John Deere has been aggressive in building security into its equipment as technology enhancements, particularly on the agriculture equipment side, create gateways for cyber attack.
A push for the company has been to create pathways for college students training in the discipline. Last year, its Cyber Tractor Challenge pitted students against one of Deere’s ag tractors in an effort to hack it.
Another angle the equipment manufacturer, based in Moline, Illinois, has taken is a partnership with Iowa State University in nearby Ames, Iowa, that embeds students in the university’s cybersecurity engineering program into its security teams. Since the program began in 2017, Deere has hired more than 70 ISU students.
“The intention was to build a talent pipeline from the ground up,” said Megan Wheelock, director of GSEC risk management and Deere’s business information security officer (BISO), in a statement, noting that Iowa State has one of the five best cybersecurity engineering programs in the country.
“The program was built to have people leaders based in Ames,” Wheelock said. “This was intentional to ensure students were not only supported by their peers/buddies, but also had a manager close by to facilitate relationship building and help the students learn about John Deere.
“We wanted to make sure that there were teams in Ames that students wanted to be part of,” Wheelock said. “So today, that’s primarily vulnerability management and cloud security. We wanted students to work on fun and exciting challenges.”
Rian Lamarque will join Deere’s cloud security team when he graduates from ISU with a focus in cybersecurity engineering. He interned and worked part-time for Deere while in school.
The combination of cloud computing being new and the growing use of cloud services means cloud security professionals are evolving to meet new challenges, according to Lamarque.
“Each cloud provider regularly rolls out various updates to service along with brand-new services,” he said in a statement. “This constant evolution requires you to adapt quickly and reassess security practices that are in place. The most challenging part can be ensuring developers are given enough access to effectively use a service which we have achieved through various identity and access management automation.”
Source: John Deere