homepage
Open menu
Contact Sales
Go one level top
  • Train and Certify
    Train and Certify

    Immediately apply the skills and techniques learned in SANS courses, ranges, and summits

    • Overview
    • Courses
      • Overview
      • Full Course List
      • By Focus Areas
        • Cloud Security
        • Cyber Defense
        • Cybersecurity and IT Essentials
        • DFIR
        • Industrial Control Systems
        • Offensive Operations
        • Management, Legal, and Audit
      • By Skill Levels
        • New to Cyber
        • Essentials
        • Advanced
        • Expert
      • Training Formats
        • OnDemand
        • In-Person
        • Live Online
      • Free Course Demos
    • Training Roadmaps
      • Skills Roadmap
      • Focus Area Job Roles
        • Cyber Defense Job Roles
        • Offensive Operations Job Roles
        • DFIR Job Roles
        • Cloud Job Roles
        • ICS Job Roles
        • Leadership Job Roles
      • NICE Framework
        • Security Provisionals
        • Operate and Maintain
        • Oversee and Govern
        • Protect and Defend
        • Analyze
        • Collect and Operate
        • Investigate
        • Industrial Control Systems
      • European Skills Framework
    • GIAC Certifications
    • Training Events & Summits
      • Events Overview
      • In-Person Event Locations
        • Asia
        • Australia & New Zealand
        • Latin America
        • Mainland Europe
        • Middle East & Africa
        • Scandinavia
        • United Kingdom & Ireland
        • United States & Canada
      • Live Online Events List
      • Summits
    • OnDemand
    • Get Started in Cyber
      • Overview
      • Degree and Certificate Programs
      • Scholarships
      • Free Training & Resources
    • Cyber Ranges
  • Enterprise Solutions
    Manage Your Team

    Build a world-class cyber team with our workforce development programs

    • Overview
    • Group Purchasing
    • Build Your Team
      • Assessments
      • Private Training
      • By Industry
        • Health Care
        • Industrial Control Systems Security
        • Military
    • Leadership Training
      • Leadership Courses
      • Executive Cybersecurity Exercises
  • Security Awareness
    Security Awareness

    Increase your staff’s cyber awareness, help them change their behaviors, and reduce your organizational risk

    • Overview
    • Products & Services
      • Security Awareness Training
        • EndUser Training
        • Phishing Platform
      • Specialized
        • Developer Training
        • ICS Engineer Training
        • NERC CIP Training
        • IT Administrator
      • Risk Assessments
        • Knowledge Assessment
        • Culture Assessment
        • Behavioral Risk Assessment
    • OUCH! Newsletter
    • Career Development
      • Overview
      • Training & Courses
      • Professional Credential
    • Blog
    • Partners
    • Reports & Case Studies
  • Resources
    Resources

    Enhance your skills with access to thousands of free resources, 150+ instructor-developed tools, and the latest cybersecurity news and analysis

    • Overview
    • Webcasts
      • Webinars
      • Live Streams
        • Wait Just An Infosec
        • Cybersecurity Leadership
        • SANS Threat Analysis Rundown (STAR)
    • Free Cybersecurity Events
      • Free Events Overview
      • Summits
      • Solutions Forums
      • Community Nights
    • Content
      • Newsletters
        • NewsBites
        • @RISK
        • OUCH! Newsletter
      • Blog
      • Podcasts
        • Blueprint
        • Trust Me, I'm Certified
        • Cloud Ace
        • Wait Just an Infosec
      • Summit Presentations
      • Posters & Cheat Sheets
    • Internet Storm Center
    • Research
      • White Papers
      • Security Policies
    • Tools
    • Focus Areas
      • Cyber Defense
      • Cloud Security
      • Digital Forensics & Incident Response
      • Industrial Control Systems
      • Cyber Security Leadership
      • Offensive Operations
      • Open-Source Intelligence (OSINT)
  • Get Involved
    Get Involved

    Help keep the cyber community one step ahead of threats. Join the SANS community or begin your journey of becoming a SANS Certified Instructor today.

    • Overview
    • Join the Community
    • Work Study
    • Teach for SANS
    • CISO Network
    • Partnerships
    • Sponsorship Opportunities
  • About
    About

    Learn more about how SANS empowers and educates current and future cybersecurity practitioners with knowledge and skills

    • SANS
      • Overview
      • Our Founder
      • Awards
    • Instructors
      • Our Instructors
      • Full Instructor List
    • Mission
      • Our Mission
      • Diversity
      • Scholarships
    • Contact
      • Contact Customer Service
      • Contact Sales
      • Press & Media Enquiries
    • Frequent Asked Questions
    • Customer Reviews
    • Press
    • Careers
  • Contact Sales
  • SANS Sites
    • Australia
    • Brazil
    • France
    • India
    • Japan
    • Middle East & Africa
    • United Kingdom
  • Search
  • Log In
  • Join
    • Account Dashboard
    • Log Out
  1. Home >
  2. Blog >
  3. Instructor Spotlight: Dean Parsons
SANS ICS

Instructor Spotlight: Dean Parsons

You built an ICS... out of a Delorean?

