As an industrial control system cyber security provider, Verve Industrial Protection takes pride in hiring innovative and tenacious individuals with dynamic strengths who share our vision of critical infrastructure protection. Our people are one of our strongest company assets, and we’re pleased to announce our very own Director of Cyber Security Insights, Ron Brash, has been named to the 2020 Engineering Leaders Under 40 list, presented by CFE Media's Control Engineering and Plant Engineering.
Research by the publications has revealed employee recruitment and retention are the biggest issues facing the manufacturing industry today. Therefore, the goal of the Engineering Leaders Under 40 program is to call attention to successful young engineers in manufacturing and to show how manufacturers are recruiting and developing the next generation of professionals.
Now, more than ever, the implications for both discrete manufacturing and process manufacturing are catastrophic if operational technology systems are attacked. With Industry 4.0 on the rise, integrated software and production capabilities are at an even higher risk than ever before. The combination of Verve’s cyber security solution and engineering services (backed by an impressive team of experts) has demonstrated significant security protection for the manufacturing industry from cyber-related threats.
We don’t take the opportunity to showcase our services team members enough, but it’s time we change that. Today, we’re sitting down with Ron Brash to learn more about his professional experience, personal background and the insight he contributes to Verve.
Q: What does your role as Director of Cyber Security Insights at Verve Industrial entail?
A: (it means everything, life, death, happiness) Just kidding, but it’s a very versatile role due to the nature of our organization, the industry, and our customers. On paper, it sounds like I am a bit of a cyber security oracle (queue the Matrix references) where I write, read, and divine cyber security trends, but there is a lot to the title that not everyone sees.
My role involves engaging with customers to work on identifying vulnerabilities that are often not disclosed, explaining and researching technical details buried in products onsite or in a lab, staying on top of trends or tools, working with teams in the field to support devices, handling questions about security, and more. Basically, it is multiple hats combined into a single one.
Q: Tell us about your professional background. How did you get into cyber security and what led you to Verve?
A: I’ll start with the cookie cutter answer: OT - it’s in my blood and family, so I acknowledge it was a head start before on the culture aspects, but I was also exposed to computers at a young age. I remember getting shareware and playing Wolfenstein 3D on an old 486, running bat files, changing directories, and more.
From there, it's probably logical that I wound up in cyber security or technology in general, but I bounced around through amateur extreme sports, and even 3D arts, until I had an opportunity to go to university. I got my first technical diploma, and then when I needed a practicum, I happened to meet one of my career mentors - Eric Byres. It was early on at Tofino Security that I became absorbed in this world, with Linux or security, undertook multiple degrees, and even ran my own consultancy for three years until there was some relatively recent geo-political uncertainty.
Besides the education aspects, I love to challenge solutions, forge relationships, or think outside the box - even from an advisory perspective, I just like to help people solve problems realistically, and to continue learning. I guess its like the good kind of addiction - hard problems make me happy.
From there, I’ve carried onto Verve to solve new and different problems within a growing company where I traverse across multiple verticals and interact with a crowd of great individuals.
Q: In your own words, what does Verve do?
A: Verve is a 20+ year old OT cyber security company that has roots in systems integrations, deployments and more. From all of that experience, we have a really neat product that solves the specific needs in OT, but we also help solve industrial cyber security challenges in a way that other products or organization’s cannot. We can talk to devices or be safely deployed in environments while making a real difference.
Q: What sets Verve apart from other OT cyber security companies?
A: Verve to me is something that is a reflection of its creation and leadership (past and present). It’s a company born out of solving problems, working with customers, and building relationships. And so Verve - to me - is a pull-no-punches company that delivers cyber security without the marketing FUD. We are also both a services and product company that ensures an asset owner has a demonstrable risk reduction and is operationalizing our solution to its fullest.
Those differences in culture, and how we do business day-to-day make us very different from other cyber security firms. We do things that no other company in this industry does, with skills that range from all sides of the map, and we help the customer leverage and multiply existing investments vs. being a one trick pony.
In other words, we aren’t just an alarm telling you the house is on fire, but we help you prevent, extinguish, and recover from the fire. I know it sounds like marketing, but for those that know me - I wouldn’t be somewhere that wasn’t the real deal.
Q: What have been some of your career highlights?
A: Well this award is one, but helping bring multiple embedded products to market (including neuroscience brain-machine-interfaces), presenting in a number of privileged locations (such as Japan, or at John Hopkins), creating the watershed S4 ICS detection challenges, completing my Master degree while running a company full-time, performing assessments on gear few people have had access too, and being apart of many bleeding edge projects while working with/meeting many talented professionals.
And for laughs, having a former boss push me around in a pseudo wheelchair because I had just had ACL reconstruction, and the team had a get together to watch the Canadian Women’s hockey finals during the Vancouver winter olympics.
Q: Who are/have been some of your mentors? Who do you look up to in this industry?
A: Well, of course some of the founding minds in this space: Eric Byres, Eric Cosman, John Cusimano, Joel Langill, Rubin Santamarta, Reid Wightman, Adam Crain, Jonathan Butts, Michael Toeker, and Dale Peterson.
And so many other people, but my real deep-dive was from the folks at Tofino who helped me dig in: Erik Schweigert, Bogdan Paun, Oliver Kleinberg, and Darren Lissimore.
Q: What other 40 under 40 winners are you most intrigued by?
A: I’m very impressed by the wide range of persons, their skills, and accomplishments that make up the winners of this year's 40 under 40 engineers – they are all interesting to me and I’d be hard pressed to pick a favorite. If I were a member of the selection committee, it would be difficult to select from the huge pool of global talent.
For example, there is a young person named Andrew Oladeji who is tackling issues and projects often never seen at his age (23), and it seems that agism is no barrier holding him back. And then there are others (38 in fact besides myself), who are doing things with IoT – e.g., Keyi Sun or Sandeep Vysyaraju – who helped me put together the ISA Montreal IIS cyber track a few years ago.
There is also a fellow Canadian, William Phippen, who is working with teams on a variety of things including space engineering rover competitions; that’s pretty amazing I must say. And then there are others that I haven’t mentioned, and they too are equally impressive.
There is just too much awesome in this list, and to the people who won, or go unlisted, congratulations on doing what you love – keep doing it, and keep making significant changes.
Q: When you’re not hunting down the latest threats, what are some of your hobbies outside of work?
A: There is a life outside of work or technology? Just kidding, but you can probably find me boating or wakeboarding, reading or doing projects, Latin dancing (salsa and bachata), drawing, cooking, working on my street car, and hiking mountains. I really never sit still.
Q: What else should people know about you?
A: I consider myself very lucky, and through that luck, I try to share whatever knowledge I can to help others succeed. To be fair though, I have a huge soft spot for the disabled, non-neurotypical, the disadvantaged, and those suffering from mental illness because of their strength in tackling adversity. I will always make time for those individuals wherever I can.
Verve is proud to have Ron as a critical member of our cyber security services team, and we look forward to the strides he will continue to make in the industrial space.
Here are a few of Ron's latest contributions:
- MITRE ATT&CK vs. NIST CSF
- Prioritizing Asset Risk Management in ICS Security
- 5 Ways to Reduce Ransomware Risk
To follow along with Ron’s research and work, subscribe to our bi-monthly newsletter for the latest risk intel.