One word to describe yourself: Generous
Alma Mater: DeVry University in Columbus, Ohio
Fun fact about yourself: I love baking and recently got a KitchenAid stand mixer. I enjoy making cakes, cookies, muffins, pies (grape pie is my specialty) and sourdough pizza/bread.
Favorite station or stop that you have ever visited or frequent (and why): Amsterdam Centraal Station. This one has it all: classic Dutch architecture with an amazing tall domed platform roof, modern and technologically advanced interior, light rail directly in front of the station to service the city and walk on ferries behind.
Favorite route you have ever ridden or frequent (and why): I am sure it is many peoples favorite route, but the Amtrak Cascades route has to be it. Being able to travel between Seattle and Vancouver and not having to drive is such a plus and traveling along the beautiful coast of Washington and British Columbia makes this my favorite by far. It also doesn’t hurt that it drops you off right beside both the Sound Transit Link Light Rail and the Vancouver SkyTrain.
Ryan Chelski leads a team responsible for safety and security design and certification of capital projects at Sound Transit. He is also responsible operationally for station inspections, safety and security assessments, employee safety reports, regulatory safety reporting and the oversight of dozens of operational safety and security upgrades/projects.
Chelski served as the DHS/TSI Security Enhancement Through Assessment (SETA) lead, where he directed the design, planning and execution of SETAs for the agency. As a joint terrorism task force liaison, he helped plan and execute physical penetration testing of physical assets and infrastructure and coordinated information sharing. Chelski was instrumental in security certifying Sound Transit’s new Siemens LRVs, which is the one of the first cyber/infosec penetration testing of LRVs in the U.S. He built the case to justify penetration testing of the 152 new LRVs and explained any vulnerabilities found during the testing will result in mitigation steps.
Locally, Chelski volunteers with the ASIS Puget Sound Chapter as a young professionals liaison to mentor and encourage involvement of young professionals through trainings and networking opportunities. Additionally, he was selected to participate with the Washington State Fusion Center as the Fusion Liaison Officer for Sound Transit where he attended weekly meetings to provide relevant information to law enforcement agencies and worked closely with them on identified threats or issues. Within the industry, Chelski is a member of the APTA Infrastructure System Security Working Group and was part of the APTA Emerging Leaders Program in 2022. His team’s capstone project for the program, "Who Feels Safe on Your Transit System: How Transit Agencies Answer This Question by Collecting and Disaggregating Harassment Data,” explored how agencies are collecting safety and security data, whether or not they focus on harassment and how they do or do not disaggregate data for a safer and more secure experience for their ridership.
Is there a specific experience that led you to where you are today?
I worked as an installation technician for many years working on large access control, camera and intercom projects for data centers, cash vaults, drug vaults and large-scale manufacturing. At the time, I was working at the Federal Reserve, managing the Seattle branches’ physical security program, and was ready for my next opportunity. I had interviewed at a company where I would be working with the Washington State Ferries, working on its security systems, but was not sold on the job. I mulled over the opportunity for a couple weeks when my partner asked if I would continue looking for a job, even if I accepted this one. My answer was yes, and the very next week I saw a Sound Transit posting for a security specialist role. I quickly moved from a specialist to a senior specialist and had an opportunity to interview for the Transportation Safety & Security Manager position I currently hold.
What do you enjoy most about your job?
What I enjoy most about my job is impacting the areas where proactive long-term changes can be enacted. By writing new or changing old portions of our design criteria manual, specifications and project requirements, I can help get safety and security needs implemented into future projects before they are designed and built. After conducting our Threat and Vulnerability Assessment (TVA) and Preliminary Hazard Analysis (PHA), we make sure that those mitigations we have identified in the TVA/PHA are incorporated into the design. This process has a major impact on the built station, and the overall safety and security of our riders. Operationally, I like identifying and building projects with agency wide impacts, such as our enterprise video management software (VMS) and our upcoming video analytics project. By upgrading our VMS and the implementation of video analytics, we can be notified of real-time threats, hazardous conditions and anomalous behaviors. This technology allows us to save money by more efficiently utilize our security officers, as well as providing business intelligence, and providing solutions to other business units projects. For example, our VMS and video analytics have paid/permit parking capabilities, as well as occupancy counts for our parking garages.
What’s the most challenging part of your job?
Currently, the most challenging part of my job is managing the volume of safety and security work my region has. Sound Transit is currently going through one the nation’s largest capital expansions, and already has a fairly large operational footprint. My region is responsible for the West Seattle to Ballard Link Extension project, which is the largest transit infrastructure investment in Seattle history at roughly $12 billion. Our work will include conducting safety and security certification on 11.8 miles of track, with the possibility of multiple tunnels and a bridge over the Duwamish River, as well as 13 new stations. We are also responsible for our regulatory reporting requirements of safety and security incidents/accidents on our Link light-rail system from Northgate Station to Tukwila International Blvd. Station, totaling 17 stations and containing a few miles of at-grade track. On our operational system, we have dozens of projects to bring our system up to current standards, as well as to mitigate identified hazards and vulnerabilities. For instance, we recently took over the tunnel under downtown Seattle, and the program has roughly 40 current projects that are either safety/security initiated or where we are stakeholders and will provide safety and security acceptance. If this sounds enticing, check out Sound Transit’s open positions!
Accomplishment you’re most proud of and why?
An accomplishment I am proud of is my work on security certifying our new Siemens Light Rail Vehicles (LRVs). With certification, we conduct TVAs and verify mitigations are put in place through design, construction and operations. The part I am most proud of is building and presenting justification for an information security penetration test of our LRVs and getting approval for testing. With this approval, Sound Transit became one of the first—if not the first—transit agencies in the United States to conduct penetration testing of newly procured light-rail vehicles, with a commitment to implement mitigations found through this process. With cyber threats becoming realized every day, this work is imperative for our critical infrastructure and the safety and security of our passengers. It is now my responsibility to present this TVA to our appropriate committees and I will be responsible for certifying these mitigations for all 152 Siemens vehicles we will be receiving.
Best advice/tip/best practice to share from your area of expertise?
Early in my career at Sound Transit, Branden Porter, a former 40 under 40 recipient, taught me how important it is to determine the difference between something that must be funded/fixed/accomplished/changed and where we can compromise. With advances in current security technologies, it can be tempting to use the latest and greatest solutions as mitigations for identified vulnerabilities, but there can be hidden risks and identifying those as a part of my work can be critical. My advice is two parts, first try and think how someone with bad intentions could utilize new technology to harm those that use your transit system or your employees. Secondly, ask questions and get feedback on how new technologies could negatively impact privacy, civil rights, information security, etc. For a project like implementing video analytics, it would be imperative to know if you plan to use facial recognition or if the hardware/software was built with cyber in mind, where you plan to utilize this technology or what might need shared in a public disclosure request. It is a fine line between security and privacy/civil rights, and I believe it is our job as security professionals to proactively address these issues.