March 19, 2020

Dean_Parsons_Social_Card_598_x_338.png

The Industrials & Infrastructure team had a chance to sit down with Certified ICS Instructor Dean Parsons - Critical Infrastructure & ICS Cybersecurity Leader and OT Cyber Security Officer.


SANS: Why do you teach, research and practice cyber defense in Industrial Control Systems?

Dean: I am a practitioner in the field. I grew up ethically hacking computer systems of all types using my custom compiled Linux systems and custom C coded hacking tools. On any given day I could be dissecting packets from an industrial plant, working on a NERC-CIP security program, or presenting to a board of directors on ICS cyber risk and mitigation strategies.

I focus on Industrial Control Systems because our modern society relies daily on access to systems and critical infrastructure to power our lives, our families and businesses. Our critical infrastructure - power grid systems, oil & gas facilities, manufacturing plants and water management systems, etc., are targeted by motivated and supported adversaries that have the intent to cause those systems and us, harm - by ways of industrial disruption, safety impacts and in some cases physical damage to critical systems. But “Defense Is Doable!”

Every ICS class I teach I empower every student to ask questions and get involved in the always up-to-date conversation. This approach, and sharing my experiences from the field creates memorable moments to effectively deliver the course content. It prepares students for SANS GIAC certifications while simultaneously helping them retain critical knowledge long after the class ends - this is super important. Reenforcing practical use of the material as soon as they get back to the office or ICS facility.

SANS: What made you choose to work in security?

Dean: I can’t recall ever sitting down thinking about which career path to take. Security has always been a passion of mine. Starting in high school I wrote security tools such as password crackers, host-based intrusion detection systems (IDS), network sniffing tools, intelligent port scanners, kernel modules and exploits. I found security because there was always need to understand what’s happening behind the scenes and to defend against the forces of the darkside. That need hasn’t changed. In fact the need for defense has grown where we need more focus on it given the increase in volume and sophistication of threats, specifically targeting ICS facilities.

SANS: What was your first SANS course?

Dean: Ok, going to date myself, but here goes… My first SANS course was so long ago it was when they were called Tracks. It was 2003 Track 3: Intrusion Detection In-Depth. While the content has drastically been updated over the years, and is updated several times a year, the core concepts are still very applicable to modern cybersecurity defense. Track 3 is now known as SEC503: Intrusion Detection In-Depth.

SANS: What song is missing from the NetWars playlist? What would you add?

Dean: For ICS NetWars definitely John Williams’ Star Wars score - Dual of the Fates. A masterpiece that underpins a quintessential battle between good and evil as seen through a Lightsaber dual on Naboo. If I could suggest another song it would be Night Runner - Nuclear Countdown. An amazing 80s inspired song that pumps for 7 minutes of 80s synth awesomeness that drive the listener to active defense. These are amazing tracks for ICS NetWars and for any defender’s track-list at the office (some restrictions may apply - see your corporate policy on music and/or headphones in the cyber defense room) :).

SANS: How has security changed in your industry?

Dean: Safety. Globally, the last 5-10 years the adversary has taken brazen steps at increasing attack sophistication against industrial control systems such as oil & gas pipelines and power grids. 2010 marked the first time a cyber weapon destroyed physical equipment in the real world. In 2015, through a coordinated campaign, attackers targeted power grids and were successful in causing significant power disruptions across large regions. In 2016 evidence indicates intentions by the adversary to cause physically damage in electricity protection equipment. 2017 brought an attack on industrial safety systems -- those systems are designed to keep people and plants safe.

SANS: What tips can you provide new comers to ICS cyber security and defense?

Dean: ICS cybersecurity starts with safety, fully understanding the nuances of how to do defence in an industry environment. There is a difference in how to effectively apply security in traditional IT (Information Technology), vs. in ICS (Industrial Control Systems) or “OT” (Operational Technology) environments. Industrial control systems assets are often compared to traditional Information Technology assets. However, traditional IT assets and related processes focus on business data at rest or business data in transit, whereas industrial control systems are engineering assets that focus on input from real-time systems and control outputs for physical actions in the real world. It is this primary difference between IT and ICS (or OT) that drive differing cybersecurity design, strategy and cyber incident response policies and tactical practices. ICS cybersecurity involves protecting physical processes, engineering assets in the field and in plants. In the electric sector for example, proper ICS cyber defense protects the safety and reliability of operations, and the people in the plants who operator and work with the physical processes to safely generate, transmit and distribute electricity across a power grid and into our homes.

