Career Notes 12.20.20
Ep 29 | 12.20.20

Robert Lee: Keeping the lights on. [ICS]


Robert Lee: Hi, I'm Robert Lee and I'm the CEO and co-founder of Dragos. My earliest memories weren't related to security or computers at all. My mother and father were both enlisted Air Force folks and they ended up retiring after 25 years of service each. And my earliest memories were around planes and Air Force and, man I want to be like my dad.

Robert Lee: And credit to my dad, he tried to push me away from that, "Hey, go be a lawyer, go do something different than I did, son. Don't don't join the military. Go do whatever." And you couldn't talk me out of it. So that's the direction I went and ended up going off to the Air Force Academy and then commissioning into the service. But, you know, I always liked computers and I always played games and been a computer junkie, but it wasn't and it wasn't as drenched in it as a lot of other people in our community. It wasn't until I got into the Air Force Academy that the topic of computers became interesting. And it was only that they became interesting because of industrial control systems. So I was into industrial control systems and working with water filtration units and wind turbines and similar, heck, even getting from the Air Force Academy perspective, getting access to control systems that were on planes that were being developed like the F22 and seeing the engine work, like the engineering of it, that was my draw before computers or computer security ever was.

Robert Lee: Even today, when I look at security as a whole, the idea of protecting data or information, it's a very important thing that does not interest me at all. To me, the interest is in things that impact the physical world around us. And that's very exciting to me. And so I joined an organization called Engineers Without Borders and ended up going to Cameroon and doing humanitarian work there. And it was been building water filtration units and wind turbines to store electricity in car batteries to provide lights for folks so they could continue to work into the evening and be more productive. And that idea not only of the physical world around us, but this ability for control systems to make life better for people. You know, that's that's something really, really special.

Robert Lee: We try to focus on identifying what people are doing bad and helping people understand how to defend against that while also thinking of the art of the possible so that we can get ahead of the challenge and doing that in a system of systems world where everything is connected, everything is impactful, and a lot of the security and insights and protections or whatever were developed on a system level. But the moment you start deploying things and a systems of systems context like we do in industrial control systems, all that goes out the window and we get to be the puzzle makers that sit there and document what others have done and come up with new ways to do it and make sure that we're empowering folks to go keep the lights on, the water running, the manufacturing goods producing and the Acela running on time.

Robert Lee: I tend to believe that anybody can do anything, and I don't think you have to do one path, but I do like the idea of bringing something to the table to get started. And so that might mean maybe starting out in IT before you pivot into security, or maybe it means starting out in control systems before you go into security or starting out in security before you go into control system security. But I want to be careful that folks that want to start out have a community and have a foundation of knowledge available to them so they don't get discouraged. Find something that drives you from a passion perspective. Maybe it's network security, Maybe memory security. Maybe it's the physical process of electric transmission. But do that first, then let's talk about the other piece of it and form it together. My hope of what I'm doing at SANS, what Dragos is doing, what our community is doing, what I'm hoping as we move it into a foundational topic so that five, ten years from now people do walk directly in ICS security because it's more documentation, a common language, a professionalization around it. It's more accepting and capable for someone new to start out in kind of a sandbox versus, you know, no floor underneath you, no ceiling above you.

Robert Lee: I think a lot about my son and I want my son to grow up in a community that has safe and reliable electric power and water and and transportation and similar, and today that would be true. Our actually our infrastructure is pretty awesome. We have some of the most safe and reliable and affordable infrastructure in all of history. The problem is the trend that we're on. That trend doesn't look so good five to 10 years from now. I would love to make it impossible to kill people through cyber industrial environments. I think that's an achievable goal. It's a hard one, especially with the trend of the community. But I think it's achievable and I would like to leave the world in a better place, but definitely no worse for my son.