SAFETY4SEA: How did it come about that you joined shipping industry and your field of expertise specifically?
John Jorgensen: Security in all aspects – physical, operational, cyber – has always been part of my life and job responsibilities. I spent the first two decades of my career in the US Navy, then transitioned into systems architectures, systems engineering and security engineering for ships, systems and facilities. I worked to integrate what I learned in each position into the next, both to better my knowledge and performance, and to make the next job easier. Security is the critical enabler that allows us to do our jobs – and I’m always happy to be part of that enablement.
S4S: What about your current job/ role most excites you and why?
J.J.: After completing my time as Director of Information Technology (IT) Security here at ABS, I moved into the Chief Scientist role to work with Owners and Operators for the betterment of their cybersecurity postures. I see across the shipping, offshore and ports industries, and I can see commonality of issues that we can help people address, looking toward improving community security for the overall advancement of both safety and security of life, property and the environment.
S4S: When you think of the word successful who's the first person who comes to mind and why?
J.J: My father – a 37-year school teacher – who devoted his time to teaching children, raising his family, mentoring adults and shaping society by encouraging both curiosity and excellence. He loves what he did, so it was never work; he took time for family, recreation and learning; and he taught us how to be both driven and content.
S4S: Who is/was the most influential person/mentor to you & why ?
J.J:My second captain on my first ship. Completely knowledgeable and confident in all seagoing affairs, he taught me patience, calmness in times of turbulence, the value of advance planning, and the absolute necessity of deep professional competence. There is no substitute for confident and capable decision making when others depend on you.
S4S: What is the best and what was the worst piece of advice you've ever been given and why?
J.J: Best: Always look at the weather before getting underway. Generalize this to ‘Know your context before you act (or speak) in a new situation; you don’t know what you don’t know until you spend some time to find out.’
Worst: Eat a full meal before rough weather to keep your belly settled. (Not good advice for everybody, nor for every galley.)
S4S: What is the most worthwhile career investment (in energy, time, money) you’ve ever made?
J.J:Pursuing industry certifications in security has been the most powerful accelerator for my career. It’s not the certifications themselves that are specifically important – the credentials are really just to get you in the door to start learning. Certs provide the common language so you can find interests and start integrating knowledge among those interests. They also provide an organized way to approach the security domain to help speed exploration and learning, in general.
S4S: If you could give a piece of advice to your 18-year-old-self one thing, what would it be and why? What piece of advice should you ignore?
Good advice: Understand the audience, and compose your thoughts before you speak. Words cannot be brought back.
Bad advice: Let the broker handle your investments while you’re at sea.
S4S: In the last five years, what new belief, behavior, or habit has most improved your business life?
J.J: Realizing that people are generally rational actors who must have two reasons to act: one is the motivation (good idea, regulation, Owner requirement, etc.), and the other is the value of the action. The realization came from knowing that people don’t always do what is needed until after it’s needed. Just because it’s a good idea does not make a compelling reason to put security processes or functions into place. There must be a return for the effort or investment, too, in terms the decision maker must understand.
The key activity – as a security professional – is to anticipate where inactivity might result in effects on others, and help people make decisions on the basis of preventing future problems as you can integrate those preventive actions into existing programs. It’s critical to understand risks and the related needs, both for security and for the organization (business).
S4S: What would you like to change in the current maritime landscape and your area of expertise specifically and why?
J.J.: I’d like to see a standard coverage of security in industry training, including cyber security along with the other domains in security – physical, operational, information, etc. I see fragmentation of training with frequent disconnection among the components. People need to understand that information about underway times and cargo is just as important as the access controls that are part of physical security, which is just as important as crew practices for due care and due diligence in cyber-enabled system security. It’s all related, and it’s all needed for ships and facilities and ports.
S4S: What is your personal motto?
J.J.: Learn now, learn always.
About John Jorgensen, Chief Scientist for Cybersecurity and Software, ABS
Mr. John Jorgensen is currently Chief Scientist for Cybersecurity and Software at American Bureau of Shipping. In this position, he is responsible for cybersecurity service development for marine and offshore customers, as well as for related data integrity and software integrity methods development.
Jorgensen started his career in the US Navy, working as a seagoing combat systems engineer and a command and control systems program manager, earning degrees in communications engineering and in management information systems along the way. After working in ship systems acquisition at Naval Sea Systems Command, he retired from active duty and went to MITRE Corporation, where he worked in systems engineering and architectures, and then in security engineering and architectures, in complex systems of systems environments.
Jorgensen came to ABS to be Director of IT Security in 2013 and to build a security program for the ABS worldwide enterprise. Upon development and deployment of the new security organization, he moved to the Technology Division in 2016 to take the successful methods used in ABS into the marine community. The full integration of cybersecurity, data integrity, software assurance and system test is now the foundation for his work in the cyber domains.