originator)* A small portfolio of named methodologies, each addressing a different problem on the plant floor. All free to plant operators and industrial workers under the [Riverman Fair License v2.0](https://rivercaudle.com/license/). - **[SHIP Framework™](https://rivercaudle.com/ship/)** — *industrial network design* — Standardize, Harden, Isolate, Protect. - **[SECURE Method™](https://rivercaudle.com/secure-method/)** — *cybersecurity* — IEC 62443 simplified. Segment, Establish, Control, Update, Respond, Evaluate. - **[RIVER Method™](https://rivercaudle.com/river/)** — *troubleshooting · linear* — Reboot, Inspect, Verify, Examine, Replace. Physical first. - **[STREAM Method™](https://rivercaudle.com/stream/)** — *troubleshooting · cyclic* — Scope, Test, Replicate, Execute, Assess, Mitigate. For complex and intermittent problems. - **[Schema on Read vs Write™](https://rivercaudle.com/schema-on-read/)** — *training* — adaptive analogical learning for skilled trades. - **[OT Stability Doctrine](https://rivercaudle.com/ot-stability/)** — *change management* — in OT, change is risk and stability is security. → Full index: ### C.03 — Conversational Factory *(platform)* A factory you can talk to. Read-only by architecture, not by policy. An implementation of the Industrial Independence Architecture for AI-to-OT data access. *Translation, not replacement. Sovereignty over connectivity.* → ### C.04 — MarlinSpike *(OSS · web)* The modern GrassMarlin. Open-source passive OT/ICS topology workbench. Web, multi-user. *Passive only — packets in, zero out. Zero transmission is the baseline, not a configuration option.* → ### C.05 — GlassMarlin *(OSS · desktop)* The desktop bundle of MarlinSpike. Same engine, single-user, runs on the analyst's laptop. → ### C.06 — CloudMarlin *(SaaS · hosted)* Surface threats in packet captures. *No setup.* No data leaves your tenant. Wireshark is necessary but insufficient. → ### Note · the unmaintained predecessor In 2026 the original GrassMarlin picked up its first CISA advisory — **ICSA-26-118-01**, XXE in the PCAP parser, all versions, CVSS 5.5 — and there is nobody home to fix it. The Marlin family above is what picks up where it left off. --- ## § D — Writing Forty-plus pieces, published as the *Riverman*. Some are essays, some are CVE analyses, some are field stories from a control room nobody was supposed to be in. A selection: - **Zero Trust in OT** — a three-part series on industrial independence - **The $400 Billion Lie** — how the tech industry abandoned 98% of manufacturing - **IEC 62443 gets security levels wrong, and here's why** - **The Purdue Model isn't dead** — how the industry stripped a methodology down to a cartoon - **F5 BIG-IP & CISA ED 26-01** — a critical analysis for CISOs and operational leaders - **The architecture of survival** — why the safest systems are built like ships - **Riverman Tales — the Frozen Lifeline** - **Why an OT security guy went to GITEX Africa** Full archive on LinkedIn: --- ## § E — Scope Twenty years across heavy industry. The geography keeps moving; the work keeps adding up. By the way — most OT work is defending legacy. Greenfield is rare, and when it shows up you have an obligation to get it right, because the decisions lock in for decades. | Dimension | Detail | |---------------|-----------------------------------------------------------------------| | **Geography** | 40 of 50 US states · most Canadian provinces · Southeast Asia · Central America · Australia · Europe · Africa | | **Sectors** | Mining · oil & gas · manufacturing (process and discrete) · food & bev · chem/pharma · nuclear | | **Scale** | Largest cloud-native SCADA of its kind — 4,600 field devices, 14-state territory · industrial wireless across 200+ remote sites | | **Standards** | IEC 62443 (primary) · Purdue / PERA · NIST · ISA | | **Education** | MBA, Management Information Systems · BS, Finance & Management | --- ## § F — Elsewhere | Channel | Where | For | |---------------|----------------------------------------------------|----------------------------------------| | **Email** | | Strategy · advisory · speaking · OSS | | **LinkedIn** | | The Riverman archive, network | | **Open source** | | MarlinSpike · OT/ICS network discovery | | **Coalition** | | The doctrine, in long form | --- ## Colophon Set in JetBrains Mono and IBM Plex Sans. Built in the open. The plant comes first. *Issued — Houston, Texas. © MMXXVI.*