CISSP CISA CISM Pasted Graphic 1 Pasted Graphic 3

THE METHOD

Customer business applications define communication requirements. Risk/Value calculations are made which further inform data systems design. The rest of the "heavy lifting" for data systems architecture, infrastructure and support process has already been done for us thanks to a myriad of applicable standards and frameworks, e.g. IETF, IEEE, IEC, NIST, FISMA, HIPAA, PCI, NERC, ISACA, ISC2, COBIT, ITIL, PMI PMBOK, and ISO.

With this significant foundation of information advising us how to design, build and operate a critical infrastructure data network, it should self-define, if we let it. To elevate the prospect of creating reliable, secure and sustainable systems from a desired outcome to a certainty…


'Follow the spec. and your data communications systems won't be a wreck.'



2021 INITIATIVES


Supply Chain Cybersecurity Risk Management, Survey Response Process - Developing new process to assist company with responding to supply chain risk management surveys (ISO 27000-based) to support qualification for new client engagements. Survey's may be of any form, depth or breadth so response must be able to provide assurance of risk reduction and information protections in varied circumstances. Process will require inclusion of Sales, Technical Support, Delivery Teams, Corporate Cybersecurity, Corporate Legal, with automated request initiation with status tracking, cross-division acceptance/implementation, and a client-results feed-back loop for continuous improvement.

«»«»«»«»«»«»«»«»«»«»«»«»«»«»«»«»«»«»«»«»«»«»«»«»«»«»«»«»«»«»«»«»«»«»«»«»«»«»«»«»«»«»«»«»«»«»«»«»«»«»«»

2020 INITIATIVES

Contributing Author/Developer 'Strategy Engine' model for support of critical infrastructure Telecom Network Master Planning activities. Provides repeatable process for creation, tracking and evaluation of infrastructure and security project Key Performance Indicators (KPI's) and technical project Key Objectives (KO's). Co-developed with an electric utility customer and made compatible with existing best-practice network/security infrastructure assessment, and implementation execution processes, e.g., PAADIO.

Principle Author
Develop and produce a briefing document for a large technology consulting organization helping define operations tools that protect client program and project information during execution. Protections address best-practice approaches for general information sharing access controls; Microsoft SharePoint use; Cloud-based project tool information processing.


REPRESENTATIVE PROGRAM and PROJECT EXPERIENCE

Extensive experience working directly for software and hardware producers and OEM's and as a paid consultant helping governments and businesses design and deploy secure, reliable and sustainable information networks.

