. 
. 
. 
THE METHOD
The selection and use of applications, define data communication requirements and are combined with business operations Risk/Value calculations to inform data systems design.
There are many relevant standards and frameworks to consider in this process, (e.g. IETF, IEEE, ISA/IEC, CISA, NIST, INL CIE/CCE, HIPAA, PCI, CMMI/C, C2/M2, NERC, ISACA, ISC2, SANS, COBIT, ITIL, PMI PMBOK, and ISO). So most of the development of a particular project methodology involving data system architectures, infrastructure, monitoring and support, has already been done.
With this over-abundance of guidance advising us, secure critical infrastructure data network design/build projects and related support organizations have the potential to self-define, if we let them. To elevate the prospect of creating a sustainable secure data system from a desired outcome to a certainty, remember…
'Follow the spec. and your data communications systems won't be a wreck.'
(…and be ever defending against the relentless onslaught of our seasoned adversary, Entropy.)
2024 INITIATIVES and ACTIVITIES
Team Member - NERC CIP 013 Supply Chain Risk Management Update Team (Gap Review) - Continue contribution working within the NERC CIP standards committees to assist in resolving identified gaps in existing 013 standard - estimated completion 2nd Qtr 2024
Presenter - GridFWD 2024, Banff, CA - Present a current perspective based upon multiple markets practical projects participation about activities to help reduce cybersecurity risk in the supply chain - estimated completion October 2024
Cybersecurity Architect - Risk Mitigation Project – Assist large U.S. metropolitan water utility with analyzing comprehensive SCADA cybersecurity Assessment, identifying optimum control additions and procedure fit for established policies. Controls involved Active Director IDAM, additional Password security controls and Remote Access policy, process and procedures creation - estimated completion 3rd Qtr 2024
Principal Cybersecurity Architect - Solutions Development – Assist large U.S. industrial EPC business, drafting a Cybersecurity practice solutions development plan. The plan is intended to assist in rapid roll out of new cybersecurity services for critical infrastructure. Plan will be come part of business unit strategy execution - estimated completion 2nd Qtr 2024
Group Leader and Contributor – North American Electric Reliability Corporation, Critical Infrastructure Protection (NERC CIP) Standard 013, Supply Chain Risk Management - Vendor Incident Response Guide version 2 revisions. Effort to keep up to date existing guidance documentation for use by energy sector operating entities supporting the U.S. Bulk Electric System (BES) - estimated completion, ON-GOING
REPRESENTATIVE PROJECT EXPERIENCE
Extensive experience working directly for software and hardware producers, OEM's and services organizations helping governments and businesses design and deploy secure, reliable, sustainable (operationally efficient) critical infrastructure networks.
Participant - Cybersecurity Services Group Launch Team – Assist with the development and launch of new cybersecurity services organization delivering Engineering Procurement and Construction services. Activities include organization design: resource identification and qualifying through interviews; service offerings identification; revenue vs. strategy refinement of initiatives; cross markets cyber services delivery integration and communications development; assist with development of sales, marketing and media collateral - 4th Qtr 2023
Contributor Security Product Development – Participation in early development process for multiple products; exploring possible product creation including customer input mechanisms such as focus group surveys and product information videos, contribution to (ERD) including security feature/function and Marketing Requirements (MRD) Engineering Requirements sets - 3rd Qtr 2023
Investigator Contract Compliance – Cybersecurity subject matter expert for team investigating supply chain project execution performance for critical infrastructure. Purpose is to validate cybersecurity designated aspects of information handling and assist to improve overall project data security - estimated completion, January 2024
Team member, Critical Infrastructure Cybersecurity Assessment/Audit – Utilize automated CISA CSET tool to assess, audit and validate network and cybersecurity posture for large southwest metropolitan utility. Analyze results, measure risk and recommend controls enhancements to close identified gaps. Issue C-level report on findings and review mitigation project(s) cost - August 2023
Principal Consultant, Cyber Attack for Ransomware (CAFR) Reaction Plan – Assist medium size U.S. Energy sector customer, investigate and assess requirements, methods and activities required for responding to a ransomware attack. Include critical systems priorities, playbook, existing IR and DR plan impacts, area and access isolation techniques, data flows and processes while negating ransom payment; utilize existing frameworks and tools wherever possible, (e.g. CISA Ransomware preparation information, INL CCE®, MITRE ATT&CK® framework, etc.) - 2nd Qtr 2022
Co-Presenter, 'Developing a Cyber Attack for Ransomware (CAFR) Response Playbook' – Presentation to an electric utility Reliability Organization (RO) relating methods and techniques for establishing planned organization, systems and network response to a CAFR (Cyber Attack For Ransom) event while negating ransom payment - March 2022
Team member, Organization Transformation, Cybersecurity Services Development – Assigned to assist multi-market and cross functional teams examine cybersecurity services opportunities potential, associated strategy and delivery structure, while interfacing with a company-wide formal business Transformation effort - September 2021
Project Lead, Cyber Attack for Ransomware (CAFR) Reaction Plan – In cooperation with mid-size Energy sector customer, investigate and assess requirements, methods and activities for responding to a ransomware attack. Produce Playbook that recognizes critical systems priorities, existing IR plan impacts, isolation techniques accounting for essential operational application flows and processes, while negating ransom payment - July, 2021
