Jason Dely

Jason Dely

Jason Dely discovered his electrical and mechanical aptitude at a young age. “Pulling apart something mechanical, discovering its inner workings, and rebuilding it was something of an obsession for me, and that carried forward into hardware and software systems,” he says. “When I dive into the unknown I try to apply whatever knowledge I have up to that point with abstract thinking to figure things out.”

Today, as a seasoned industrial control security (ICS) professional, Jason brings his hands-on technological expertise and business knowledge to his own company, Northern Strong Security, and to SANS in his roles as consultant, author, and instructor. SANS’ goal to fuse theory and practice in its ICS instruction resonates with Jason and fits his working philosophy.

Jason’s career has covered a broad spectrum of experiences. While working on his electronics engineering degree in the 1990s, he drew on his passion for automotive technology by working for an aftermarket garage improving the electronics and programming of late model Ford Mustangs and trucks. Upon graduation, he worked briefly assembling drone and helicopter camera systems, then spent most of his 15 years at Rockwell Automation working directly with customer systems such as proof-of-concepts, systems design, deployments, assessments, troubleshooting, and response activities. He joined Cylance in 2016, directing its ICS cybersecurity consulting practice and earning its “Best ICS Consultant” award two years in a row.

Jason joined SANS as an instructor teaching the ICS515: Active Defense and Incident Response course in 2015. Since then he is also a co-author of the ICS612: ICS Cybersecurity In-Depth course.

More About Jason

Upcoming Courses

Profile

Jason has built a successful career on that early foundation. As a seasoned industrial control systems and operational technology cybersecurity professional with over 20 years in the field, his broad range of expertise cuts across many sectors, industries, and process control environments. Today he brings his wealth of hands-on technological expertise and business knowledge to his own company, Northern Strong Security, and to SANS in his roles as consultant, author, and instructor. SANS’ goal to fuse theory and practice in its ICS instruction resonates with Jason and fits his working philosophy.

While working on his electronics engineering degree from Niagara College in the 1990s, Jason drew on his passion for automotive technology by working for an aftermarket garage improving the electronics and programming of late model Ford Mustangs and trucks. Upon graduation, he worked briefly assembling drone and helicopter camera systems, then delved more deeply into many different aspects of industrial control systems and automation during his 15 years at Rockwell Automation, where he worked directly with customer systems such as proof-of-concepts, systems design, deployments, assessments, troubleshooting, and response activities. Jason’s positions at Rockwell included Technical Specialist, Application Specialist, Senior ICS Application Consultant, and Principal ICS Security Consultant. A highlight of his career at Rockwell was his work on network infrastructure and security.

In 2016, Jason joined Cylance, a revolutionary software firm developing a preventive anti-virus program. As Cylance’s ICS Practice Director, he was responsible for the strategic and tactical direction of the firm’s global ICS cybersecurity consulting practice, leading the selection, development, and management of best-in-class ICS service methodologies. He earned Cylance’s “Best ICS Consultant” award two years in a row.

Jason’s introduction to SANS came in 2010 when he took the SEC560: Network Penetration Testing and Ethical Hack course. He was so impressed with the trainers – , “They really knew their field—not just book knowledge,” he recalls – that he eventually joined SANS as an instructor teaching the ICS515: Active Defense and Incident Response course in 2015. He has since co-authored SANS’ SEC612 course and assisted with ICS NetWars and Grid NetWars as well as other major events for SANS. In 2020, Jason helped co-author Grid NetWars Remote to ensure ongoing accessibility to virtual SANS courses during the COVID-19 pandemic. He has numerous ICS-related and security certifications, including CISSP®, CISM, GRID, and GXPN.

In the classroom, Jason is a pragmatic, passionate, and encouraging instructor. He enjoys working with those new to the field for whom ICS threat information is new, as well as helping seasoned professionals heighten and expand their skills, often combining IT and OT.

Among Jason’s teaching goals are to help students gain the skills they need for their particular professional contexts and to encourage critical thinking. He taps into students’ natural curiosity by supporting the importance of asking “why.” Jason recalls a student from Beta 1 telling him how much he benefited from the hands-on deep dives into many different technologies and the collaboration required at the end of the course.

“The training helped the student learn how all the pieces and parts needed to work together to be successful,” says Jason. “Many practitioners new to the world of ICS have limited, if any, opportunities to interact with all of the components that make up a system in the real world.”

Jason takes particular satisfaction in knowing that, by drawing on his own diverse background and experiences in the industry, he can empower other practitioners and improve the community’s knowledge about ICS systems.

“A benefit I’ve had in my career is the opportunity to work with many different sectors, industries, and applications,” he explains. “This has allowed me to increase my depth of knowledge in both OT background and IT, complementary to the OT systems. It’s interesting to see the relationships and differences across sectors and organizations.”

ADDITIONAL CONTRIBUTIONS BY JASON DELY:

Publications

Managing ICS Security with IEC 6244, November 2020
Effective ICS Cybersecurity Using the IEC 62443, November 2020
2019 State of ICS Cybersecurity Survey, June 2019
Incorporating Cybersecurity into Water Utility Master Planning, March 2017
Scalable Secure Remote Access Solutions, 2012

Press

Mechanical Security Needs Diverse Experts, November 2020
Good Security Programs Require Vigilance and Communication, December 2015
PSUG: Experts Talk Working with IT, November 2015

Videos

Cloud Security Hot Take, April 2021
Coors and Verkada Events Hot Take, March 2021
Oldsmar Water Facility Event Hot Take, February 2021
Ghost in the Network vs. Ghost in the Machine, March 2020
Webinar: Cylance ICS Threat Management Solutions, October 2018
Realcomm IBcon - Jason Dely - Cylance - Cybersecurity in 5 Years, June 2017
Incorporating ICS Cybersecurity into Water Utility Master Planning, September 2016
Onboarding the ICS Mindset into Cyber Security Controls, August 2015

Events

Jason has been invited to speak over the past 10+ years at many industry-related events hosted by numerous organizations, including the following:

Rockwell Automation
SANS ICS
CS4CA
Public Safety Canada ICS Security Symposium
AWWA
Realcomm | IBcon
ManuSec
DHS ICSJWG
AEGIS Conference
Advisen Cyber Risk Insights Conference
Riviera Maritime Risk Management Forum
Ammonium Nitrate - Nitric Acid Conference

Formal Information Security Training

SEC560: Network Penetration Testing and Ethical Hacking
SEC566: Implementing and Auditing the Twenty Critical Security Controls - In-Depth
SEC660: Advanced Penetration Testing, Exploits, and Ethical Hacking
ICS410: ICS/SCADA Security Essentials
ICS515: ICS Active Defense and Incident Response

Industrial Control System Training