Technical Coordinator - Develop utility sector very large-scale field demonstration criteria for implementation and validation for 17 site MPLS VPN data network with data flow filtering protections that include wired, private radio spectrum and microwave wireless infrastructure. Will examine interaction requirements of IP network team and RF team seeking to optimize overlapping responsibilities and tasks for provisioning, validation testing and turn up, March 2021
Principle Consultant Cybersecurity North American Reliability Corporation - Critical Infrastructure Protection (NERC CIP) procedures documentation standardization project for large electric provider. Provide review, validation and verification for series of practical process/procedures guide documents aligned with NERC CIP rule set, August, 2020
Principle Consultant Cybersecurity NNorth American Reliability Corporation - Critical Infrastructure Protection (NERC CIP), BCA Low Impact Electronic Access Point (LEAP) Assessment. Developed Statement of Work (SoW), led Design and Deployment – pursuant to rapidly evolving DoE directives for Critical Infrastructure Protection compliance requirements, active project to assess vulnerability in approximately 100 electric grid field sites through inventory and logical assessment, detecting and analyzing all NERC CIP LEAP's and cyber assets and including simultaneous deployment of additional application flow filtering protection systems, February, 2019
Human Resource Consultant Requested by private energy generation, transmission and distribution utilities to assist in identification and qualification of Smart Grid technical resources for very large-scale O.T. network modernization projects. Interview and rated candidates with urgent timeline requirements. November, 2019
Team Leader Cybersecurity Conceptual Design Proof-of-Concept Lab - led creation and execution of OEM switch/route/firewall proof-of concept test to evaluate best design solution employing MPLS network virtualization, data path encryption and traffic flow filtering. Testing was in support of very large-scale critical infrastructure for an electric utility. Tasks included test plan documentation, lab provisioning, inventory controls, test monitoring, results evaluation and outcomes memorandum, July, 2018
Principal Network Operations Consultant
Assessment of Network Operations capabilities for large multi-state SouthEast U.S. utility. Duties included current state analysis, gap analysis, CMMI maturity modeling of network monitoring operation to track progress toward future state goals. Areas of study covered include application requirements and data flow, network health, alert monitoring, tools, staffing and cybersecurity integration, April, 2018
Lead Product Evaluator – Led product field evaluation team to analyze and record Human Factors observation through user interviews and use-case functional testing of industrial purpose-built intrusion detection appliance. Developed Statement of Work (SoW) for service.Product was examined during Proof-of-Concept deployment within operational production network, June, 2017
Participant/Coordinator Cybersecurity Exercise Utility sector Live-Fire effort, developed statement of work (SoW) assist with design and execution of organization-wide cybersecurity intrusion(s) exercise including Identification, Incident Response and Mitigation for generation/transmission/markets multi-state electric cooperative; included master security event list (MSEL) development and exercise injects for human engineering site access, packet payload modification and natural disaster events, January, 2017
Team Leader Quality Assurance Software and Hardware products Quality Assurance group, both shrink-wrap and integrated code. Conceived and applied interactive hardware/software product black-box verification / validation testing procedures and techniques; led development of localization dialog comparison process; led field alpha and beta test programs; identified and documented human-factors gap in user interfaces, develop bug database attributes, etc.
Team Leader Quality Assurance Business Intelligence Web Application Quality Assurance group, working with Development teams, Marketing, Sales and Management while leading quality assurance efforts that ensured rapid-to-market delivery of complex business intelligence products
Principal Network and Cybersecurity Architect Telecom Master Plan for very large scale Generation, Transmission and Distribution, I.T. infrastructure, South East U.S. energy co-op; defining new highly secure and reliable Smart Grid data transport infrastructure, work produced Current State, Futures State, Solutions Analysis and Roadmap
Principal Network Architect State government capitol legislative network modernization - developed Statement of Work, team lead for modernization program including VoIP, Legislative wired and wireless network and assess recommend cybersecurity controls - environment listed on National Register of Historic Places