Co-creator, OT Services Supply Chain Cybersecurity Risk Management Survey Response Template – Develop new process to assist pre-sales organization response to various customer surveys resulting from NERC CIP 013 Supply Chain Risk Management requirement. Customer submitted survey may be of any form, depth or breadth. Response process considered assurance of risk reduction and project information protections - April, 2021
Project Team Technical Coordinator, Private Wireless Device Implementation – Develop very large-scale energy sector customer field demonstration criteria for implementation and validation for 17 site MPLS VPN SCADA/AMI OT data network with data flow filtering protections that include wired, private radio spectrum and microwave wireless infrastructure. Examined interaction requirements of IP network team and RF team seeking to optimize overlapping responsibilities and tasks for provisioning, validation testing and turn up - March 2021
Project Team Principal Consultant, Cybersecurity Process Documentation – North American Reliability Corporation - Critical Infrastructure Protection (NERC CIP) procedures documentation standardization project for very large scale Energy sector client. Provide review, validation and verification for series of practical process/procedures guide documents aligned with NERC CIP rule set - August, 2020
Project Team Principal Consultant, VLS Network and Cybersecurity Design – North American Reliability Corporation - Critical Infrastructure Protection (NERC CIP), BCA Low Impact Electronic Access Point (LEAP) Assessment. for a very large-scale OT network. Developed Statement of Work (SoW), led Design and Deployment – pursuant to rapidly evolving DoE directives for Critical Infrastructure Protection compliance requirements, active project to assess vulnerability in approximately 100 electric grid field sites through inventory and logical assessment, detecting and analyzing all NERC CIP LEAP's and cyber assets - February, 2019
Lead Product Evaluator, Cybersecurity IDS Product – Develop new service, related collateral, sell then execute as leader for product field evaluation team. Analyze and record Human Factors observation through user interviews and use-case functional testing of industrial networks purpose-built intrusion detection appliance supporting DNP3 and related protocol(s) signature detection. Developed Statement of Work (SoW) for service. Product was examined during Proof-of-Concept deployment within operational production network - June, 2017
Human Resourcing Consultant, OT Network Infrastructure Talent Search – Requested by private energy generation, transmission and distribution utilities to assist in identification and qualification of Smart Grid technical resources for very large-scale O.T. network modernization projects. Interview and rated candidates with urgent timeline requirements - November, 2019
Team Leader, VLS Network and Cybersecurity Design – Very Large-scale OT network design Proof-of-Concept Lab Electric sector - led creation and execution of OEM switch/route/firewall proof-of concept test to evaluate best design solution employing MPLS network virtualization, data path encryption and traffic flow filtering. Tasks included test plan case development and documentation, lab provisioning, inventory controls, test monitoring, results evaluation and outcomes memorandum - July, 2018
Principal Consultant, Network Operations Center CMMI – Assist with development of RFP response, win and then execute assessment of Network Operations capabilities for large multi-state SouthEast U.S. utility. Duties included current state analysis, gap analysis, CMMI maturity modeling of energy network monitoring operation (NMS) to track progress toward future state goals. Areas of analysis include application requirements and data flow, network health baseline and deviation, alert monitoring, tools, staffing and cybersecurity integration - April, 2018
Co-Developer, Cybersecurity Live-fire Exercise – Developed statement of work (SoW), assisted with design and execution of organization-wide cybersecurity intrusion(s) exercise including Identification, Incident Response and Mitigation for generation/transmission multi-state electric cooperative; included master security event list (MSEL) development and exercise injects for human engineering site access, EMS SCADA-Master packet payload modification, law enforcement scenario, and natural disaster event, assessing response capabilities and business continuity impacts - January, 2017
Project Team Principal Consultant, Network and Cybersecurity Controls – Assist with development of RFP response for win and then execute, Energy Markets network, large-scale firewall rule set refresh (1000+ ACL's) for multi-tiered and virtualized security architecture. Work was performed during production hours for the Market necessitating extreme care for rule validation and change activities
Principal Architect, Network Cybersecurity Strategy – Assist with development of RFP response, win and then execute Telecom Master Plan for very large scale Generation, Transmission and Distribution, I.T. infrastructure, South East U.S. energy co-op; defining new highly secure and reliable Smart Grid data transport infrastructure supporting AMI, HMI, RTU, DNP3 SCADA-monitored and managed field network flows. Work produced Current State, Futures State, Solutions Analysis and Roadmap
Team Leader, SW/HW Quality Assurance – Software and Hardware products Quality Assurance group, both shrink-wrap and integrated code. Conceived and applied interactive hardware/software product black-box functional verification, validation and user-experience testing procedures and techniques; led development of localization interface dialog comparison process; led alpha and beta field test programs; identified and documented human-factors gaps in user interfaces, developed and populated bug database attributes and entries, etc.
