Energy Impact Partners (EIP) is a $4 billion global investment firm custom-built to invest in the energy transition that brings together forward-thinking industrial and climate innovators to help decarbonize the global economy. In my role at as VP of Cybersecurity and Digital Transformation, I actively explore the cybersecurity problems facing utilities and industrial organizations and links them to innovative technology solutions and best practices. I lead research activities, support strategic partners on strengthening their cybersecurity posture, and collaborate across EIP’s portfolio companies on commercialization efforts.

Over the past decade, the SANS ICS curriculum has been the educational foundation for thousands of industrial security practitioners. Managers of these skilled OT security practitioners, however, are in a unique position to drive change within their organization-- and yet, there has not been a dedicated training program to enable them.Until ICS418: ICS Security Essentials for Managers. This 2-day course is designed to provide new ICS security managers with an overview of the technologies and strategies required to build a world-class industrial security program, as well as the people leadership skills to ensure its success. With a dozen hands-on labs, a unique simulated game for ICS decision-making, and several take-home resources, students often identify immediate areas for improvement at their organization and have actionable information to correct longstanding issues.

Working with SANS ICS leadership, I teach ICS456: Essentials for NERC Critical Infrastructure Protection, leveraging my experience as the federal technical lead for the NERC CIP standards. The course is designed to teach grid owners, operators, vendors, and regulators-- regardless of expertise or educational background-- how to protect grid operations using the CIP standards. It isn't your typical "what is regulation" class (though that is certainly covered), but includes over 25 hands-on labs that demonstrate how to implement security requirements and protect assets.Now with the introduction of the GIAC Critical Infrastructure Protection (GCIP), ICS456 students (and all security experts) can take their game to the next level with the industry's first NERC CIP certification. The exam covers all aspects of the standards and compliance regime, requiring an in-depth knowledge of both.Beyond working with ICS456 and the GCIP, I also support other aspects of the SANS ICS mission, including thought-leadership and marketing needs throughout the organization.

Dragos is an industrial (OT/ICS/IIoT) cybersecurity company on a mission to safeguard civilization. Founded in 2016, Dragos is devoted to codifying and sharing our in-depth industry experience through industrial security software and services, so we can arm industrial defenders around the world with the knowledge and tools to protect their systems as effectively as possible.As the Senior Director of Global Consulting Services, I led the worldwide strategy, development, and deployment of our client engagements across our catalogue of best-in-class ICS/OT security assessments, penetration tests, and tabletop exercises. Tied to our leading industrial security detection platform, our team of subject matter experts provide actionable guidance and recommendations for building a defensible ICS/OT architecture with measurable improvements for the entire organization. Further complimented by Dragos' award-winning incident response services, we provide clients with a comprehensive strategy to protect, detect, and respond to industrial cyber threats.

As the Director of Cyber Risk, I led a team of subject matter experts in industrial cyber risk management to enable CISOs and other executive decision-makers understand the reliability, safety, environmental, and financial impacts associated with cybersecurity threats, vulnerabilities, and their industrial operations.

As the Principal Cyber Risk Advisor, I worked with critical infrastructure protection specialists on a combined approach with ICS monitoring technology, threat intelligence, and incident response capabilities to reduce their overall risk.

Axio Global is a cyber resilience optimization and data sciences firm founded to fundamentally change the way that organizations understand and manage cyber risk. Axio's approach is designed to deliver advanced cyber risk management by harmonizing security technology, operational controls and insurance-- utilizing processes and models that combine insurance analysis with exposure quantification and cyber program evaluation. Axio’s work addresses the full range of potential cyber losses, including information theft, third party liability, property damage, bodily injuries, operational disruption, and environmental damage.My role at Axio focused on merging our services offerings with online platform development and examining ways to push the envelope on cybersecurity capabilities and quantifying impact due to cybersecurity incidents-- in real dollar values, not arbitrary and simple levels. Our team never shied away from the difficult discussions or masked risk engineering behind magic calculators and inputs. Leveraging decades of experience in critical infrastructure resilience and security, we provided actionable solutions to help organizations answer the most difficult question of all-- "can we survive the next cyber attack?"