Principal Consulting Network Engineer national credit union IS provider, security infrastructure project with PCI Compliance factors: Deployed Cisco MARS SIEM (Security Information and Event Management), tuned through learning modes and false-positives, trained local staff
Principal Consulting Cybersecurity Engineer Energy markets network, large-scale firewall rule set refresh (1000+ ACL's) for multi-tiered and virtualized security architecture. Work was performed during production hours for the Market necessitating extreme care and caution for rule validation and change activities
Contributing Architect and Engineer Multi-year engagement advising state government I.T. organizations. Hands-on network architect, infrastructure engineer and team leader for federated state government, all-agency $5,000,000+ network transition project: “green field” virtualized, tiered and modularized: 1000+ router nodes; 37,000+ ports, 100+ user groups; future-proofing designs providing high availability UC foundation, flexible growth trajectories and investment preservation
Principal Cybersecurity Consulting Engineer National jewelry chain, PCI (Payment Card Industry) DSS self-assessment PCI questionnaire project: Analyzed network architecture and identified risk factors relative to achieving PCI compliance
Principal Cybersecurity Consulting Engineer Regional credit union, security infrastructures project: Scoped, deployed and configured Cisco ACS, (Access Control Server) and “hardening” of related infrastructure devices, trained staff
Senior Network Consulting Engineer Global BPO IS provider, security infrastructure project: Scoped, deployed and configured MARS (Monitoring, Analysis and Response System) SIEM, including learning mode evaluation and false-positive tuning, trained staff
Senior Cybersecurity Consulting Engineer Global pharmaceutical corporation, security infrastructure project with HIPAA Compliance factors: Deployed and configured MARS (Security Monitoring, Analysis and Response System), including learning modes and false-positive tuning, provided staff training for SIEM operation
Principal Network and Cybersecurity Architect Very large-scale energy distribution co-op Operations Control Center network architecture redesign including multi-tiered multi-vendor Firewall architecture with NERC CIP regulatory compliance factors addressed: Logging; DMZ; Access Controls; Interactive Remote Access; Change Control Reporting
Senior Network and Cybersecurity Consulting Engineer Regional health services provider, security strategy assessment and development project with HIPAA Compliance factors: team member for comprehensive data security strategy, risks, review and recommend
Consulting Engineer Cybersecurity National BPO back-office application services provider, security strategy assessment and development project: Team member for comprehensive security strategy, review and recommend
Network Consulting Network Engineer Global entertainment corporation, rapid data center build-out project: Deployed and configured secure terminal access and content load-balancing
Senior Consulting Engineer Cybersecurity (Calence) Senior cybersecurity posture assessments, PCI compliance, HIPAA compliance, trusted network and cybersecurity advisor to named accounts, (State of Kansas), expensive hands-on secure infrastructure design and implementation of SIEM's, IDS's, Firewalls, etc.
Senior Consulting Engineer Cybersecurity (Alexander Open Systems)
Multi-year critical account assignment, on-site supporting named account to help ensure customer success with product line in large-scale multi-year MPLS deployment
Critical Accounts Field Engineer (Cisco Systems) Assigned to remediate Cisco Critical Accounts Program client experience complex network instability. Assignment evolved in to multi-year on-site network architecture consultation
Team Lead Quality Assurance (Farallon/Netopia)
Network and Web Application Software Quality Assurance Engineer working with Development, Marketing, Sales and Management teams while leading quality assurance efforts that ensured rapid-to-market delivery of complex network management products.
Technical Assistance Center Engineer (Cisco Systems) Working in OEM networking hardware and software customer support group, handling tier 1, 2, and 3 support calls for entire product line including networking switches, routers, network configuration and management software, etc.
Technical Assistance Center Engineer (Farallon) Working in OEM networking hardware and software customer support group, handling tier 1, 2, and 3 support calls for entire product line including networking switches, software routers, network configuration and management software, screen-sharing applications, etc.
U.S. Army Flight Operations Coordinator – scheduled and load balanced military flights throughout operating theater, including Medivac, VIP and Hazardous Duty assignments at Ft. Rucker AL, Taegu RoK, Dongduchon RoK, Aberdeen Proving Ground MD, TOP SECRET clearance


