Jason Dely discovered his electrical and mechanical aptitude at a young age. “Pulling apart something mechanical, discovering its inner workings, and rebuilding it was something of an obsession for me, and that carried forward into hardware and software systems,” he says.
Jason has built a successful career on that early foundation. As a seasoned industrial control systems and operational technology cybersecurity professional with over 20 years in the field, his broad range of expertise cuts across many sectors, industries, and process control environments. Today he brings his wealth of hands-on technological expertise and business knowledge to his own company, Northern Strong Security, and to SANS in his roles as consultant, author, and instructor. SANS’ goal to fuse theory and practice in its ICS instruction resonates with Jason and fits his working philosophy.
While working on his electronics engineering degree from Niagara College in the 1990s, Jason drew on his passion for automotive technology by working for an aftermarket garage improving the electronics and programming of late model Ford Mustangs and trucks. Upon graduation, he worked briefly assembling drone and helicopter camera systems, then delved more deeply into many different aspects of industrial control systems and automation during his 15 years at Rockwell Automation, where he worked directly with customer systems such as proof-of-concepts, systems design, deployments, assessments, troubleshooting, and response activities. Jason’s positions at Rockwell included Technical Specialist, Application Specialist, Senior ICS Application Consultant, and Principal ICS Security Consultant. A highlight of his career at Rockwell was his work on network infrastructure and security.
In 2016, Jason joined Cylance, a revolutionary software firm developing a preventive anti-virus program. As Cylance’s ICS Practice Director, he was responsible for the strategic and tactical direction of the firm’s global ICS cybersecurity consulting practice, leading the selection, development, and management of best-in-class ICS service methodologies. He earned Cylance’s “Best ICS Consultant” award two years in a row.
Jason’s introduction to SANS came in 2010 when he took the SEC560: Network Penetration Testing and Ethical Hack course. He was so impressed with the trainers – , “They really knew their field—not just book knowledge,” he recalls – that he eventually joined SANS as an instructor teaching the ICS515: Active Defense and Incident Response course in 2015. He has since co-authored SANS’ SEC612 course and assisted with ICS NetWars and Grid NetWars as well as other major events for SANS. In 2020, Jason helped co-author Grid NetWars Remote to ensure ongoing accessibility to virtual SANS courses during the COVID-19 pandemic. He has numerous ICS-related and security certifications, including CISSP®, CISM, GRID, and GXPN.
In the classroom, Jason is a pragmatic, passionate, and encouraging instructor. He enjoys working with those new to the field for whom ICS threat information is new, as well as helping seasoned professionals heighten and expand their skills, often combining IT and OT.
Among Jason’s teaching goals are to help students gain the skills they need for their particular professional contexts and to encourage critical thinking. He taps into students’ natural curiosity by supporting the importance of asking “why.” Jason recalls a student from Beta 1 telling him how much he benefited from the hands-on deep dives into many different technologies and the collaboration required at the end of the course.
“The training helped the student learn how all the pieces and parts needed to work together to be successful,” says Jason. “Many practitioners new to the world of ICS have limited, if any, opportunities to interact with all of the components that make up a system in the real world.”
Jason takes particular satisfaction in knowing that, by drawing on his own diverse background and experiences in the industry, he can empower other practitioners and improve the community’s knowledge about ICS systems.
“A benefit I’ve had in my career is the opportunity to work with many different sectors, industries, and applications,” he explains. “This has allowed me to increase my depth of knowledge in both OT background and IT, complementary to the OT systems. It’s interesting to see the relationships and differences across sectors and organizations.”
ADDITIONAL CONTRIBUTIONS BY JASON DELY:
- Managing ICS Security with IEC 6244, November 2020
- Effective ICS Cybersecurity Using the IEC 62443, November 2020
- 2019 State of ICS Cybersecurity Survey, June 2019
- Incorporating Cybersecurity into Water Utility Master Planning, March 2017
- Scalable Secure Remote Access Solutions, 2012
- Mechanical Security Needs Diverse Experts, November 2020
- Good Security Programs Require Vigilance and Communication, December 2015
- PSUG: Experts Talk Working with IT, November 2015
- Cloud Security Hot Take, April 2021
- Coors and Verkada Events Hot Take, March 2021
- Oldsmar Water Facility Event Hot Take, February 2021
- Ghost in the Network vs. Ghost in the Machine, March 2020
- Webinar: Cylance ICS Threat Management Solutions, October 2018
- Realcomm IBcon - Jason Dely - Cylance - Cybersecurity in 5 Years, June 2017
- Incorporating ICS Cybersecurity into Water Utility Master Planning, September 2016
- Onboarding the ICS Mindset into Cyber Security Controls, August 2015
Jason has been invited to speak over the past 10+ years at many industry-related events hosted by numerous organizations, including the following:
- Rockwell Automation
- SANS ICS
- Public Safety Canada ICS Security Symposium
- Realcomm | IBcon
- DHS ICSJWG
- AEGIS Conference
- Advisen Cyber Risk Insights Conference
- Riviera Maritime Risk Management Forum
- Ammonium Nitrate - Nitric Acid Conference
Formal Information Security Training
- SEC560: Network Penetration Testing and Ethical Hacking
- SEC566: Implementing and Auditing the Twenty Critical Security Controls - In-Depth
- SEC660: Advanced Penetration Testing, Exploits, and Ethical Hacking
- ICS410: ICS/SCADA Security Essentials
- ICS515: ICS Active Defense and Incident Response
Industrial Control System Training
- Industrial Control System Product Training - Multiple (Rockwell Automation)
Security Industry Certifications
- CISSP® - Certified Information Systems Security Professional (ISC2)
- CISM - Certified Information Security Manager (ISACA)
- GXPN - GIAC Exploit Researcher and Advanced Penetration Tester
- GRID - GIAC Response and Industrial Defense