Cybellum Receives Frost & Sullivan’s Competitive Strategy Award for its Innovative Product Security Solutions
Cybellum Receives Frost & Sullivan’s Competitive Strategy Award for its Innovative Product Security Solutions
Scott Sheahan

#56: Scott Sheahan: From Aerospace to Automotive Cybersecurity

We sat down with Scott Sheahan, the owner of Rustic Security, to learn from his rich background in the automotive cybersecurity world and embedded software development.

About Scott Sheahan

Scott Sheahan is a seasoned professional with a rich background in the automotive industry and embedded software development. After working for several years as a software engineer in the defense industry, Scott moved into the automotive space, as an In-Vehicle Cyber Security Architect at Ford, Product Cybersecurity Engineer at Aptiv, Autonomous Vehicle Security Engineer at Nuro and most recently as the owner of his own company, Rustic Security.

Summary of the Conversation with Scott Shehan

Scott Shehan, an expert in the automotive industry and embedded software development, shared insights from his diverse career, spanning defense, aerospace, and automotive cybersecurity. His roles included positions at Ford, Aptiv, Neuro, and his own company, Rustic Security.

Career Journey

  • Education: Bachelor’s in Mechanical Engineering, Master’s in Aerospace Engineering.
  • Early Career: Worked in robotics and mechatronics, automation engineer in factories (programming KUKA robots and Beckhoff PLCs).
  • Transition to Software: Software engineer for Raytheon, eventually moving into automotive cybersecurity.
  • Current Role: Owner of Rustic Security, focusing on serving automotive OEMs and tier one suppliers.

Insights and Highlights

  • Thermodynamics Tipping Point: Both Scott and David shared how their experiences with thermodynamics influenced their career paths, leading to interests in other fields.
  • Embedded Systems and Cybersecurity: Scott discussed the similarities and differences in embedded systems across various industries, emphasizing the common need for secure booting, firmware integrity, and secure messaging.
  • Automotive Cybersecurity: Highlighted the evolution of automotive cybersecurity, the importance of secure by design principles, and the challenges posed by the diversity of technology stacks in vehicles.
  • Standards and Regulations: Emphasized the role of standards like ISO/SAE 21434 and UNR 155 in driving automotive cybersecurity and the need for a strong security culture within organizations.
  • Secure by Design: Stressed the importance of integrating security from the concept phase, building security goals upfront, and avoiding the pitfalls of adding security later.
  • Supply Chain Challenges: Addressed the difficulties faced by smaller companies in adopting secure by design practices and the role of OEMs in ensuring their supply chains adhere to cybersecurity standards.
  • Future Challenges: Discussed the ongoing challenges in automotive cybersecurity, including the complexity of vehicle technology and the need for comprehensive defenses against sophisticated attacks.

Personal Reflections

  • Overcoming Challenges: Scott reflected on his experiences driving innovation in large companies and the difficulties of advocating for new practices as a young engineer.
  • Consulting Career: Transitioned to consulting to have more influence and flexibility in implementing cybersecurity solutions, emphasizing the meritocratic nature of consulting.

Closing Remarks

Scott appreciated the opportunity to share his experiences and insights, highlighting the importance of the podcast in educating the industry on product security. The hosts expressed gratitude for Scott’s contributions and the valuable lessons he provided for both seasoned professionals and those at the beginning of their careers.