The Cyber Security and Privacy Program at EPRI addresses the emerging threats to an interconnected electric system through collaborative research on cyber security technology, standards, and business processes to protect the electric grid. My responsibilities in the program combined my previous work on security standards development and system design, where I leveraged my understanding of traditional power systems with advanced concepts in information assurance. My research projects focused on developing an integrated grid platform security architecture, creating security metrics for the electricity sector, and developing risk assessment methodologies that are designed for specifically for power systems and operational technology.

I led several cyber security projects at DOE focusing on improving the security posture of the national electricity system. By providing both technical and project management guidance, I was able to streamline the department's mission of ensuring a resilient, reliable, and flexible electricity system with security methods and practices that are both technically viable and supported by industry. The work was highly visible and quick-paced. Of the projects that I was directly in charge of, two of note are the Cybersecurity Capability Maturity Model (C2M2) and the Risk Management Process (RMP). Both of these projects are designed to allow an entity to evaluate and improve their security culture with metrics and process improvements. These projects address multiple aspects of a robust security program, including vulnerability assessments, sharing of threat information, and other baseline protections.Beyond these projects, I was also charged with performing emergency management and energy restoration during a national crisis. As the sector-specific agency for our nation's energy infrastructure, DOE supports the National Infrastructure Protection Plan (NIPP) and the missions of both DHS and FEMA during an emergency. I provided engineering expertise for both power systems operation and cyber security during such an event. Further responsibilities included planning and conducting regional and national cyber security exercises for both public and private sector participants, ranging from system operators to executive-level involvement.

I had multiple responsibilities at FERC focusing on electrical reliability. I was involved in various mission-critical assignments for the Commission, including the development of NERC reliability and cyber security standards on both the national and regional levels. I was the technical project lead for FERC's internal process evaluating the NERC CIP v5 Reliability Standards, the end goal of which was to enhance and maintain the security of the bulk-power system.I was also the technical lead for FERC's Smart Grid initiative, the ultimate goal of which was to provide the nation with direction on advanced power grid technologies-- combining current information technology (broadband communications, smart controls and automation, and more end-user participation) with existing legacy systems. As a technical lead, I managed the smart grid security team, which consisted of engineers, cyber security specialists, and energy industry analysts. The team's primary objective was to provide guidance to the Commission on various cyber security concerns as they pertained smart grid systems.

Linked to my work in Hawaii, I created and managed the CU Green Sustainability Group, consisting of over 20 students and professors from 9 different fields of study, to research green technologies as integrated products for new business ventures. The primary goal of this group was to create a sustainable development on the Big Island of Hawaii utilizing smart grid technologies, such as Plug-in Hybrid Electric Vehicles (PHEVs), solar and wind generation, and advanced energy storage techniques. These engineering practices had to be seamlessly combined with sustainable architecture and landscape architecture practices, as well as green community planning and urban design. As project manager, I had to manage daily operations for the team—including lab supervision, budgeting, research direction, and recruitment. Due to the complex nature of working within academia on a private consulting project, I also lectured for several Cornell University courses regarding a multitude of research topics within sustainability.

In order to bridge the research in academia to real-life problems faced on Hawaii, I managed and conducted the technical research with academic partners and merged it with business projects on the Big Island. This resulted in a series of designs for a smart grid mixed-use (residential and industrial) community. The project linked multiple universities and government agencies to socioeconomic and environmental issues in Hawaii.

As an engineer specializing in energy systems, I performed energy audits for homes and businesses in Upstate New York. I also aided in the design options of LEED certified buildings (a Buddhist monastery, child day care center, and brewery company, to name a few) and created software models for solar energy usage and passive heating. Other projects included research into biofuel solutions for local governments, high efficiency hydronic systems, and distributed power generation.

During my time at the New York City DEP, I managed multiple tasks and programs pertaining to the city's wastewater infrastructure and associated supervisory control and data acquisition (SCADA) system. As an asset owner and operator, tasks included monitoring the data acquisition system and inspecting and repairing logic controllers and their corresponding communication systems at various sites. I also contributed to the various contracts in place for implementing new SCADA system technology. Other responsibilities included creating pilot programs to ensure the success of the Federal Clean Water Act of 1972 within New York City.