CyberWire Daily - Ron Brash: Problem fixer in critical infrastructure. [OT] [Career Notes]
Episode Date: August 3, 2024Director of Cyber Security Insights at Verve Industrial aka self-proclaimed industrial cybersecurity geek Ron Brash shares his journey through the industrial cybersecurity space. From taking his pare...nts 286s and 386s to task to working for the "OG of industrial cybersecurity," Ron has pushed limits. Starting off in technical testing, racing through university at 2x speed, and taking a detour through neuroscience with machine learning, Ron decided to return to critical infrastructure working with devices that keep the lights on and the water flowing. Ron hopes his work makes an impact and his life is memorable for those he cares about. We thank Ron for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. of you, I was concerned about my data being sold by data brokers. So I decided to try Delete.me.
I have to say, Delete.me is a game changer. Within days of signing up, they started removing my
personal information from hundreds of data brokers. I finally have peace of mind knowing
my data privacy is protected. Delete.me's team does all the work for you with detailed reports
so you know exactly what's been done. Take control of your data and keep your private life Thank you. JoinDeleteMe.com slash N2K and use promo code N2K at checkout.
The only way to get 20% off is to go to JoinDeleteMe.com slash N2K and enter code N2K at checkout.
That's JoinDeleteMe.com slash N2K, code N2K.
I'm Ron Brash. I'm a director of cybersecurity insights at Ferv Industrial,
but I'd like to be more preferred as an industrial cybersecurity geek.
If I go back pretty far, right, my family, we were always around, you know, blue-collar jobs, logging, industrial fishing.
And so I kind of, I guess, wanted to be an engineer when I was younger.
And roughly around, I would say, grade 10, when I was about 14 years old, maybe 13, I started looking at computers and doing a lot more with them.
I've always grew up with computers. My parents had 286s, 386s, you know, all of that stuff that very few people had.
I really liked what you could do with them at the time, right?
Like, you know, not many things in life you can beat with a sledgehammer until it works properly.
So I learned that programming, I could get what I wanted. But I also realized that it's a very frail process and it's easy to manipulate.
very frail process and it's easy to manipulate. Little did I know that one of my best friends at the time, who's the son of a gentleman named Eric Byers, who's one of the grandfathers,
the original gangster of industrial cybersecurity, was one of the four leaders of this whole realm
that I'm in now. And he'd heard that I was good with computers.
And one day I was over at their house and he said,
hey, would you like to have a practicum or let's have an interview?
And I said, yeah, you know what? I would love to.
The rest was history.
When I started for Eric Byers, this was at Tofino Security.
I started off kind of doing technical testing and, you know, just, you know, you start at the bottom, right?
You work your way through tasks and you go upwards.
And I, you know, I had a quick aptitude for that and doing technical testing or breaking things.
So I kind of outgrew that pretty quick and I wanted to become a developer.
So I started doing moregrew that pretty quick and I wanted to become a developer.
So I started doing more and more advanced tasks.
While I was working for Eric and I continue to work for Eric, I went and skipped two years of school and went into my third year of university, went and got a bachelor's.
And then I started looking a little farther ahead and I said, you know, I want more.
So I researched a bunch of universities and I found another one in Montreal,
which was Concordia University. And I found a great advisor that was trying to do software
defined networking and industrial critical infrastructure. So then I moved to Montreal,
basically. And then I got my master's in 2017. And this is where I took a complete
kind of sidetrack
from industrial cybersecurity for a little bit.
I went into neuroscience.
Montreal is actually a bit of a hotspot for machine learning.
And I hate the word AI, but AI.
And I got involved with some people and I was like,
you know what, let's do a consultancy for
that. So for the next three years, I was running five employees in Montreal. I've gotten two
embedded neuroscience devices to market with obviously my partners at the time, where I can
take all the credit for that. And I learned a lot of stuff. And then roughly when Trump came to power, a lot of the larger American companies that we were dealing with felt were very hesitant to fund a Canadian company.
And then all the work just dried up.
I took a little bit of a hiatus after having to take a little bit of a break from work.
I was struggling pretty hard.
And Eric Byers kind of came out again and said,
Hey, Ron, are you looking for something else?
And I was kind of poking my head up out of the sand and said,
Well, yes, of course I probably am.
And then it turns out that I jumped over to Verve Industrial, where I am now.
And I've been there for probably a to Verve Industrial where I am now. And I've
been there for probably a year and a half, I believe now. I've been working on a little bit
of customer mandates, doing research, helping management, helping the team, you know, with all
of my experience from the past and we're moving forward. I describe myself as someone who's a
problem fixer in critical infrastructure.
And I say to them, so what does that mean?
Well, it means that I go and work with customers and I work with devices that, you know, make power or make water or, you know, pick whatever that's maybe that person's more familiar with.
And I say, you know that those things run a bunch of electronics and computers inside of them,
and they need to be updated or managed in a secure way, just like you would for your regular computer or cell phone.
Obviously more complicated than that.
And it's in a realm where I can't just shut down, let's say, a refinery when I need to apply a piece of software as a patch.
I said, you know, can you imagine shutting down a refinery?
And they say, no.
I said, well said there you go
promoting yourself uh isn't necessarily a like a selfish act promoting yourself and what you're
working on and what you believe in especially if it's in this type of world right where we need
we need the lights on you know the, the mission of, you know,
the social needs of society, which depend on internet, electrical, so on and so on.
If you want your research to be impactful and make change and ensure that those necessities
are there on a daily basis, you have to help make that research accessible to others. And I found
that, you know, being true and honest to others,
just as you know,
and putting yourself in the shoes of the asset owners
as you're talking about these issues
gets you a lot of respect,
even if people don't necessarily agree with you.
And that's something that I think
that's really, really important.
I mean, my goal is to retire in the next four or five years.
And maybe my work won't be my mark I leave on the world.
But heaven is the memories that you leave on earth.
And heaven only exists as long as those memories are present on earth.
So if you have family that remembers you or friends, that's your heaven.
That's your immortality.
And that's kind of what I want.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable. Thank you. AI agents connect, prepare, and automate your data workflows, helping you gain insights,
receive alerts, and act with ease through guided apps tailored to your role. Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.