Before accepting the opportunity to join SANS, Tim enjoyed a 15-year career with the Northern Indiana Public Service Company (NIPSCO), where he held management and leadership positions as well as EMS Computer Systems Engineer responsibilities over the control system servers and the supporting network infrastructure. During his career, Tim has served as the Chair of the RFC CIPC, Chair of the NERC CIP Interpretation Drafting Team, Chair of the NERC CIPC GridEx Working Group, and Chair of the NBISE Smart Grid Cyber Security panel. He holds GICSP, GCIP, and GCIH certifications and co-authored and teaches both the ICS612 and ICS456 courses at SANS.
Tim never intentionally set out to become an instructor; instead, he saw in his career a need for training and development of personnel in ICS cybersecurity. Pursuing these resources brought Tim to SANS very early in his career. After more than 15 years of working at an asset owner operator, he got, as he would like to call it himself, a once-in-a-lifetime opportunity to join SANS to contribute to the broader ICS community and seek ways to pour into practitioners hungry for tools, knowledge, information sharing, and ICS cybersecurity-focused courseware. “I worked with some amazing leaders in this space to help create industry resources, courses and credentials,” says Tim.
Passionate about and driven by the mission and purpose of critical infrastructure, Tim has had the opportunity throughout his career to work with and be shaped by operations personnel who work tirelessly to ensure safe and reliable service delivery to their customers and communities. “I want to be in a position to support and help operations and their overall mission in any way I can.” Throughout his career, SANS has been the highest standard for cybersecurity training. However, over the years, it has become clear to Tim that SANS is genuinely looking to make a difference in ICS cybersecurity for practitioners who desperately need a partner. “I can see the difference SANS is making across the ICS community, and I am blessed to say I get to help.”
Like much of the community, Tim struggled to learn as he went, attempting to maintain a balanced understanding of operations, IT, OT, engineering, cybersecurity, and adversarial targeting to misuse the system under control. “With a wide scope of exposure, years of experience, mistakes, troubleshooting, incident response, lessons learned, and information exchanged with others who were also struggling to keep everything working, I started to triangulate on core principles and key learning areas from my experiences that I shared with peers and they with me so we could jump start our learning and grow beyond as a force multiplier,” says Tim. In addition, he provides students with hands-on practical learning that can be immediately put into action when they return to work. Critical Infrastructure organizations and Industrial Control Systems security practitioners cannot lose sight of what makes them special, there is a need for unique hybrid skill sets in this space that intersects operations, engineering, technology, security, and safety.It is crucial for an organization that these unique skill sets are developed and harnessed in a way that recognizes the operational drivers and constraints of the process environment and technology used to control it.IT and OT are different, the ICS community needs to focus on the unique demands that are represented by the first letter in those Acronyms and leverage the second letter in a manner that is informed by the risks to the organization and the overall mission.
ADDITIONAL CONTRIBUTIONS BY TIM CONWAY:
The Five ICS Cybersecurity Critical Controls, November 2022
The 5 Critical Controls for ICS/OT Cybersecurity, October 2022
PIPEDREAM and Countering ICS Malware, April 2022
Getting Your Hands Dirty with Industrial Control Systems, February 2022
Six Steps to Effective ICS Threat Hunting, November 2019
Killing Time, SANS ICS Security Summit 2021
A CISO View on the Journey of OT/ICS Cybersecurity, SANS ICS Security Summit 2021
ICS Defense Use Cases (DUC)
ICS Defense Use Case 6: Modular ICS Malware, August 2017
ICS Defense Use Case 3: The Lost DUC - Unavailable for Online, April 2015
ICS Defense Use Case 2: German Steel Mill Cyber Attack, December 2014