SANS Industrial Control Systems Security Blog

ICS Defenders: Light up your green, blue or purple lightsabers

Our Industrials & Infrastructure team had a chance to sit down with Dean Parsons, ISO in an energy company, and SANS ICS515 Instructor.

SANS: What made you choose to work in tech/security?

Dean: I can't recall ever sitting down thinking about which career path to take. Security has always been a passion of mine. I grew up writing C code on my own custom compiled versions of Linux. It all started there. I wrote security tools such as password crackers written in Python, host-based intrusion detection systems (IDS), network sniffing tools, intelligent port scanners, kernel modules and exploits. I found security because there was always need to understand what's happening behind the scenes and to defend against the forces of the Darkside. That need hasn't changed. In fact, the need for defense has grown - where we need more focus on it given the increase in volume and sophistication of threats, specifically targeting ICS installations, our critical infrastructure.

 

SANS: What was your first SANS course?

Dean: Ok, going to date myself, but here it goes? My first SANS course was so long ago it was when they were called Tracks. It was 2003 Track 3: Intrusion Detection In-Depth. While the content has drastically been updated over the years, and is updated several times a year, the core concepts are still very applicable to modern cybersecurity defense. Track 3 is now known as SEC503: Intrusion Detection In-Depth - great course!

 

SANS: What course is on your wish list?

Dean: FOR578: Cyber Threat Intelligence for sure. While ICS515 dives into a full day of Threat Intelligence for ICS as part of the Active Cyber Defense Cycle, it will be super valuable to take the full five day Threat Intel class.

 

SANS: What song is missing from the NetWars playlist? What would you add?

Dean: For ICS NetWars, definitely John Williams' Star Wars score - Dual of the Fates. A masterpiece that underpins a quintessential battle between good and evil as seen through a Lightsaber duel on Naboo. And Lightsabers are mini ICSes, right ;). If I could suggest another song it would be Night Runner - Nuclear Countdown. An amazing 80s inspired synth song that pumps for 7 minutes of 80s synth awesomeness that drives the listener to active defense.

Amazing tracks for NetWars and for any defender's track-list at the office (some restrictions may apply - see and abide by your corporate policy on music and/or headphones in the cyber defense room) :).

 

SANS: What SANS event are you looking forward to most this year?

Dean: Moving forward I'm pumped about SANS San Antonio 2019 and of course, Network Security 2019 in Las Vegas. Network Security is always epic and this year will be no different! But generally, I'm excited for every event where I get to teach, to see the students gleam value from the class for practical ICS defense.

 

SANS: How has security changed in your industry?

Dean: Safety. Recent attacks have entirely changed the game.
The world has seen the adversary take brazen steps in recent years with targeting power grids with significant destructive impacts to physical assets and serious disruptive attacks on our modern ways of life. Most recently the adversary has shown disregard for human life with the TRISIS Malware.

The crux of ICS515 is to empower students to look inside their ICS networks. To be prepared for what they are going to find, and how to appropriately respond. I will echo the theme of ICS515 "Defense is Doable"! and now is the opportunity for existing ICS defence professionals and up-and-coming ICS defenders in the industry to continue to grow their skills.

 

SANS: What do you want people to know about you?

Dean: My favourite quote?.. "Do. Or do not. There is no try." - Yoda. While not in ICS Active Cyber Defense mode, I'm exploring the coast of Newfoundland on a jet ski or playing piano - but never at the same time.

 

SANS: How do you stay up-to-date with the latest information? Who are your influencers?

Dean: Social Media, webcasts and networking at key ICS conferences and events. Rob M. Lee, Tim Conway, Ted Gutierrez, Doug Wylie and of course Mike Assante - all ICS Jedi.

 

Thanks, Dean, for taking the time to share more about your background and your role as an Information Security Officer at an energy utility in Newfoundland, and SANS instructor. Dean will be teaching ICS515 at SANS San Antonio in May, at Security Network 2019 and in San Fransisco in December. To learn more about Dean and where you can take his next course — visit his SANS bio page: https://www.sans.org/instructors/dean-parsons