How Joe Marshall helps defend everything from electrical grids to grain co-ops across multiple continents
Joe Marshall was a security practitioner before he even knew it.
Marshall started his career in information technology as a systems administrator. On the surface, he jokes that he was a “white-collar plumber” — fixing IT issues as they arose, handing out new credentials and asking users if they had tried turning something off and back on again.
But while he served in these roles across multiple companies for about 10 years, he became familiar with cybersecurity almost by accident.
“When you’re in IT or sysadmin, it’s not just ‘something’s broke, I’m here to fix it,’” Marshall said. “You have to create accounts, worry about password securities, updating critical patches — you don’t think of yourself as a security practitioner but that’s actually what you’re doing every day.”
His work today, though, is a far cry from having to provide hands-on support for someone’s broken email system.
Marshall is a senior security strategist for Talos’ Strategic Communications team, specifically focusing on industrial control systems. He spends most of his days talking to customers, users and industry leaders informing them about the latest security threats facing large industrial systems — think grain co-ops, electrical grids, manufacturing facilities and water pipelines.
He first got into the ICS space by working as a cybersecurity architect for Exelon, one of the largest public utility companies in the U.S. Prior to his time at Exelon, Marshall jokes that he knew nothing about ICS or operational technology, but he soon found that these systems had more in common with the systems he was used to working with.
“IT and OT [operational technology] is 95% one and the same, it’s just how they’re deployed and managed,” Marshall said.
Prior to joining the Strategic Communications team, Marshall also spent time with Talos Outreach publishing new research, and for several years led his own team of researchers who were specifically tasked with finding vulnerabilities and new security threats in ICS systems, internet-of-things devices and other products that are vital to critical infrastructure.
All this experience has given him a greater appreciation for public utilities across the country and the workers who ensure that everyone has basic needs delivered to their home like water and electricity. He’s gotten hands-on at site visits and conferences with electrical grids responsible for serving thousands of households and has even become familiar with the agricultural industry, speaking with grain co-ops and farmers who are asking about threats to their OT processes that help them process their various products.
“I’m never coming in with sunshine and smiles saying, ‘everything’s cool, nothing to worry about,’” Marshall said. “That would be doing a disservice. I'm coming in to tell them how they can make their processes more resilient. To do that means you, as the presenter need to do your homework. You need to understand the basics of crops or how, say, a dairy farm works and what technology stack they’re working with.”
That’s specifically come into play in Ukraine, where Marshall has spent time on the ground with defenders and infrastructure managers to help strengthen the security of the country’s power grid and agricultural supply chain. This has become even more important during Russia’s invasion of Ukraine, during which Russian military forces have launched kinetic and cyber attacks against critical infrastructure.
Marshall said he is always in contact with friends and colleagues there, providing advice to improve their cyber defenses.
“It’s different when you’re looking at Ukraine because every day, there are so many tragedies that occur. I’ve been there. When you see a building that you’ve been in, or you know your friends are in, and you see it get hit with a missile, it rocks you,” he said.
Knowing how devastating cyber attacks can be on critical infrastructure around the world is “pretty sobering knowledge,” Marshall said, but he actively tries to avoid catastrophizing or always putting worst-case scenarios out into the world. Despite many headlines around the dangers of cyber attacks on the U.S. power grid, Marshall jokes that critters like snakes and squirrels have caused more power outages in modern history than cyber attacks.
“Have more faith in the resiliency of your critical infrastructure,” he said. “You have so many smart people talking every day about how to make our infrastructure more resilient and more powerful. Never fear, you have smart people working on it. Even if you’ve lost power, people are working to bring it back.”
Given the high-stakes environments he often works in, Marshall said he tries to unplug and step away from work frequently to decompress and step back — often by playing video games or practicing playing the banjo. Marshall is a proponent of talk therapy and encourages everyone in the security community to reach out to their support systems to avoid burnout.
“We're constantly sitting on knowledge that no one else knows about, and you’re constantly thinking about what the consequences could be,” he said. “Humans are humans, and we all have different thresholds that we crack under. If your cup is very full, and something pours in, something has to pour out.”
Outside of Talos, Marshall also works with the non-governmental organization NetHope, which helps other non-profits embrace and adapt to new technologies. He specifically is working with electric utilities in Ukraine to make their grids and networks more resilient and hopes one day “we can reinvent the way grid resiliency is thought of.”
He likes to embrace the fun side of security, too. Marshall led the team that created “Advanced Persistent Thirst,” a kegerator that currently resides in Talos’ Fulton, Maryland office. Marshall’s team the keg several years ago that had several interconnected ICS devices. He and his team brought it to different security conferences, offering a job interview (and even hiring them) to anyone who could hack into the kegerator to make it dispense beer.
Even if he’s introducing ideas around cybersecurity with a keg, pun or meme in a presentation, Marshall said his goal is to always make whoever is listening “a better student of the game.”
“People are going to be your biggest and best asset. Technology is not going to solve your woes alone,” he said. “Having smart people and letting them do smart stuff and getting out there, is hands down the biggest leap you can make.”