Skip to main content

About

About Cutaway Security
#

If you run an industrial operation, you have to prove your environment is secure to a board, an auditor, an insurer, or a regulator. You have to do it without disrupting the process or putting safety at risk. Most security help was built for IT and does not fit how your operations run. That is the problem we solve.

Cutaway Security is a veteran-owned ICS/OT cybersecurity consultancy. We work with operators across critical infrastructure, including electric and energy utilities, oil and gas, natural gas, water, chemical, food and beverage, warehousing and distribution, and amusement and attractions. Every engagement respects continuous operations and operational safety, and produces prioritized, actionable findings aligned to how your process actually runs.

Who Leads the Work
#

Engagements are led by Don C. Weber, Founder and Principal Consultant. His work covers four areas. He tests environments the way an adversary would, with the discipline an OT environment requires. He helps defenders prevent, detect, respond, and recover in ways that fit how their plants run. He researches devices, protocols, and AI-driven attack techniques so teams understand what they are facing. And he teaches.

Don co-authored SANS ICS613: ICS/OT Penetration Testing and Assessments, is a SANS Principal Instructor for ICS410, and instructs for ControlThings.io. He is an ISA-certified ISA/IEC 62443 Cybersecurity Expert and holds the GICSP, GCLD, GSTRT, and NACD Cyber-Risk Oversight certifications. He is a member of IAAPA and contributes to the ASTM F24 committee cybersecurity effort for amusement rides and attractions. He has presented at Black Hat, DEF CON, ShmooCon, Wild West Hacking Fest, the SANS ICS Summits, and NRECA. See Publications for white papers and talks.

How We Work
#

Four disciplines define our approach to securing industrial environments.

Aggressors

We look at your technology the way adversaries do, searching for the unintended uses, the overlooked paths, and the creative misuse of what was built for another purpose. We do not design industrial processes, but we know how to find the paths through them that others would exploit. Authorized penetration testing and bench testing, conducted with the discipline an ICS/OT environment requires.

Defenders

We help teams prevent, detect, respond, and recover cost-effectively, in ways that fit how your operations actually run. Our offensive work feeds directly into stronger defenses. We focus on implementation issues rather than vulnerabilities, because the devices and solutions in your environment were chosen for a reason. And we threat hunt, looking for what adversaries may already be doing, to shrink the gap between detection, response, and protecting operations.

Researchers

We pull apart devices, protocols, and technologies to understand how they actually work. What we learn goes back to clients, vendors, and the broader community so people can see what they know about their environments, and what they do not. The goal is better decisions across every phase of operations. Many vendors, and too many integrators, miss the minute technical details that have the biggest impact on operational risk. We help teams find and address those details.

Instructors

Knowledge spreads beyond the classroom. Teaching ICS/OT cybersecurity concepts around the world makes industries stronger, makes threat actors’ work harder, and prepares the next wave of practitioners to carry the torch. We contribute through SANS courses, workshops, open source projects, conference presentations, and volunteering with non-profit organizations.

Our Mission
#

Our mission is to “Go forth and do good things.” We want to make a positive difference in every friendship and relationship we develop. We are all in this together and we are stronger when we communicate well and take care of each other. We will strive to take care of our team, our families, and to grow our relationships to broaden our circle and set the example. - Don C. Weber

Start a scoping conversation

There are no articles to list here yet.