Independent, Agile Expertise in Automotive Cybersecurity


Business Spotlight: November 2023

Auto Digest recently sat down with Scott Sheahan, a dedicated automotive industry veteran that has worked for OEM’s, Tier-One’s, and startups in roles ranging from controls engineering intern to product cybersecurity engineer. He has worn quite a few hats over the years, and gained insights into the industry along the way. This knowledge has laid the foundation for what is to come.

💡

I guess my story is one of personal discovery – I am trying to adhere to Ray Dalio’s advice on trusting myself and going on my own personal journey. Rustic Security is my medium to do that with what I love – Product Security. I feel like I know it best and as a service based business can provide a lot of 1st hand experience in product cybersecurity.

Humble Beginnings

During our online conversation via a Google meet, Mr. Sheahan was sitting in his newly constructed 2000 sq. ft. pole barn that he plans to turn into his basic office and lab. There was an otherwise vacant barn and a ladder behind him, symbolizing the work in progress that Rustic Security is. There was also a well-mannered dog that would occasionally stop by to check on our conversation… come to find out that dog’s name is Indy… and she is Scott’s trusted partner. The scene behind Scott represents where he and his company are at the moment. A blank slate, with lots of potential. A work in progress.

This lab he is in… it isn’t something he just found for a good price. He helped build it himself right outside of his house. On his blog he talks about using a nail gun for the first time in May of this year when he started to get some materials in to finish the inside of the barn.

Scott shared his thoughts on why he started his own consulting business, the challenges associated with doing that, and the value in sharing his story.

Not many can claim responsibility in contributing to the foundation of automotive cybersecurity. It is still a relatively new field, but has gained a lot of momentum over the years. Scott is looking to leverage this early experience to venture out on his own, working with clients around the world.

Into the Great Unknown

Leaving a corporate job with guaranteed income to take a bet on yourself and start your own enterprise is nothing short of scary for most people. You could lose a lot that matters to you. Knowing this, I asked him why he decided to leap from the safety of the proverbial nest and take flight into the great unknown. Scott’s response was rather simple: he was motivated to have a new challenge and was confident that consulting would provide that.

“I had thought about going out on my own for years, I had read business books and everything. I know embedded cybersecurity really well. I thought I could do a service based business to start, which would get me into the business world.”

It’s clear that personal independence is what spurred him to file the sole proprietorship papers. He had read business books for the longest time, popular titles like “Rich Dad, Poor Dad” and “Principles” stood there on his bookshelf, their lessons waiting to be implemented in the real world by some motivated individual.

“Really it’s about the creative freedom of being able to do whatever you want and not have to have your boss okay it. Like, when I went to go speak at some conferences some bosses would tell me to be careful about what I say and not to misrepresent the company. Sometimes it was too much.”

Mr. Sheahan started contracting on the side as a sole proprietor in 2022. He began by taking an hour off of work at his corporate gig, driving downtown, and filing the paperwork with his county office. He then drove to the bank and opened a business bank account. He felt like he was breaking the corporate rules… there was a level of tension in the air as he signed the papers. He admits that he hasn’t found his ideal level of “financial success” yet, but it seems his foundation is set to make something special happen in the time to come.

Pictured here is Scott next to his new business partner Indy, who has a passion for results and treats. Luckily she doesn’t bark orders too often.

David and Goliath

He has competitors, very competent ones. In our interview we talked about the environment of the industry he is in, and well, he does have some work cut out for him. Accenture, Deloitte, Pen Test Partners, NCC Group, IO Active are all searching for similar clients. These are competent and highly respected companies that also play their part in advancing automotive cybersecurity.

🛠️

The hardest thing for Scott right now is losing a contract proposal. But again, he says, through that process he is learning how to market Rustic Security, refine his proposals to focus on customer value, and gain the trust of his clients. He has been contracting about 12 months, with 5 of those being with Rustic Security.

However, Scott mentioned that most of these consultants lack first-hand experience whereas Rustic is more focused on TARA, requirements and system architecture, software architecture, and actually writing software.

I have first hand experience leading ADAS, Infotainment, Powertrain Controller, and Airbag Occupancy Sensor security… that experience brings the security features through manufacturing and into production.

Scott’s current workspace. Lots of cords, ambitious ideas, and dog toys.

The angle is that Rustic is very competent in the engineering side of the V model, which those larger companies may struggle with. Scott has seen it firsthand in projects he has worked on… large company consultants are great but lack that wholistic point of view that Scott aims to bring to the table. With a one-person technical team, Rustic is way more agile than any other players in the game, and customers can expect a direct relationship with the man in charge. Oftentimes that is impossible with larger companies.

Even Great Products Need Marketing

Enter Emma Stump, the new public relations manager for Rustic Cybersecurity and fresh graduate. She is bringing the marketing mindset to complement Mr. Sheahan’s otherwise technical background. Scott has struggled with “building a brand,” as many new business owners do. Emma, however, sees the value in showing the world what Rustic has to offer and knows the playbook on how to do it. One of Emma’s recent initiatives was a LinkedIn campaign to increase the following of Rustic by doing giveaways of books and money (who can argue with that). Of course the idea here was not just to get some likes and comments, it was to reach some new possible clients, build an audience, and get some leads. Well, it worked!

Trust, But Verify

When asked about what his core principals and what his business will never compromise on, Scott said:

  • Genchi Genbutsu – going to problems and solving them where they occur
  • доверяй, но проверяй or “Trust but Verify” – made famous by Reagan 

My first job out of college, I was a robot programmer. I had 2 electricians tell me a robot connector was wired correctly and they had checked it several times. I went to the connector and opened it up to find they were off by one on the pinout. In security, getting to the source code and looking at hardware spec sheets is the best way to practice those 2 values above. There are a lot of people who hide in abstraction and I like to cut that away as soon as possible.

A Vision

In our conversation, it was clear that Scott see’s a future where Rustic has more employees than just himself. His goal is to expand to 3-5 contractors within the next year and provide expert level automotive security consulting. He opened up about conversations with his mentors where they advised him to keep cash on hand for the tough times between contracts. He explained to me his reasons for being selective with his long-term clients and how that impacts his business. Mr. Sheahan admitted that over time he would of course have to add some overhead in order to get the proper equipment and technology to advance the capabilities that Rustic would offer clients.

Scott is realistic but hopeful about his future, expressing concerns about the economic climate both globally and here in the states (interest rates, anyone?). Dealerships couldn’t keep cars in stock during Covid if they wanted to, but now that rates are sky high sales are slumping because anyone with a normal amount of income is priced out of the market. He likes the implementation of ISO 21434 and how the industry is embracing cybersecurity. Scott expressed his opinion on EV’s and said that the transition to EV’s will be taxing on the industry… due to all the new engineering processes and infrastructure required. The canary in the coalmine is calling, but hopefully it’s a false alarm?



Source link

Content Disclaimer and Copyright Notice
Content Disclaimer

The content provided on this website is sourced from various RSS feeds and other publicly available sources. We strive to ensure the accuracy and reliability of the information, and we always provide source links to the original content. However, we are not responsible for the content’s accuracy or any changes made to the original sources after the information is aggregated on our site.

Fair Use and Copyright Notice

This website may contain copyrighted material, the use of which has not always been specifically authorized by the copyright owner. We believe this constitutes a “fair use” of any such copyrighted material as provided for in section 107 of the US Copyright Law.

In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. If you wish to use copyrighted material from this site for purposes of your own that go beyond fair use, you must obtain permission from the copyright owner.

Leave a Reply

Your email address will not be published. Required fields are marked *