Justin Searle

As the Director of ICS Security at InGuardians, Justin specializes in ICS security architecture design and penetration testing. He led the Smart Grid Security Architecture group in creating the NIST Interagency Report 7628 and has played key roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG), National Electric Sector Cybersecurity Organization Resources (NESCOR), and Smart Grid Interoperability Panel (SGIP). Justin is the owner of ControlThings LLC, a member of the SANS faculty, and an instructor at BlackHat. He has authored and taught numerous courses such as ICS410: ICS/SCADA Security EssentialsAssessing and Exploiting Control Systems and IIoT, Assessing and Exploiting Web Applications with SamuraiWTF, and SEC542: Web App Penetration Testing and Ethical Hacking. Justin also presents on a range of cybersecurity topics at leading security conferences across the globe.

More About Justin

Profile

Justin had his first professional experience with industrial control systems before he even graduated from college. While in school, he secured a full-time job working for an engineering firm building control cabinets for water treatment facilities. He graduated from Brigham Young University with a Bachelor of Science in Technology Teacher Education with an emphasis on Electrical Engineering & Computer Science. Justin gained industry experience in architecture, consulting, and security assessments in almost every industrial vertical there is, including electricity, nuclear, oil and gas, water, food manufacturing, automotive, aerospace, pharmaceuticals, chemicals, satellite communications, shipping yards, trains, subways, mining operations, micro-grids, and weapons systems. Career highlights include leading the Smart Grid Security Architecture group in creating NIST Interagency Report 7628 and playing key roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG), National Electric Sector Cybersecurity Organization Resources (NESCOR), and Smart Grid Interoperability Panel (SGIP). Justin also holds a Master’s in Business Administration from American Intercontinental University with an emphasis on International Business & Information Systems.

Justin caught the eye of SANS instructors in attendance when he was teaching his Assessing and Exploiting Web Applicatinos with SamuraiWTF course at the OWASP and BlackHat conferences. Justin had taken many SANS courses and been impressed with the faculty and their sense of mission, so it was an easy "yes" when the SANS instructors approached him to join the SANS team.

Justin brings enthusiasm to his teaching style and makes sure to keep the lessons anchored in reality. He sees connecting cybersecurity principles to real-life examples and their technical underpinnings as his most valuable contribution to students. While concepts and principles provide basic insight, they can only take the learning experience so far without connecting them to reality, particularly in the ICS field.

"ICS provides all the same technologies we find in normal IT companies but adds a plethora of additional technologies you can't find in IT," he explains. "It's like a never-ending playground of things to learn and explore without ever growing bored."

Justin's students attest to his teaching skills and dedication.

"You can tell he is passionate about contributing to cybersecurity education, especially in the ICS space," said a student from Justin's ICS410 course. "He explains his material very well and offers many real-world scenarios to bolster his point on each aspect of cybersecurity. The amount of resources he has dedicated his time to provide and keep current is amazing. Not just tools and documents, but communities to share knowledge and dissent."

Justin recognizes that one of the biggest challenges for those getting into ICS cybersecurity is gaining enough experience to get hired. Once you are working as an ICS security professional, the bigger challenge is convincing management to grow your team and deciding which defenses to implement to best protect your systems. Justin takes pride that students can immediately take what they learn in his class back to their team and put it into practice right away. Justin has developed many free assessment tools for the ICS community, including those related to serial devices, SPI, Velocio PLCs, Modbus, and I2C, all of which he shares in his courses. 

When Justin isn’t being invited to teach a custom class for the Dalai Lama’s IT Team (true story!), he’s often presenting at top international security conferences around the globe such as BlackHat, DEFCON, OWASP, (CS)2AI, Nullcon, Brucon, Toorcon, CanSecWest, PacSec, Hardwear.io, and AusCERT. He is also a faculty member of the SANS Technology Institute, an NSA Center of Academic Excellence in Cyber Defense and multiple winner of the National Cyber League competition. Justin works hard, but he knows how to play hard, too! He’s a licensed falconer (hunts with eagles, hawks, falcons, and owls), a SCUBA dive master, HAM radio operator, helicopter pilot, rock climbing instructor, gymnastics coach, competition shooter, gardener, cook, father, husband… and one of the nicest people you’ll ever meet!


PROFESSIONAL CERTIFICATIONS & ADDITIONAL CONTRIBUTIONS BY JUSTIN SEARLE:

PROFESSIONAL CERTIFICATIONS

  • GIAC Industrial Control Systems Professional (GICS), The SANS Institute
  • GIAC Web Application Penetration Tester (GWAPT), The SANS Institute
  • GIAC Certified Incident Handler (GCIH), The SANS Institute
  • GIAC Certified Intrusion Analyst (GCIA), The SANS Institute
  • Certified Information Systems Security Professional (CISSP), ISC2
  • Sourcefire Certified Professional (SFCP), Sourcefire
  • Security+ Certification, CompTia
  • Cisco Certified Network Associate (CCNA), Cisco Systems
  • Linux Professional Institute Certification Level 1 (LPIC1), Linux Professional Institute
  • Linux Certified Instructor, Sair Linux/GNU
  • Linux Certified Professional, Sair Linux/GNU

WEBCASTS

Scanners, Tunnes, and Sims, Oh My!, April 2019

Dealing with Remote Access to Critical ICS Infrastructure, February 2019

Understanding SCADA's Modbus Protocol

A Sneak Peek at the New ICS410, June 2018

... and several others throughout his career.

TOOLS