Team Leader, Software Quality Assurance – Business Intelligence Web Application Quality Assurance group, working with Development, Marketing, Sales and Management teams while leading efforts that ensured rapid-to-market delivery of complex business intelligence products. Conceived and applied interactive hardware/software product black-box functional verification / validation and User-Experience testing procedures and techniques. Worked with off-shore code development teams
Senior Network Architect, State Capitol Legislative Network – State government capitol legislative very large-scale network modernization - developed Statement of Work, team lead for modernization program including VoIP, Legislative wired and wireless network and assess recommend cybersecurity controls - environment listed on National Register of Historic Places and observed as possible model for U.S. House of Representatives IT group
Senior Consultant, Network Security Engineer, SIEM – National credit union IS provider, security infrastructure project with PCI Compliance factors: Deployed Cisco MARS SIEM (Security Information and Event Management), tuned through learning modes and false-positives, trained local staff
Contributing Architect, Network Engineering – Multi-year engagement advising state government I.T. organizations. Hands-on network architect, infrastructure engineer and team leader for federated state government, all-agency $5,000,000+ network transition project: Migration from legacy network to full MPLS virtualized, tiered and modularized design: 1000+ router nodes; 37,000+ ports, 100+ user groups; future-proofing designs, flexible growth trajectories and investment preservation
Consultant, Cybersecurity Engineer, Assessment PCI DSS – National jewelry chain, PCI (Payment Card Industry) DSS self-assessment PCI questionnaire project: Analyzed network architecture and identified risk factors relative to achieving PCI compliance
Consultant, Cybersecurity Engineer, Network Access Controls – Regional credit union, security infrastructures project: Scoped, deployed and configured Cisco ACS, (Access Control Server) and “hardening” of related infrastructure devices, trained staff
Senior Consultant, Network and Security Engineer, IDS and SIEM – Global BPO IS provider, security infrastructure project: Scoped, deployed and configured MARS (Monitoring, Analysis and Response System) SIEM, including learning mode evaluation and false-positive tuning, trained staff
Senior Consultant, Network and Cybersecurity Engineer, SIEM HIPAA – Global pharmaceutical corporation, security infrastructure project with HIPAA Compliance factors: Deployed and configured MARS (Security Monitoring, Analysis and Response System), including learning modes and false-positive tuning, provided staff training for SIEM operation
Architect, Network and Cybersecurity Architecture – Very large-scale energy distribution co-op Operations Control Center network architecture redesign including multi-tiered multi-vendor Firewall architecture with NERC CIP regulatory compliance factors addressed: Logging; DMZ; Access Controls; Interactive Remote Access; Change Control Reporting
Senior Consultant, Network Engineer, Cybersecurity HIPAA – Regional health services provider, security strategy assessment and development project with HIPAA Compliance factors: team member for comprehensive data security strategy, risks, review and recommend
Consulting Engineer, Cybersecurity Assess – National BPO back-office application services provider, security strategy assessment and development project: Team member for comprehensive security strategy, review and recommend
Network Consulting Engineer, Data Center Build – Global entertainment corporation, rapid data center build-out project: Deployed and configured secure terminal access and content load-balancing, at Tier 4 Data Center environment
Senior Consulting Engineer, Network Design and Cybersecurity (Alexander Open Systems) – Multi-year critical account assignment, on-site supporting named account to help ensure customer success with product line in large-scale multi-year MPLS deployment
Senior Consulting Engineer Cybersecurity (Calence) – Senior cybersecurity posture assessments, PCI compliance, HIPAA compliance, trusted network and cybersecurity advisor to named accounts, (State of Kansas), expensive hands-on secure infrastructure design and implementation of SIEM's, IDS's, Firewalls, etc.
