David Wolf · Project Use Case
AI SECURITY · PRODUCT SECURITY · FORESCOUT
Forescout
Smart IoT Security Lab
Established and directed a live Smart IoT Building security research lab spanning robotics, HVAC, ICS/SCADA, and SOC-style command center operations.
Built and directed Forescout's Smart IoT Building security research lab — a live, instrumented environment designed to surface real-world attack paths across HVAC automation, robotics, and industrial control systems. The lab...
Client
Forescout Technologies
Engagement Type
Full-Time (FTE)
Period
Jan 2016 – Jan 2020
Role
Senior Director of Security R&D Labs
Focus Areas
Smart building security (HVAC, BMS, access control), Robotic system security research, ICS/SCADA threat characterization, OT network attack path...
The Research Narrative
Strategic Problem
Building a credible, live security research lab for IoT and OT systems required solving physical infrastructure, specialized hardware acquisition, team direction, and research publication simultaneously —...
What David Did
Establish a fully instrumented Smart IoT Building lab with live HVAC, robotics, and ICS/SCADA systems as research targets.
What Became Clearer
Established a first-of-its-kind live IoT/OT security research lab that produced original, publishable attack research across multiple verticals.
Consulting Proof
This is evidence of turning messy security telemetry into explainable dashboards, alert-quality improvements, and executive-ready operating views.
The Context
By 2016, enterprise environments had absorbed millions of connected devices — building management systems, IP cameras, HVAC controllers, robotic systems, industrial equipment — that security teams had no frameworks to assess and vendors had no rigorous research to cite. Forescout recognized the opportunity to lead this space through physical, hands-on research at a scale no competitor could match.
The Challenge
Building a credible, live security research lab for IoT and OT systems required solving physical infrastructure, specialized hardware acquisition, team direction, and research publication simultaneously — while ensuring the lab could serve as a compelling customer demonstration facility without compromising the depth and rigor of its research output.
What I Did
- •Establish a fully instrumented Smart IoT Building lab with live HVAC, robotics, and ICS/SCADA systems as research targets
- •Design a SOC-style command center with security feeds, telemetry dashboards, and multi-screen display infrastructure for continuous monitoring and research operations
- •Research attack paths across building automation, robotic systems, and industrial control networks with real hardware in controlled but realistic environments
- •Translate physical lab findings into published research, customer proof-of-concept demonstrations, and Forescout product intelligence
- •Coordinate lab output with the broader Device Cloud research program and external threat research publications
The Outcome
Established a first-of-its-kind live IoT/OT security research lab that produced original, publishable attack research across multiple verticals.
Research Outcomes
Signal Quality
Improved the trustworthiness of operational security signals
Operational Clarity
Translated complex security data into clearer operating views
Stakeholder Visibility
Made technical risk and status easier to explain
Operational Impact
Turned raw telemetry into actionable security intelligence
Capabilities Demonstrated
Security Analytics
Signal investigation and event analysis
IAM / Access Control
Identity telemetry and access insights
Telemetry Normalization
Consistent and trusted data
SIEM Alert Debugging
Noise reduction and signal validation
Dashboard Development
Operational and executive views
Executive Reporting
Security data translated for leadership
Operational Reporting
Actionable views for security operations
Public-Safe Evidence
Shareable insights without sensitive data
Key Deliverables
- •Smart IoT Building lab — physical research environment
- •SOC-style command center infrastructure with security feeds and telemetry displays
- •HVAC, robotics, and ICS/SCADA attack research
- •Published threat research and customer proof-of-concept demonstrations
- •R&D program leadership and team direction
Tools & Technologies
Consulting Translation
The reusable pattern is not Disney-specific: normalize fragmented security telemetry, debug low-signal alert behavior, build trusted operating views, and give leadership evidence they can act on without exposing sensitive systems.