To help provide a flavor of the insights and experience that Tripwire makes available, we’re conducting one-on-one interviews with several Tripwire in-house experts. You may have seen some of their bylines in Belden’s industrial blog over the past couple of years, but in this new series we want to provide a more direct glimpse into each expert’s individual industry purview. Each of them will discuss their own personal views on the current state of cyber security in the industrial environment. You’ll learn more about how they have been working with Belden industrial customers to help bolster their network security and optimize their uptime in today’s challenging environment.
Last time we sat down with Brian Jackson. In today’s interview, we feature Tripwire cyber security expert Randy Esser. Please feel free to ask Randy any questions or start a conversation by emailing him at firstname.lastname@example.org. He and all his Tripwire and Belden colleagues are always at your service.
What roles have you had at Tripwire and earlier in your career?
Most of my career at Tripwire has been related to customer-focused product training. When a customer purchased Tripwire Enterprise or other cyber security products, I would go onsite, providing very hands-on and detailed training to make sure that their people understood the product and what it could do for them. More recently, I’m using that experience and insight in my new role as a Sales Engineer, or what some might think of as a Systems Engineer, again very customer facing and acting in a strongly educational role, primarily for customers in an OT environment. Before that I was at other computer/technology related companies after serving 11 years as an Intelligence Analyst in the U.S. Airforce. And I worked retail, selling computers and technology at Comp USA as well.
Do you think that your military experience had a strong bearing in your current career?
Definitely. It was my main entree into the tech world, but more specifically my role provided a real analytical foundation into recognizing and countering threats. I was helping to protect our fliers during the Balkans conflict, using intelligence to anticipate what an adversary might do and work to counter their actions. It was an eye opener for me as to what it's like when adversaries are aggressively out to find your vulnerabilities and exploit them for their own ends. The life and death stakes in the military makes the work even more urgent of course, and it’s hard to compare, but nation-state threat actors are increasingly involved in cyber attacks. Critical infrastructure and even safety systems are increasingly in the cross hairs, so the stakes are rising every day in OT. There are very serious dangers out there, and I feel that I got a good understanding from intelligence work as to what cyber threats look like in any environment.
How do Tripwire products help you share those insights with customers?
Well, often, threats appear in the form of a change of some kind. Like someone modified something in the network, purposely or accidentally, insidiously or benignly. That’s a valuable indicator, but without sophisticated tools of some kind, it is impossible to manually identify all the changes going on, much less understand them, in a complex network. So automatic change detection capability is a big part of what I like about Tripwire products, and I attempt to delve deeply into that with my customers. If there's a change in their network—a vendor or employee or even an unknown actor updated something, or a security protocol has suddenly been modified, or a function algorithm or a password is changed or new super user added, it gets flagged and they know about it. And they get as much forensic detail as they want as to what happened, who did it and when. So they can take the appropriate action right away. I show them that and it makes an impact. They say “Wow! It can do that!? With that level of detail!?” It’s very impressive and makes me feel good when they can see the specific value to their operation.
How has the Belden acquisition of Tripwire and the teaming of the two companies impacted what you do?
It is leading to better integration between our products and win-win opportunities with traditional Belden customers on the OT side who are often not as experienced with cyber security matters as IT customers and utility customers who are driven by regulations. I like it because it gives me an opportunity to dig into all my skill sets—even going back to working with the public at Comp USA! I saw very clearly that when something highly technical is new and less familiar, it can be overwhelming to get your head around at all, much less really grasp in a practical sense in order to get maximum benefit. And that’s true whether it’s a new computer or a cyber security strategy. So I work to think from the customer’s point of view, work to understand their needs and put things in familiar terms. Too many times, being overwhelmed can lead to inaction, and when it comes to something as potentially dangerous as cyber security vulnerabilities, that is not a good place to be. I understand that for many OT customers cyber security is something that they didn’t have to worry about before and now here's this whole new hat they have to wear that didn’t exist before. And I find that exciting and interesting to approach because I can see the real value I'm bringing, watching them see the benefits they are getting to really bolster the security of their critical infrastructure. I can help them wear their new cyber security hats—hopefully proudly!
What do you see is driving OT operators to seek cyber security solutions on the plant floor?
As I noted, utilities have regulatory fines to motivate them. Other Industrial customers don’t, at least for now. But I think that they are starting to see that big productivity losses due to a cyber event can often be just as impactful as government fines if not more so. So most are understanding the need—and hopefully NOT only after they’ve suffered an incident, as has happened to so many. Also, many are realizing that operational benefits they are implementing can increase cyber security threats. Like the benefits in time and cost savings of providing vendors with remote access are terrific—but they also lead to the side effect of increasing cyber vulnerability. The good news is that you can have these benefits and still be protected by enhancing your security posture in tandem, and so get the best of both worlds. But you have to be aware of it and take the appropriate action. And it’s not difficult to do but again you have to be aware to do it. Helping to build this awareness I think is the current challenge for companies like Tripwire and Belden, and it’s where my colleagues and I are placing major focus. We’re doing demonstrations and proof-of-concepts and explaining how things work onsite and the benefits they provide. I hope I am seen as someone who can be a partner and make the complex easier to understand and benefit from.
- Industrial Cyber Security Experts At Your Service: A Conversation with Tripwire's Brian Jackson
- Cyber Security Experts At Your Service: A Conversation with Tripwire’s Robert Landavazo
- IT/OT Convergence Means Greater Resources for Both
- IT-OT Convergence and Conflict: Who Owns ICS Security?
- The Human Attack Surface: The Weakest Link in Your ICS Security
- A 1-2-3 Approach to Industrial Cybersecurity
- ICS Security: Essential Firewall Concepts
- Three Ways to Improve Your IP Network Security
- SCADA Security: Securing DNP3 Communications with Defense in Depth
- Belden Industrial Cyber Security Solution Webpage
- Reference Architecture
- Industrial Cyber Security for Dummies
Randy Esser is a Tripwire Security Sales Engineer with experience in professional services, education and training, and military intelligence. He has also been a Graduate Cybersecurity Professor at Capitol Technology University, a federally recognized National Center of Academic Excellence, for nearly 20 years.