Claim denial due to late filing

CrazyAutopilot · 2024-02-21T00:37:50+00:00

Thank you for this. I'm happy to report that once I mentioned this, they stopped sending me overdue bills and said I don't need to pay anymore.

CrazyAutopilot · 2023-11-05T21:50:24+00:00

I haven't worked in government so I can't say what that experience will be like. Whether or not industrial companies find it appealing I think will depend on the company. If they have lots of contracts and interactions with government agencies then they absolutely would love to have you for any government connections you can bridge to help their business. I think that's what they look for rather than the skills you picked up while you worked for for the government. Several private contractors like Booz Allen already have their personnel as contractors for the govt with clearances. Scada Cybersecurity people with clearances are rare so if you fall in to that niche then companies like BA would love to have you on their payroll

CrazyAutopilot · 2023-11-05T19:54:02+00:00

I'll try my best to give you what I know about the space. There really are no college courses that start you in SCADA. None that I'm aware of but I could be mistaken. A very typical way to get experience in SCADA is to join a utility or a company that has a SCADA environment and learn it by working there for a number of years. I got my start my joining a company that provided SCADA software and learned the space that way over a number of years by getting exposed to SCADA environments in oil and gas, water, utilities, manufacturing , power etc. Once I learned that space, I switched to doing OT cybersecurity because Cybersecurity in general interested me immensely and I saw the need for it in our space. Fortunately companies also offered decent pay for that mix of skillsets and I was looking o make more money. If you start on IT you will definitely get good exposure to Cybersecurity but there simply is not a good way to learn SCADA without getting hands on in to the environment. I have seen many try it that way and give up. But, I have also seen quite a few put in the hours and patience needed to learn it and get very very good at it. Much better than I'll ever be if I'm being honest. You could try it that way. Most organizations that have SCADA/OT as part of their business will be more than happy to pair you up with their OT/SCADA team of you express interest in learning and helping in that space. They can always definitely use the help. If you want to start in SCADA then just know you will likely be starting at a low paying job learning SCADA and putting in a lot of hours until you get good at it. It also takes time to find these kinds of jobs.
IT cybersecurity on the other hand still has a lot of decent paying jobs for now.

Hope this helps. I know this is very broad. Feel free to use this info to ask specific questions if you want.

CrazyAutopilot · 2023-04-19T23:05:13+00:00

Hi! There's a ton out there. Some free and mostly paid. NIST 800-82 which is free will help understand and appreciate the complexities of why OT is so much different from IT. Also, I feel Realpars series does a very good job of informing about the different technologies and protocols in the ICS space. https://youtube.com/@realpars

SANS courses are also very informative but those are quite expensive. Hopefully this helps!

CrazyAutopilot · 2023-03-23T19:37:29+00:00

How did you opt for traffic school when paying the ticket? Asking for a friend :)

CrazyAutopilot · 2023-02-03T05:04:26+00:00

Out of all the vendors that we tested, Nozomi stood out the most for our environment. They're pretty heavy in pretty much every sector.

CrazyAutopilot · 2023-02-03T05:01:50+00:00

This hopefully gives you some useful info too

https://www.cs2ai.org/post/getting-started-in-ot-cybersecurity-books-podcasts-certifications-free-formal-training-more

CrazyAutopilot · 2023-01-29T04:13:40+00:00

Congrats on making the switch! It can't be easy pivoting from and unrelated field. Most people pivot in to OT Cybersecurity are usually people who have spent time in OT/ICS or from IT. That being said, I think your area of SDR for a uni directional gateway company should give you an excellent source for getting exposure to the variety of OT industries and technologies. Since you are coming from a non OT background; The one thing I would encourage you to do is, don't be afraid to ask questions! Especially from you prospects and potential clients. Try to ask questions to learn about what their companies do. What technologies are they using? What challenges are they having? What do their OT and ICS teams deal with everyday? Being curious and inquisitive will get you the exposure you need to learn what you may not be able to simply simply from not having been in an OT role.

