The world relies on critical infrastructure and industry. We keep the lights on, water pumping, gas flowing, transportation moving — and all other industrial technologies safe and secure. Protecting industrial control systems and operational technologies is our specialty.

Founded the organization in the early 2000s, ushered it through its formative years and through the initial bootstrapping phase as a young non-profit industry-funded organization. Managed the foundational effort around the NESCO public-private partnership with the US Department of Energy as Principal Investigator. With the organization maturing into an operational state, I will continue my strong support for the organization through volunteer roles on the Board of Directors, Executive Committee of the NESCO Advisory Board, and the North American Energy CISO Forum. I deeply believe in the mission and will proudly wear my EnergySec badge forever.

Recruited to advance the non-profit organization as the founder and cultural leader from an all-volunteer professional organization to a sustainable business model. Responsible for annual operations budget. Oversee and direct all finances, business development, marketing, services, human resources, administrative, operations, outreach and government functions of the organization nationally and internationally. Instrumental in EnergySec winning a $5.9M award from the US Department of Energy to establish the National Electric Sector Cybersecurity Organization, a public-private partnership with industry and the DOE.

We provide our clients with:SECURITY through the development and deployment of security-based controls, processes and procedures.COMPLIANCE that meets all mandatory requirements and is sustainable though our security-based approach to insuring the reliability of the North American bulk electric system.TECHNOLOGIES that create and sustain a culture of security, reliability and compliance.EXPERTISE that is uniquely combined to allow clients to confidently demonstrate compliance in these regulatory frameworks -- DHS, FERC, NERC, NIST, SOX and SSAE 16.AWARENESS and TRAINING that leverages our experience as former regulators and our security-based focus to provide clients with a thorough understanding and appreciation of the latest developments in regulatory, reliability and cyber-threat issues.

The primary focus for the practice was delivering high-quality consulting services specific to the NERC CIP standards in areas such as strategic executive advisory, regulatory self-certification, gap analysis, audit preparation (mock audit), compliance support, program implementation, training and technical remediation. Successful in building to and regularly maintaining over 100% utilization for the ICF commercial operations line of business.

The Western Electricity Coordinating Council (WECC) is the largest and most complex Regional Entity and Regulatory Compliance Enforcement Authority delegate of the Electric Reliability Organization, North American Electric Reliability Corporation (NERC) under the Federal Electric Regulatory Commission (FERC). Primary responsibility was managing audits and investigations with respect to the NERC Critical Infrastructure Protection Standards. Designed and implemented the CIP program for WECC and managed all CIP compliance staff. The CIP audit and investigation jurisdiction for WECC was all Registered Entities (electric utilities) in the western half of North America, including the southernmost provinces of Canada through Baja Mexico and all US States west of the Rocky Mountains.

Senior Compliance Engineer and Auditor responsible for compliance to the NERC CIP Standards for the Western Interconnection.

PacifiCorp is a subsidiary of the MidAmerican Energy Holdings Company division of Berkshire Hathaway. Primary responsibilities were information security consulting and regulatory compliance functions. External compliance tasks involved all federal, regional and state regulatory requirements such as NERC CIP, FERC Orders 888/889/890, DHS CFATS, HIPAA, OR-SB583, CA-SB1386, PCI and Sarbanes-Oxley. Internal compliance tasks included vulnerability management, forensics and policy. Security lead on all internal and external assessments, penetration tests, audits and SCADA/EMS projects in addition to the compliance management role, Provided regular threat/vulnerability and risk analysis as well as security consultation to various executive, corporate/business and field efforts.

Charged with developing and driving the newly formed Energy and Utility Security business vertical within the company. Performed many risk and vulnerability assessments for various organizations in the electric, water and wastewater utility space. Participated on engagements with peer practice verticals such as banking and finance, insurance, healthcare and municipal government. Created a highly successful proprietary assessment methodology, which leveraged elements of ISO 21827, NIST 800 series and the NSA-IAM.

Security lead on all internal and external assessments, penetration tests, audits and SCADA/EMS projects in addition to the compliance management role, Provided regular threat/vulnerability and risk analysis as well as security consultation to various executive, corporate/business and field efforts.

Safetylogic, is a subsidiary of Aon Global Insurance that survived the “dot-com” boom/bust. Responsible for management of all Internet-facing technology, architecture, administration and support necessary to move the web infrastructure from the startup phase to full production. Directed all infrastructure matters related to the Internet website, the sole source of income for the company. Developed and implemented many new corporate policies relative to information integrity and assurance, disaster recovery, business continuity as well as restructuring the information security model for the website and supporting systems.

Joined PGE’s information security function directly after the Y2K event. My primary tasks were development of architectural and policy solutions necessary for moving Internet services (web, email, ftp, EDI, etc.) from an off-site co-location provider to their in-house data center. Additional tasks included implementation of intrusion detection, integrity assurance and anti-virus solutions including event analysis and training for all newly implemented security systems. Provided assistance during external/internal audits and subsequent remediation strategy activities as well as consulting to various corporate projects such as online bill payment and other customer-facing applications.

Ecobyte, was an ahead-of-its-time, dot-com era Internet data center and co-location facility powered by renewable (green) energy. Managed technology staff and provided security consulting, architecture, forensics, support and strategy for the data center’s infrastructure and customer base. Developed and implemented all information security policies, processes and practices and business continuity plans for the data center. Performed security assessments, server hardening, incident response and forensics for many co-located customers.

Self employed, sole proprietor. Consulted many organizations from SOHOs to large corporations and municipalities on the emerging world of the Internet/IT and e-business in the pre dot-com era. Responsible for design, construction and implementation of custom hardware, network and telecommunications solutions. Instructed classes on web development, system architecture and networking.

Began technology career as cabling technician. Rounded skills through training and experience to include designing and implementing large business voice and data networks. Other functions included DSU/KSU programming, sales and service for all supported hardware and software.