SANS: What do you want people to know about you?

Dean: I bring 20 years combined experience in IT, Industrial Control System cyber defense across the telecommunications to critical infrastructure sectors, and lead an active ICS Cybersecurity Program for an electric utility in Canada across facilities in generation (hydro, thermal, gas turbine), transmission and distribution. I am an ambassador for ICS active cyber defense and advocate for the safety, reliability and resilience of our critical infrastructure. Yet everyday is school day - we are forever learning, understanding and adding value to the community.
When I’m not teaching or in ICS Active Cyber Defense mode you can find me exploring the coast of Newfoundland on my jet ski, playing piano or riding motorcycles, even in intense Newfoundland winters. An accomplished motorcycle instructor and rider, he published some adventures in his travel book "The Evergreen Rider - Newfoundland By Motorcycle. Through All Seasons, All Weather" (www.evergreenrider.ca)
Favourite quote: "Do. Or do not. There is no try." - Yoda
I love the 80s.

SANS: Where does an ICS facility start in defense and how could they improve their strategy?

Dean: Through the ICS Active Cyber Defense Cycle (ACDC). It all starts with proper architecture (supply chain security, proper network segmentation, patching and/or enabling compensating controls). For example, proper separation of ICS assets and operational plant networks from the main vectors of compromises we see today, such as user networks and business email. Business networks should remain completely segmented from industrial controls. Similarly, safety systems that protect industrial control operations should also be on further separated networks.
Beyond ensuring basic architecture and passive defences (firewalls, packet inspection, AV whitelisting, etc.), ICS defense teams should already be deploying active defense technologies for “plant floor” network visibility with trained ICS defenders hunting in the network and proper ICS incident response practices.
Facilities also need to consider physical security to detect and prevent potential physical-cyber attacks.


SANS: How do you stay up-to-date with the latest ICS defense information? Who are your influencers?

Dean: News headlines, while having their place, are not threat intelligence. Consuming several accurate ICS cyber threat intelligence feeds, (and contributing back to them) is an effective want to ensure up to date, accurate, timely and relevant intel on the ICS threat landscape. Leveraging these sources for TTPs (Tactics, Techniques & Procedures), and IOCs (Indicators of Compromise) allows defenders to make informed pro-active decisions on infrastructure changes and protection. Webcasts, training from trusted sources and networking with peers in the community - either virtually or at conferences when possible is also critical.

Influencers - Rob M. Lee, Tim Conway, Ted Gutierrez, and of course Mike Assante’s significant contribution he’s brought the ICS world.
Other Influencers - Marty Mcfly and Dr. Emmett Brown - as operators and engineers of the coolest ICS ever - the Back To The Future Delorean Time Machine :). But they really should have been using their PPE (Personal Protective Equipment) more ;).

Thanks, Dean, for taking the time to share more about your background and your role as a ICS and Operational Technology Cyber Security Officer at an energy utility in Canada, and Certified SANS ICS Instructor.

Dean will be teaching ICS515 via SANS San Antonio 2020 CyberCast in May - San Antonio, TX | Sun, May 17 - Fri, May 22, 2020 and the live conference at SANS San Francisco Summer 2020 - San Francisco, CA Mon, Aug 24 - Sat, Aug 29, 2020

To learn more about Dean and where you can take his next course – visit his SANS bio page.

Share:
TwitterLinkedInFacebook
Copy url Url was copied to clipboard
Subscribe to SANS Newsletters
Receive curated news, vulnerabilities, & security awareness tips
United States
Canada
United Kingdom
Spain
Belgium
Denmark
Norway
Netherlands
Australia
India
Japan
Singapore
Afghanistan
Aland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint Eustatius, and Saba
Bosnia And Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Cook Islands
Costa Rica
Croatia (Local Name: Hrvatska)
Curacao
Cyprus
Czech Republic
Democratic Republic of the Congo
Djibouti
Dominica
Dominican Republic
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard And McDonald Islands
Honduras
Hong Kong
Hungary
Iceland
Indonesia
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Korea, Republic Of
Kosovo
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Liechtenstein
Lithuania
Luxembourg
Macau
Macedonia
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia, Federated States Of
Moldova, Republic Of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
Northern Mariana Islands
Oman
Pakistan
Palau
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Bartholemy
Saint Kitts And Nevis
Saint Lucia
Saint Martin
Saint Vincent And The Grenadines
Samoa
San Marino
Sao Tome And Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Sint Maarten
Slovakia
Slovenia
Solomon Islands
South Africa
South Georgia and the South Sandwich Islands
South Sudan
Sri Lanka
St. Helena
St. Pierre And Miquelon
Suriname
Svalbard And Jan Mayen Islands
Swaziland
Sweden
Switzerland
Taiwan
Tajikistan
Tanzania
Thailand
Togo
Tokelau
Tonga
Trinidad And Tobago
Tunisia
Turkey
Turkmenistan
Turks And Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United States Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Vatican City
Venezuela
Vietnam
Virgin Islands (British)
Virgin Islands (U.S.)
Wallis And Futuna Islands
Western Sahara
Yemen
Yugoslavia
Zambia
Zimbabwe

