5 Questions for Cybersecurity Expert Jaime Foose - Emerson Automation Experts

5 Questions for Cybersecurity Expert Jaime Foose

Emerson’s Jaime Foose joins our continuing podcast series, 5 Questions for an Emerson Expert. Jaime is an ICS cyber security expert, Director of Security Solutions and Lifecycle Shared Services. She helps power producers and water & wastewater utilities with programs and processes to improve their cyber defenses and the ongoing health of their distributed control systems & operational technology (OT).

Emerson's Jaime Foose

We hope you enjoy this podcast episode and will subscribe to the Emerson Automation Experts podcast series on your iOS or Android device.

Transcript

Jim: Hi, everyone, and welcome to another edition of “5 questions for an Emerson Expert.” Today, I’m joined by Jaime Foose. Jaime is a Director of Security Solutions and Lifecycle Shared Services in our Power and Water Solutions (PWS) business unit. Jaime received her bachelor’s degree in computer science with a minor in Mathematics, as well as also attaining an MBA and a Master of Science in IT project management. Wow. That’s an impressive academic career. Welcome, Jaime.

Jaime: Thanks, Jim. It’s great to be here today.

Jim: Well, it’s great having you. So I always like to start out because some of the courses, computer science, mathematics, and then some business and some IT, all in there. So what made you decide to pursue a STEM-based career?

Jaime: So, Jim, I’d always had an interest in computers, but my college career didn’t start out there. I started in another science field. Actually, because when I was in eighth grade, I had a teacher that had told me he didn’t think I’d be able to pass college-level calculus. And that had always stuck with me for a really long time, so much so that I didn’t pursue computer science. In the summers, when I was going to college, I worked for Kelly Temporary Services, and I ran into a lady that worked for a gas company, and I was working as an admin that summer. And I told her about my college background in history and this teacher that had really gotten in my head. And she really encouraged me to pursue my dream and really chase doing computer science. So I went back to school that fall, changed my major to computer science, made it through all the calculus courses just fine, and ended up finishing with my computer science degree, just one semester extra to do that. And then found that it led me here to Emerson. So it was a really fantastic change that I made.

Jim: Well, that’s a great story. It’s nice that there was a person along the way that spurred you on and overcame some negative about how difficult it was or whatever. I hope other people are a force of being positive with other younger people to encourage them along. So from there, I guess with that background, what led you to a career in the field of process automation, and I guess more specifically, in your area, cybersecurity for control systems?

Jaime: Sure. So when I first started, I don’t think I really even realized what industry I was getting into. I used the placement services of the university I attended for job placement and actually interviewed with Westinghouse at the time. And so, this was right when PWS had just been acquired by Emerson. And in my hometown, Westinghouse had a fantastic name. And if you got offered a job from Westinghouse, you took it. So I had this great interview with a great company. I didn’t really know all that much about process automation, but I knew it was a good company. And that’s how I joined. When I first started, I worked on communication interfaces, and just did a lot of different work in a lot of different areas, but always seemed to gravitate towards new things or things that were just a little bit more challenging or tricky. So in 2008, we saw a big increase in cybersecurity concerns around power generation.

And this was really in tune with when NERC CIP [North American Reliability Corporation Critical Infrastructure Protection] started making regulatory obligations, you know, requirements for power generators. And we started seeing this in the business and coming in through different requests for proposal. And so I took on that challenge to try to understand what exactly was going on in our industry. You know, for a long time, cyber had been a problem for financial industries and retail industries, but now was really hitting home in power. I felt like this was an area that I could dig into and really help, not only ease the burden for our customers, but also for our company as well. And that’s kind of how I ended up in cybersecurity realm.

Jim: Well, that’s great. And we’ll have a follow-on podcast, at some point, to dig more into that specific area. But for right now, tell us about a recent challenge that you’ve been working on to solve.