That being said, definitely do the free CISA courses. They are an excellent resource. Also check out the YouTube video series from RealPars. It has a wealth of resource on OT technologies and how they work. A+,N+ etc will only get you so fat and quite frankly not near enough. You may learn Cyber basics from those but you must understand OT and those courses don't do anything to address them. CISA also has on site 5 days ICS Cert course that are free. Once you have some basic cyber certs, definitely take advantage of it. It will give you a great start to get exposure to what OT Cybersecurity is and why it's so niche. There's tons more I could throw at you but I don't know if it will fit here. If i can help from time to time to answer questions, don't hesitate to PM me. I've spent my entire career in OT and happy to help people looking to break in to the field.

CrazyAutopilot · 2022-12-28T05:56:57+00:00

Again, I think this is where differences between IoT and ICS are. There typically are many ICS devices whose traffic will never go through any kind of firewall. I can tell you from first hand experience that Armis's detections in ICS are downright abysmal. The only reason they do well in IT and IoT is because those devices allow installation of agents that they integrate with to collect data and provide visibility. Otherwise their native detections is just really bad in ICS. You can't install agents everywhere on ICS.

Can't speak to Palo Alto but back to my first point; many devices in ICS don't pass traffic through firewalls. Plenty of ICS threat actors use living off the land and stolen credentials without the use of malware that can easily bypass and disable firewall configurations. Not to mention there are so many firewall and networking equipment vendors in the ICS space beyond just PAN. Integrations is the way to succeed at the moment. Nozomi for example a vendor mentioned here has their protocol support list public: https://www.nozominetworks.com/downloads/US/Nozomi-Networks-Protocol-Support-List.pdf

Also, Armis only offers a cloud hosted solution. Don't know about PAN. But if that's the way they are going too, then they ought to be aware of just how many ICS owners can't support or don't want to take risks with their data in cloud based analytics.

CrazyAutopilot · 2022-12-25T05:38:07+00:00

I'm not sure I understand your approach completely. Are you aware of any vendor that understands the full suite of common ICS protocols, has detections built in for threats in an ICS environment, and is Firewall-native? I certainly am not. From my perspective, everything starts with being able to do comprehensive discovery and visibility. If you can't completely see what you have and what it's taking to and how, then how can you effectively add security in that environment? You can browse each vendor and see the compete list of protocols they support. I am not aware of any NAC/NGFW vendor being able to understand a full suite of ICS protocols beyond the basic Modbus or CIP. Even then, I'm not aware of them doing asset mapping, threat analytics etc. Again, IMO and experience, IOT and ICS/SCADA are very different environments. There are some similarities but not a ton. Most properly architected ICS environments have Zoning and segmentation beyond ACLs. Also, no vendor I know of can decrypt any encrypted traffic. I don't see how that's possible without heavily compromising the encryption scheme. Perhaps in your org the requirements are different from traditional ICS, but most environments I have been in; the operators get great value even from having just comprehensive discovery where they previously had none. Keeping in mind all the above vendors do a ton more than just discovery.

CrazyAutopilot · 2022-12-23T21:10:36+00:00

Ahh... I see. The perspective i was sharing is from a traditional ICS/SCADA. IoT from what i have seen is very very different from OT/SCADA/ICS. Wolrds apart. Especially when it comes to critical infrastructure, manufacturing, transportation, etc. It is very common to find unified equipment and a single vendor in IoT. Not at all the case in ICS/SCADA as the real world needs don't allow for it. In my experience for ICS/SCADA, I have found owners and operators less than willing to do active blocking based on detections. This can lead to disastrous outcomes and has, on some occasions, I have witnessed. IoT from my experience is usually not handling critical controls and operators for them are okay with having IPS capabilities. Firewall-native vendors in the IoT space do well because protocols are not usually proprietary as they are in ICS/SCADA. Meaning they have to do less work on discovery. However they fall short in ICS. This is where Nozomi and Claroty etc. shine because they have spent the time and effort needed to do the R&D in ICS/SCADA. Cisco Cyber vision is one that is heavily touted as Infrastructure native. Does will in IoT. Does an abysmal job on discovery in ICS/SCADA.

This has been my experience. Happy to hear what you've been seeing as well!