Critical Accounts Resident Network Engineer (Cisco Systems) – Assigned to remediate Cisco Critical Accounts Program client experiencing complex network instability. Assignment evolved in to multi-year on-site network architecture consultation. Resolve system very large scale data network performance and reliability issues.
Team Leader, Quality Assurance Engineer (Farallon/Netopia) – Network and Web Application Software Quality Assurance Engineer working with Development, Marketing, Sales and Management teams while leading quality assurance efforts that ensured rapid-to-market delivery of complex network management products.
Technical Assistance Center Engineer (Cisco Systems) – Working in OEM networking hardware and software customer support group, handling tier 1, 2, and 3 support calls for entire product line including networking switches, routers, network configuration and management software, etc.
Technical Assistance Center Engineer (Farallon) – Working in OEM networking hardware and software customer support group, handling tier 1, 2, and 3 support calls for entire product line including networking switches, software routers, network configuration and management software, screen-sharing applications, etc.
U.S. Army Flight Operations Coordinator (Crew-member Status) – Scheduled and tracked transport and tactical missions of military flights, fixed wing and rotary wing aircraft, in critical-missions environments, (cabin, crew, flight-plan, tactical load-out, fuel, aircraft mission parameters, etc.) Operating in Ft. Rucker AL, Taegu Republic of Korea, Dongduchon Republic of Korea, Aberdeen Proving Ground (APG), MD,. Accumulated 200 left-seat flight hours, TOP SECRET clearance
KNOWLEDGE SHARING and PROFESSIONAL CONTRIBUTIONS
Typical technology consultancies engage just long enough to solve an immediate issue or deliver a design…then collect the fee. At that point it's up to the owner/operator to keep things going. For critical infrastructure this is not an acceptable approach. Active knowledge-sharing of applied methods required for technology sustainment is essential for helping to ensure effective Operations processes are in place AFTER the engagement is completed. Contributions in this section represent this philosophy.
Presenter, LinkedIn Live Event – Co-creator and presenter for live cybersecurity discussion, 'Cybersecurity Resilience: Strategies for Water and Grid Infrastructure'. Discussion focused on steps to establishing long-term cyber posture enhancement through established frameworks and latest thinking regarding the importance of People and Process - COMPLETED 4th Qtr 2023
Interview – Authority Magazine, Medium.com, 'Ransomware Attacks - 5 Things You Need To Do To Protect Yourself Or Your Business' - Published 1st Qtr 2022
Contributor Author – 'Digitization at the Heart of Cybersecurity, Asset Management'. Black & Veatch Insights Group Electric Report - Published 1st Qtr 2022
Author – IEEE Monthly Bulletin, 'Ransomware: A Change Would Do Us Good'. Short article promoting a change in approach to classic reliance on cybersecurity hygiene approaches to defense. The article suggests that network architecture, people and process aspects are equally important and should be emphasized in Cyber Attack For Ransom (CAFR) event response in utility OT environments - Published 4th Qtr 2022
Co-author and Presenter – Distributech International - 'Practical Protections to Combat Rising Ransomware'. A joint industry customer/consultant presentation showing how concepts such as the Idaho National Laboratories (INL) Consequence-Driven Cyber-Informed Engineering (CCE) framework, combined with proper packet network architecture help define a more robust response to Cyber Attack for Ransom (CAFR) events – COMPLETED 1st Qtr 2023
Author – 'How to Build Your Gameplay in the Fight Against Utility Ransomware' - short article reviewing core principles or 'pillars' for establishing an effective response plan to ransomware attacks. The intent is for utility operations leaders to focus efforts on essential categories of capabilities yielding the best chance of continued operation and service delivery within the context of a CAFR event - COMPLETED 2nd Qtr 2023
Certified Trainer Course, Idaho National Labs Consequence-Driven Cyber-Informed Engineering – Through in-person Accelerate Training, acquired knowledge to support investigating and assessing customer OT security postures utilizing newly released cybersecurity vulnerability assessment methodology for critical infrastructure. Evaluate possible efficacy, practicality of implementation of principles and any replication and/or enhancements of other established cyber assessment and protection approaches - September 2021
Contributing SME for Industry Standards Development – NERC CIP Critical Infrastructure Protection Committee (CIPC), participant for committee on Supply Chain Security. Formed to help North American Electric Reliability Corporation (NERC) advance the physical and cyber security of the critical electricity infrastructure of North America. The committee consists of both NERC-appointed regional representatives and technical subject matter experts - 2020/2021