KNOWLEDGE SHARING and PROFESSIONAL CONTRIBUTIONS

Being able to transfer knowledge about standards-based best-practice methods, procedures and processes is vital for achieving reliability in complex data networks. Paid consultants and techno-geeks typically hang around just long enough to collect the fee - at that point it's up to the owner/operator to keep things going. You will find my professional contributions and delivery methodology have a continuous focus on promoting sustainment of newly implemented data infrastructure.

Contributing Author 'Utilities Must Constantly Be On Offense in Cat-and-Mouse Game Against Hackers'. Black & Veatch Insights Group Strategic Directions Report, Utilities, June 2020.
Standards Contributor NERC CIP Critical Infrastructure Protection Committee (CIPC), participant for committee on Supply Chain Security. Formed to help North American Electric Reliability Corporation (NERC) advance the physical and cyber security of the critical electricity infrastructure of North America. The committee consists of both NERC-appointed regional representatives and technical subject matter experts.
Contributing Author 'NERC CIP Low-Impact Compliance Drives Opportunity to Improve Operational Technology Security', Black & Veatch Insights Group Strategic Directions, Utilities, February 2019
Co-Presenter 'Low Impact Assessment and Protections - Case Study', refined case-study examination of a successful NERC CIP Low Impact inventory and qualification-assessment involving 80 locations across a state, and thousands of devices. Work included implementation of over 40 industrial firewalls at select field locations, national North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Committee meeting, Minneapolis, MN, Sept. 2018
Co-author 'Do You Want to Play a Game?', refined case-study examination for a hybrid live-fire cybersecurity exercise performed in cooperation with multi-state electric utility cooperative in 2017, presented at DistribuTech, San Antonio, TX, 2018
Requested Reviewer'Energy Sector Asset Management for Electric Utilities, Oil and Gas Industry', National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE) pre-publication release for public comment working draft, December 2017, publication proposed 2018
Contributing Author ‘2017 Strategic Directions: U.S. Smart City/Smart Utility Report - Maximizing Smart Grid Deployments Through Communications and Network Infrastructure', Black & Veatch Insights Group, February 2017
Invited Panelist – Utilities Technology Council National Meeting, Security Summit, 'Mission Critical Security - Getting it Secure, Keeping it Secure', Charlotte, North Carolina, May 2017
Contributor/Participant National Institute of Standards and Technology (NIST), National Cybersecurity Center of Excellence Partnership (NCEP), promoting mutual cooperation for collaboration to enhance trust in U.S. IT communications, data, and storage systems, lower risk for companies and individuals in the use of IT systems, and encourage development of innovative, job-creating cybersecurity products and services
Project Execution Process Co-developer and Custodian I.T. and O.T. project planning, design and implementation process, "PAADIO". Methodology builds upon ISO, PMI, Carnegie Mellon and other world-class contributors for promoting value-engineering project planning and execution, including CMMI principles and CAPEX / OPEX predictor inputs
Network Coursework Co-developer and Custodian Customer-facing IP modernization education workshops, providing information and training on proven network and cybersecurity project and technology practices with practical fit, function and organizational impact perspectives. Assists business operations teams in developing their strategic telecommunications plans, execution and sustainment efforts
Invited Panelist North American Electric Reliability Corporation ("NERC") GridSecCon, NIST National Cybersecurity Center of Excellence (NCCoE), Cybersecurity Portfolio and Framework panel member, w/Utilities Technologies Council, Quebec City, CAN, October 2016
Contributing Author ‘2016 Strategic Directions: U.S. Smart City/Smart Utility Report - Looming Security Rules Raising Urgent Questions for Utilities', Black & Veatch, February 2016
Organizer/Moderator Joint review and comment forum for Special Publication 1800-2 Identity Access Management for Electric Utilities: Utilities Technologies Council (UTC), Customer Representation, Black & Veatch with IEEE contributor, and NIST National Cybersecurity Center of Excellence Overland Park, KS, March 2016
Invited Panelist – North American Reliability Corporation, Critical Infrastructure Protection, NERC CIP, 'Practical Implementations and Beyond', Utilities Telecom Council, US National Conference, Denver, Colorado, May 2016
Official Reviewer – National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE) SP 1800-2 - Identity and Access Management Practice Guide for Electric Utilities, WERB Draft, February 2016
Contributing Author ‘IP Transitions’ White Paper, MPLS and network modernization topics, Utilities Telecom Council, February, 2015
Contributor/Co-presenter
'NERC Critical Infrastructure Protection (CIP) v5/6 Transitions', UTC Region 6 Meeting, Overland Park, KS, April 2016
Participant NIST National Cyber Security Center of Excellence - Energy Provider Community, Situational Awareness Case Studies Review and Prioritization, 2015
Contributor/Co-presenter Building a Practical Cyber Security Practice', Utility Telecom Council, Region 6, Overland Park, KS, March 2015
Participant NIST National Cyber Security Center of Excellence - Energy Provider Community, Identity Access Management Case Studies, 2015
Presenter ‘Practical IT/OT Convergence for Utility Networks’, UTC Canada National Conference, Calgary, September 2014
Author‘Network Virtualization in a Physical World’ - Utility Sector White Paper, 4th Qtr 2013 (Unpublished)
Author‘Deploying Effective Port Security in Utility Networks’, UTC Journal, 4th Qtr 2012
Invited Panelist/Presenter
- ‘Smart Grid Convergence Using Multi-protocol Label Switching (MPLS)’, UTC National Conference, Orlando, Florida, May 2012
Presenter'Foundations for MPLS VPN’s’, UTC Region 4, Indianapolis, IN, October 2012
Author'Converging Utility Data Networks with MPLS VPN’s’, UTC Journal, 4th Qtr, 2011
Author/Presenter'Network Migration Architectures and Strategies', State of Kansas Technology Advisory Board (ITAB), Topeka, KS, 2010
Invited Panelist/Presenter'Network Infrastructure, Kansas Legislative Systems Strategic Plan (e-Democracy Strategies)', United States House of Representatives Executive Staff briefing, Topeka KS, December 2008

"If one would give me six lines written by the hand of the most honest man,
I would find something in them to have him hanged." - Cardinal Richelieu