Jaime: Sure. So, a recent challenge that’s facing, not only our customers, but also Emerson as a whole is this idea of what’s called a Transient Cyber Asset. And so what that means, these are devices, computers, USB sticks, or other electronic equipment that come and go on the control system. So it might be like a maintenance laptop or the USB stick a field service engineer has in their pocket. In power space, our customers are now required to apply some base level security controls for those devices and implement them across their different systems to make sure that, for any devices entering into the control system network, there’s some core security controls. So, for our customers, that means they have to inventory everything, not only internally, but also systems that their vendors bring on site. And then make sure that their vendor systems are secured and able to work on the control system.

This is a really big challenge for us in field service area, because up until now we’ve been very accustomed to using our own Emerson provided laptops to perform this type of work. And we’ve been able to do this for upgrades or other maintenance activities. Now we have to figure out, not only how can we continue to do our job effectively and efficiently, but do it under these new controls and restrictions of using a Transient Cyber Asset. So, not only we’re working right now to figure out how that impacts Emerson and what types of things we can put in place to help our customers, we also have several jobs with customers right now helping them inventory their Transient Cyber Assets, and apply some basic cyber controls. The standard for this goes into effect on January, so we’re starting to really see a big uptick in concern around Transient Cyber Assets.

Jim: Well, yeah, that sounds like it really raises the degree of difficulty, just from, it’s one thing to secure everything that’s known and fixed and part of the control system, but when you have these electronic devices and USB sticks coming and going, that really sounds challenging and a meaty problem to be working on. So enough about all this about automation, cybersecurity, and all this. So once we get outside the world of process automation, what do you enjoy doing in your spare time?

Jaime: I have two little girls. They’re 9 and 10, so they really keep me busy. They love to swim, actually, we all love to swim, so we spend a lot of time at the pool, especially, it’s been pretty hot here in Pittsburgh lately, so we’ve been doing that. Also, spend a lot of time at the movies. We’re big Marvel movie fans. And so we’ve been busy this spring and summer catching up on all of that. And when we’re not doing that, we participate in Community 5K races as a family and with friends, now, whether we’re walking or running, just some community engagement, and trying to stay healthy. We do some volunteering as well with the Light of Life Rescue Mission for the women and children’s program. So I spend one Tuesday a month down there. And then we’ve also been working as volunteers with the Agapao Ministries, they are serving the refugees that have been placed here in Pittsburgh. So, some fun and volunteering and exercise all rolled into one, is what keeps us busy in the off time.

Jim: Wow. That sounds like busy. So staying healthy and fit, and volunteering your time, and all of that, that’s really great. And I guess the final of the 5 questions, we have a lot of newcomers joining our ranks both in our world of process automation and power producers, and other manufacturing industries, and everything else. So what advice would you have for someone new coming into the field, I guess, especially around the area that you see in cybersecurity?

Jaime: Advice I’d give to anyone new coming into this field or any field really is to follow your passion. Don’t let other people, you know, tell you what you can and can’t do. Certainly, set your mind to what you’d like to accomplish and work hard. I can’t stress enough, you know, being the hardest worker in the room and really putting your full self into it.

Specific to the field of cybersecurity or process automation, I think it’s actually a fantastic field where you can have an impact on the critical infrastructure of the world. When you think about the systems that we’re securing, you know, they’re helping to provide energy and water, and really maintaining our way of life as we know it. Every night when we go home, the air conditioning is on, the lights are on, we have clean drinking water. Securing those systems and making sure that they are protected from attack is really a noble, noble cause that people can join in and make a difference. And so, it’s an exciting field. It’s always changing. Every day there’s something new. And so for folks that are interested in staying up to date with the latest and greatest, and never getting bored, cyber and process automation is a great place to be.

Jim: Wow. It sounds like, yeah, everybody knows if the power is not making its way to their house, or there’s a problem with the water or something else. So, yeah, this may be the noblest of noble causes. Well, thank you so much for joining us today, Jaime, and I look forward when we do round two here in a little while.

Jaime: Thanks, Jim. Me too, looking forward to it.

End of Transcript

Visit the ICS Cyber Security section on Emerson.com for more ways to protect your distributed control system and other elements of your operational technology infrastructure.

Posted Monday, July 8th, 2019 under Cyber-Security.

Leave a Reply