Contributor/Co-presenter – Utilities Technology Conference Speaker (UTC), Ransomware Planning Presentation – Joint presentation with customer to demonstrate methods and requirements used for establishing planned technical responses to a CAFR (Cyber Attack For Ransom) event, without paying ransom, Portland, OR, August 2021
Contributing Author/Developer, Strategy Engine – Assist in creation of model for support of critical infrastructure Telecom Network Master Planning activities. Provides repeatable process for creation, tracking and evaluation of infrastructure and security project Key Performance Indicators (KPI's) and technical project Key Objectives (KO's). Co-developed with an electric utility customer and made compatible with existing best-practice network/security infrastructure assessment, and implementation execution processes, e.g., PAADIO - May, 2020
Co-Author and Co-Presenter – 'Low Impact Asset Assessment and Protections - Case Study', refined case-study examination of a successful NERC CIP Low Impact inventory and qualification-assessment involving 80 locations across a state, and thousands of devices. Work included implementation of over 40 industrial firewalls at select field locations, national North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Committee meeting, Minneapolis, MN - September 2018
Requested Reviewer – 'Energy Sector Asset Management for Electric Utilities, Oil and Gas Industry', National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE) pre-publication release for public comment working draft - December 2017, Published 2018
Contributor Industry Standards – National Institute of Standards and Technology (NIST), National Cybersecurity Center of Excellence Partnership (NCEP), promoting mutual cooperation for collaboration to enhance trust in U.S. IT communications, data, and storage systems, lower risk for companies and individuals in the use of IT systems, and encourage development of innovative, job-creating cybersecurity products and services
Project Execution Process Co-developer and Custodian – I.T. and O.T. project planning, design and implementation process, 'PAADIO' Methodology builds upon ISO, PMI, Carnegie Mellon and other world-class contributors for promoting value-engineering project planning and execution, including CMMI principles and CAPEX / OPEX predictor inputs
Network Coursework Co-developer and Custodian – Customer-facing IP modernization education workshops, providing information and training on proven network and cybersecurity project and technology practices with practical fit, function and organizational impact perspectives. Assists business operations teams in developing their strategic telecommunications plans, execution and sustainment efforts
Invited Panelist – Utilities Technology Council National Meeting, Security Summit, 'Mission Critical Security - Getting it Secure, Keeping it Secure', Charlotte, North Carolina - May 2017
Invited Panelist – North American Electric Reliability Corporation ("NERC") GridSecCon, NIST National Cybersecurity Center of Excellence (NCCoE), Cybersecurity Portfolio and Framework panel member, w/Utilities Technologies Council, Quebec City, CAN - October 2016
Organizer/Moderator – Joint review and comment forum for Special Publication 1800-2 Identity Access Management for Electric Utilities: Utilities Technologies Council (UTC), Customer Representation, Black & Veatch with IEEE contributor, MITRE representing NIST National Cybersecurity Center of Excellence Overland Park, KS - March 2016
Invited Panelist – North American Reliability Corporation, Critical Infrastructure Protection, NERC CIP, 'Practical Implementations and Beyond', Utilities Telecom Council, US National Conference, Denver, Colorado - May 2016
Official Reviewer – National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE) SP 1800-2 - Identity and Access Management Practice Guide for Electric Utilities, WERB Draft - February 2016
Contributor/Co-presenter – 'NERC Critical Infrastructure Protection (CIP) v5/6 Transitions', UTC Region 6 Meeting, Overland Park, KS - April 2016
Participant – NIST National Cyber Security Center of Excellence - Energy Provider Community, Situational Awareness Case Studies Review and Prioritization - 2015
Contributor/Co-presenter – ‘Building a Practical Cyber Security Practice', Utility Telecom Council, Region 6, Overland Park, KS - March 2015
Participant – NIST National Cyber Security Center of Excellence - Energy Provider Community, Identity Access Management Case Studies - 2015
Author and Presenter – ‘Practical IT/OT Convergence for Utility Networks’, UTC Canada National Conference, Calgary - September 2014
Invited Panelist/Presenter – ‘Smart Grid Convergence Using Multi-protocol Label Switching (MPLS)’, UTC National Conference, Orlando, Florida - May 2012
Author and Presenter – 'Foundations for MPLS VPN’s’, UTC Region 4, Indianapolis, IN - October 2012
Invited Panelist/Presenter – 'Network Infrastructure, Kansas Legislative Systems Strategic Plan (e-Democracy Strategies)', United States House of Representatives Executive Staff briefing, Topeka KS - December 2008