Nozomi Networks’ Roya Gordon On Latest OT, IoT Threats: From Ransomware To Hacktivism

Roya Gordon, security research evangelist of Nozomi Networks talks about the company‘s latest OT and IoT Threat Report and her efforts to boost diversity, inclusion and belonging during a CRN interview for the Channel Women in Security series.

Roya Gordon, a security research evangelist for Nozomi Networks, started her career as an intelligence specialist for the U.S. navy.

It wasn’t until years later that she made the shift into cybersecurity as a control systems cybersecurity analyst at the Idaho National Laboratory.

She also made a career stop at Accenture before taking on her current role at the San Francisco-based company about a year ago.

Here’s a look at some of the interview she did for CRNtv’s Channel Women in Security series. During the interview Gordon discussed Nozomi Network’s 2022 year-in-review research report called “Labs Latest OT/ IoT Security Report: A Deep Look Into the ICS Threat Landscape” and her efforts to boost diversity, inclusion and belonging.

What are some of the top takeaways from the report?

I’ve written a ton of other things, contributed to other reports, but, this one, to me, was the most insightful because I’m thinking, “If I was an industry, how would this be valuable to me?”

Not only do critical infrastructure companies have to worry about nation state threat actors, China, Russia, Iran targeting them, You have to worry about ransomware threat actors.

And now we also have to worry about hacktivists, too.

So, noticing that trend in 2022, I thought it was important to put it in the report, so people know, eventually, it doesn‘t even matter, what the motive of the threat actor is, because they’re all using the same tactics and they‘re all causing disruption.

There were other parts of the report where we included telemetry strictly from our customer environment, strictly from our honeypots that you can‘t get anywhere else. And it was around how threat actors are targeting IoT devices and industrial control systems.

I watched some of the webinar that you presented at the end of January, and you said more attacks are happening with transportation and health care.

It makes sense to me that these are very vulnerable sectors. Rail, transportation, they don’t have a lot of guidance, which now we’re starting to see the United States come out with guidance to help them secure their assets. And then hospitals, they‘re focused on like patient care, patient data, and not necessarily the cybersecurity of the systems running the hospital. So, it really makes sense, but I do think that these attacks are highlighting the need for more policy in those industries, and we’re starting to see that.

Reflecting on the results of the report, what is your advice for customers moving forward this year?

So, I would say, take the report and then you can find -- we like to call it, “Actionable threat intelligence.”

We‘re putting in: These are the common credentials that threat actors are using to target devices. These are the common malware categories. These are the common alerts. These are the type of tactics threat actors are using. And so, when you look at the report now, you have an understanding of, “Oh, threat actors are targeting this way, then let me make sure I do the recommendations required to safeguard me from these type of attacks.”

And shifting gears a little bit, I know that you are heading the DEI initiatives at Nozomi. Can you talk about that?

Yeah, so I was really excited when they approached me last year, August 2022, to lead the diversity, inclusion and belonging team. So, we call it DIB. It’s like, OK, what can the organization do to help employees feel included? So, from an internal perspective, and externally, how can we collaborate with partners and customers that have D&I and do things together to educate other people and to increase diverse talent hiring?

I’ve been in positions where I was deemed not technical, not smart enough, not taken seriously, and there wasn’t really a culture that was kind of helping me flesh through that. So, if I can help create that kind of culture, that safe space for other diverse people in the company, then I want to do that. It doesn‘t matter how busy I am, DIB has to be my priority.

What advice do you have for other women navigating the cybersecurity space?

Be vocal because then you’re remembered. Once you have your own voice, you already know the work, you’re already smart, everything else is going to follow.