For as long as Dean can remember, he has always had a passion for security, so his decision to go into the field was a natural progression. He grew up ethically hacking computer systems of all types using his own custom-compiled Linux systems and custom C code hacking tools. From a young age, he wrote security tools such as password crackers in Python, host-based intrusion detections systems, network sniffing tools, intelligent port scanners, and kernel module and exploits, among many others. Dean’s passion for this type of work is rooted in protecting the greater good. He recognizes the crucial need for more defenders in the industry as adversaries continue to specifically target ICS and critical infrastructure.
To support himself while earning his bachelor’s degree in computer science at Memorial University of Newfoundland, Dean worked as a security consultant performing Linux hardening, writing networking applications, and performing ethical hacks and vulnerability assessments for industrial marine and offshore engineering firms, among others. Dean now has more than 20 years of technical and management experience. He has worked in both Information Technology and ICS Cyber Defense in the telecommunications and electricity sectors covering generation, transmission and distribution of power for critical infrastructure in Canada, including the NERC-CIP alignment.
As an ICS Cyber Defense consultant, no day looks the same for Dean. One day you might find him dissecting packets and writing policies, while on the next he might be presenting to a board of directors or to professionals at a security conference.
Dean will be the first to tell you that ICS cybersecurity starts with safety and is driven by it. To ensure this safety, he has built ICS security teams and processes for practical defense across multiple ICS sectors. These teams have been effective in performing ICS incident response and playing key roles in preserving the safety and reliability of operational technology and ICS operations. Dean has integrated cybersecurity as mandatory ICS-physical and on-site safety training for engineering staff. This training is ever more important as adversaries make brazen moves to target the ICS safety systems designed to keep people and physical assets safe.
“I’m an ambassador for defending our industrial systems, and an advocate for safety, reliability and cyber protection of our critical infrastructure,” Dean explains. “Every ICS class I teach I empower every student to ask questions and get involved in the always up-to-date conversation. Using this approach and sharing my experiences from the field creates memorable moments to effectively deliver the course content. It prepares students for SANS GIAC certifications while simultaneously helping them retain critical knowledge long after the class ends, which is super important for practical ICS defense.”
In ICS515: ICS Visibility, Detection, and Response, the course Dean teaches for SANS, he tackles common misconceptions and challenges of IT security applied to ICS security with an emphasis on safety for critical infrastructure. He takes students through incidence response, and emphasizes the main differences between traditional IT security and ICS security. One thing you will certainly hear echoed in Dean’s class is “Defense is Do-able!” He also reminds you to keep in mind Yoda’s famous expression: “Do. Or do not. There is no try.”
Dean is also the co-author of the new upcoming SANS course ICS418: ICS Security Essentials for Managers with SANS Certified Instructor Jason D. Christopher. ICS418 fills the identified gap among leaders working across critical infrastructure and operational technology environments. It empowers new and established ICS Security Managers with tools to address industry pressures and manage cyber threats and defenses that prioritize the business while ensuring the safety and reliability of ICS operations.
Outside of class, Dean has been invited to speak on ICS security at conferences and workshops throughout North America and the United Kingdom. He has also contributed to many SANS ICS webcasts. When Dean isn’t working, you can find him exploring the coast of Newfoundland on his jet skis, playing piano, jamming out to ‘80s music, or riding motorcycles. He is an accomplished motorcycle instructor and rider and has published some adventures in his travel book The Evergreen Rider: Newfoundland by Motorcycle Through All Seasons, All Weather.
ADDITIONAL CONTRIBUTIONS BY DEAN PARSONS:
PUBLISHED WORKS, ARTICLES & BLOGS
ICS Field Manual, Volume 2, January 2023
ICS Field Manual, Volume 1, June 2022
SANS ICS Sit Visit Plan, May 2021
ICS Cheat Sheets: It’s Not Cheating If You Have an Effective and Safe Approach!, April 2021
7 Tips For Planning ICS Plant Visits, May 2019
News article: Addressing Modern Industrial Control System Attacks, March 2019
Whitepaper: Practical Industrial Control System (ICS) Cybersecurity: IT and OT Have Converged— Discover and Defend Your Assets, September 2018
ICS Defense: It's Not a "copy-paste" from an IT playbook, April 2018
Know Thyself Better Than The Adversary - ICS Asset Identification and Tracking, February 2018
WEBCASTS & PRESENTATIONS
Discover the NEW! ICS Field Manual, Volume 2, January 2023
Discover the NEW! ICS Field Manual, Volume 1, June 2022
ICS Proactive Defense: Leveraging Operational Threat Hunting for Resilience - Part 1, January 2022
ICS Cyber Resilience, Active Defense, & Safety Part 1 -5, September 2021 - January 2022
Top 5 ICS Assets and How to Protect Them, August 2021
Cyber42: Industrial Edition Game Day, July 2021
Top 5 ICS Incident Response Tabletops and How to Run Them, June 2021
Threat Management Made Easy: How to Protect Your ICS Network with Less Effort, June 2018
Panel Discussion: Challenges of Developing an Asset Inventory for Converged IT/OT Environments, May 2018
Canadian Webcast Series Part 3: ICS Defense: It’s Not a “Copy-Paste” From an IT Playbook, March 2018
Improving Incident Response for ICS, November 2017
Practical Industrial Control System (ICS) Cybersecurity: IT and OT Have Converged— Discover and Defend Your Assets, September 2017
CHEAT SHEETS & POSTERS
ICS Cyber Incident Response – Poster
Industrial Network Security Monitoring – Poster
ICS Assessment Quick Start Guide – Poster
ICS Site Visit Plan – Cheat Sheet
ICS Security Program Maturity Quick Start Guide – Cheat Sheet
ICS Assessment Methodology Quick Start Guide – Cheat Sheet
ICS Common Acronyms Quick Start Guide – Cheat Sheet