Skip to main content

Why ICS security startup Dragos’ CEO puts a premium on people not profits

Written in its company’s handbook, there’s one rule for working at Dragos. “Don’t be an asshole.”

“The first key to our success is our people and that we hire good people,” said Robert Lee, the company’s founder and chief executive, in an interview with TechCrunch. “I think building a successful team is about having a standard and saying that I expect you all to be adults and not need a million HR policies,” he said.

Lee’s management approach revolves around his company’s greatest asset — his staff. With 125 employees, the company has seen rapid growth since its founding in 2016 but puts great importance on maintaining the company’s relaxed but productive culture.

Lee said he doesn’t want to change its culture dynamics by growing too fast, micromanaging, or burdening his staff with strict expense policies. “If you’re stuck laid over at night, but you see there’s one seat left on a redeye and it’s a first class seat that’s going to cost six times more but it gets you home — go for it,” he said.

But he doesn’t compromise on his “don’t be an asshole” rule. “Say something sexist and a Slack channel? Yeah, you’re fired,” he said.

Lee founded Dragos after working as a former cyber warfare operations officer at the National Security Agency. Dragos works to secure industrial control systems (ICS), the necessary devices crucial to the continued operations of power plants, energy suppliers and other critical infrastructure.

Lee described ICS security as “all of the things in I.T. plus physics.” In other words, it’s about finding the threats targeting critical infrastructure facilities and understanding how the hackers work in order to stop hackers from controlling the gas turbines in power facility, for example.

Once a plot from a science fiction film, powerful malware like Stuxnet and Triton have emerged in recent years and targeted facilities — with near-disastrous consequences.



from TechCrunch https://tcrn.ch/2EFP1Xx

Comments

Popular posts from this blog

How To Play Doom – And More – On An NES

Doom was a breakthrough game for its time, and became so popular that now it’s essentially the “Banana For Scale” of hardware hacking. Doom has been ported to countless devices, most of which have enough processing ability to run the game natively. Recently, this lineup of Doom-compatible devices expanded to include the NES even though the system definitely doesn’t have enough capability to run it without special help. And if you want your own Doom NES cartridge, this video will show you how to build it . We featured the original build from [TheRasteri] a while back which goes into details about how it’s possible to run such a resource-intensive game on a comparatively weak system. You just have to enter the cheat code “RASPI”. After all the heavy lifting is done, it’s time to put it into a realistic-looking cartridge. To get everything to fit in the donor cartridge, first the ICs in the cartridge were removed (except the lockout IC) and replaced with custom ROM chips. Some modifica...

Try NopSCADlib for your Next OpenSCAD Project

Most readers of this site are familiar by now with the OpenSCAD 3D modeling software, where you can write code to create 3D models. You may have even used OpenSCAD to output some STL files for your 3D printer. But for years now, [nophead] has been pushing OpenSCAD further than most, creating some complex utility and parts libraries to help with modeling, and a suite of Python scripts that generate printable STLs, laser-ready DXFs, bills of material, and human-readable assembly instructions complete with PNG imagery of exploded-view sub-assemblies. Recently [nophead] tidied all of this OpenSCAD infrastructure up and released it on GitHub as NopSCADlib . You can find out more by browsing through the example projects and README file in the repository, and by reading the announcement blog post on the HydraRaptor blog . Some functionality highlights include: a large parts library full of motors, buttons, smooth rod, et cetera many utility functions to help with chamfers, fillets, precis...

The Newbie’s Guide To JTAG

Do you even snarf? If not, it might be because you haven’t mastered the basics of JTAG and learned how to dump, or snarf, the firmware of an embedded device. This JTAG primer will get you up to snuff on snarfing, and help you build your reverse engineering skills. Whatever your motivation for diving into reverse engineering devices with microcontrollers, JTAG skills are a must, and [Sergio Prado]’s guide will get you going. He starts with a description and brief history of the Joint Test Action Group interface, from its humble beginnings as a PCB testing standard to the de facto standard for testing, debugging, and flashing firmware onto devices. He covers how to locate the JTAG pads – even when they’ve been purposely obfuscated – including the use of brute-force tools like the JTAGulator . Once you’ve got a connection, his tutorial helps you find the firmware in flash memory and snarf it up to a file for inspection, modification, or whatever else you have planned. We always apprec...