By providing this information, you agree to the processing of your personal data by SANS as described in our Privacy Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Tags:
  • Industrial Control Systems Security

Related Content

Blog
Blog: Defending Against Ransomware in ICS
Cybersecurity Insights, Digital Forensics, Incident Response & Threat Hunting, Industrial Control Systems Security
August 30, 2023
Defending Against Ransomware in Industrial Control Systems
Leveraging ICS612 and the SANS Five Critical Cybersecurity Controls
Mike_Hoffman_-_Headshot_-_370x370.png
Mike Hoffman
read more
Blog
SANS_ICS_LIBRARY_TEASER_IMAGE.png
Industrial Control Systems Security
July 12, 2023
Industrial Control Systems Library
The SANS Industrial Control Systems Library is a central source for ICS/OT cyber security resources detailing our Courses, Posters, Surveys, Whitepapers, Defense Use Case papers, and more. Brochures2016: Deutsche ICS Brochüre2016: ICS Security Training Brochure2016: 2016 ICS Security Summit &...
SANS ICS
read more
Blog
Coolest Careers Poster
Industrial Control Systems Security
July 7, 2023
SANSがおすすめするサイバーセキュリティの仕事20選: ICS/OT セキュリティ・アセスメント・コンサルタント
ICS/OT セキュリティ・アセスメント・コンサルタントの主な業務や、スキルアップのためのSANSのおすすめのコースを紹介します!
SANS_social_88x82.jpg
SANS Institute
read more
  • Register to Learn
  • Courses
  • Certifications
  • Degree Programs
  • Cyber Ranges
  • Job Tools
  • Security Policy Project
  • Posters & Cheat Sheets
  • White Papers
  • Focus Areas
  • Cyber Defense
  • Cloud Security
  • Cybersecurity Leadership
  • Digital Forensics
  • Industrial Control Systems
  • Offensive Operations
Subscribe to SANS Newsletters
Receive curated news, vulnerabilities, & security awareness tips
United States
Canada
United Kingdom
Spain
Belgium
Denmark
Norway
Netherlands
Australia
India
Japan
Singapore
Afghanistan
Aland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint Eustatius, and Saba
Bosnia And Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Cook Islands
Costa Rica
Croatia (Local Name: Hrvatska)
Curacao
Cyprus
Czech Republic
Democratic Republic of the Congo
Djibouti
Dominica
Dominican Republic
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard And McDonald Islands
Honduras
Hong Kong
Hungary
Iceland
Indonesia
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Korea, Republic Of
Kosovo
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Liechtenstein
Lithuania
Luxembourg
Macau
Macedonia
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia, Federated States Of
Moldova, Republic Of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
Northern Mariana Islands
Oman
Pakistan
Palau
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Bartholemy
Saint Kitts And Nevis
Saint Lucia
Saint Martin
Saint Vincent And The Grenadines
Samoa
San Marino
Sao Tome And Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Sint Maarten
Slovakia
Slovenia
Solomon Islands
South Africa
South Georgia and the South Sandwich Islands
South Sudan
Sri Lanka
St. Helena
St. Pierre And Miquelon
Suriname
Svalbard And Jan Mayen Islands
Swaziland
Sweden
Switzerland
Taiwan
Tajikistan
Tanzania
Thailand
Togo
Tokelau
Tonga
Trinidad And Tobago
Tunisia
Turkey
Turkmenistan
Turks And Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United States Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Vatican City
Venezuela
Vietnam
Virgin Islands (British)
Virgin Islands (U.S.)
Wallis And Futuna Islands
Western Sahara
Yemen
Yugoslavia
Zambia
Zimbabwe

By providing this information, you agree to the processing of your personal data by SANS as described in our Privacy Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
  • © 2023 SANS™ Institute
  • Privacy Policy
  • Terms and Conditions
  • Do Not Sell/Share My Personal Information
  • Contact
  • Careers
  • Twitter
  • Facebook
  • Youtube
  • LinkedIn