Manager, Cyber Risk Advisory
Ron is a manager and SME at Deloitte LLP as part of their Canadian Cyber Risk Advisory practice based out of Montreal, Quebec. He focuses on providing technical knowledge in the aviation security domain, selected ICS topics, and advises on a number of technical areas ranging from technical risk assessments, security architecture review, OT SIEM integrations, and control review.
Last year, Ron Brash previously was the CTO and co-founder of Atlants Embedded (AE), a technology consultancy that focused on a variety of embedded Linux systems and firewalls for use in the industrial domain. He and his team volunteered to develop the methodology and tooling required to deeply-anonymize copious amounts of packets and red-team functions for the exclusive S4 ICS security challenge in 2018. He is returning for S4x19.
As CTO, Ron had collaborated and managed several large projects, which included a cloud-connected industrial VPN appliance, modernization of existing platforms for security, and IIoT data aggregation. Among other services provided, AE specialized in making Free and/Or Open Source Software (FOSS) work in proprietary contexts, advanced prototyping for signal processing and packet analysis (EIP and a number of other protocols).
In another life, Brash was an embedded developer at Tofino Security and contractor to Belden USA for ICS/SCADA network deep-packet inspection (DPI) projects. Among some of the projects he had worked on were the Tofino Security’s SCADA security simulator, Tofino Xenon appliance, Intrusion Detection technologies (IDS) performance on embedded systems and fast user-space DPI methodologies. His Ms.Comp degree was a formal validation on dual-stack technologies versus hybrid protocol gateways for secure technology transitions using NETCONF & SNMP. He is also wrote a cookbook for Packt publishing Ltd.
On Tuesday eight ICS vendors will participate in the ICS Detection Challenge. They will be given ICS packet captures from a diverse set of actual ICS and be scored first on their ability to create an asset inventory. The second part of the Challenge is to identify cyber attacks and cyber incidents, inserted by the […]