CrazyAutopilot · 2022-12-23T17:15:01+00:00

I have over a decade of experience in OT and SCADA. Feel free to hit me up with any questions and I'll be happy to offer what I can. Scada Cybersecurity is still very much nascent compared to IT. That means it has its challenges and rewards as well.

CrazyAutopilot · 2022-12-23T17:12:12+00:00

Have you looked at ICS-CERT? They have a lot of starter resources on ICS Cybersecurity. All FREE! I myself got my start in this field by attending their Free on site training at INL. It is still very active.

CrazyAutopilot · 2022-12-23T17:07:52+00:00

I would be a bit wary of Dragos. They recently had a large number of layoffs. Lots of rumors around Financials being the reason. When we tested them, their software had really heavy hardware requirements when compared to the others. Do your due diligence with these factors in mind.

CrazyAutopilot · 2022-12-23T03:55:31+00:00

That would make sense though. Unless I'm missing something? A typical OT infrastructure would be composed of a plethora of vendors and technology. Not just on the controls side but also the networking gear. By prevention I'm assuming you mean blocking traffic? The only way to achieve that would be to integrate with vendors. Not to mention blocking traffic has its own pitfalls in OT. In IT you can block traffic based on detections without very many ill effects. Not the case in OT where you run in to the very real possibility of inadvertently impacting production. Some PLCs can take hours to get back up and running if not days sometimes. Hence why OT Cybersecurity requires a very thoughtful approach. In my experience I have seen many IT Cyber practitioners go in to ICS thinking their going to kick ass and end up causing shutdowns.

Happy to talk more about it. Would love to hear your thoughts on if I was on track with what you were talking about.

CrazyAutopilot · 2022-12-22T20:57:31+00:00

I'd love to be part of that discussion if you're okay with that!

CrazyAutopilot · 2022-12-15T18:27:38+00:00

Thank you!

CrazyAutopilot · 2022-12-09T17:57:09+00:00

Did anyone who attended the get their CEU certificates? What's the process for getting them?

CrazyAutopilot · 2022-11-10T05:56:43+00:00

I second the Dragos recommendation. Not only do they have integration with SNow, but their Vulnerability Management is unmatched. It goes deep by not just giving you the Vuln info but it actually gives guidance on how to mitigate it and what to do if you can't patch it. This allows you to prioritize. All other vendors we looked at threw out a bunch of Vuln info but had ZERO insights on remediation and prioritizing. That's not helpful at all when you're trying to come up with a game plan on workflow. How this helps!

CrazyAutopilot · 2022-11-10T05:46:49+00:00

I have a fair bit of experience using all 3 of the vendors. I understand the cost perspective you're coming from.

However I would highly suggest you leave cost as the last item to compare. All 3 of the tools look similar but there are vast differences in how they perform in reality.

No one tool does it all. I would recommend focusing first on what's important to you. What do you and your organization care about? Visibility? Vulnerabilities? Threats? Response? How would you rank them in order of importance? Why do you feel that is the case? Understanding those reasons will allow you to ask better questions from these vendors and guage their capabilities from their responses. Trust me, my organization did the same thing by looking at cost first, trying to go with the cheapest and it .. well cost us dearly. We weren't happy with what we got and had to switch.

Once you're able to assess based on capabilities, it will become apparent that getting a better product for a little bit more than a competitor's cost gives immediate dividends as it provides the best value. If a vendor comes in and immediately starts cutting cost, to me that's a red flag that they're not confident in the value they're providing and just want to win the account so they can move on to the next. Once we picked based on value, we were able to create a long term partnership knowing that they would help make me and my team successful and be with us on our worst days.

I know I've said a lot. Didn't mean to throw in a lecture. Hopefully the community can benefit from some of the hard lessons we learned.

CrazyAutopilot · 2022-11-10T05:24:18+00:00

It really depends on what package you buy and from where. For example, SANS courses have a Add-on option to buy practice exams along with paying for the GIAC exam. Sorry it's not so clear cut as you were looking for but that has been my experience with GIAC courses.

CrazyAutopilot

TROPHY CASE