PROFESSIONAL SUMMARY:

• Dynamic, results - focused Senior Telecommunications Engineer, provides proven management experience, thirteen years having been in the energy sector, and over 6 years of experience working with the Confidential CIP Cyber Security Standards, brings to the table for your organization, specialization in Program Management, Regulatory Compliance, Cyber and Physical Security, Information Protection, Implementation, Optimization, and System Hardening of Industrial of industrial systems which are typically unique to Electric Utilities and Oil & Gas industries. Experience managing, collaborating with, or leveraging diverse distributed project teams, through complex system design and deployment efforts for industrial communications, control, and electrical power systems projects;
• I am a diverse professional, experienced with special projects that require the in corporation of engineering theories, Confidential standards, concepts, and techniques as well as engineering, industrial, government codes, and regulations.
• Experience with enterprise-level information-security plans, policies, standards, guidelines, methods, best practices, tools and techniques based on current industry standards; in particular pertinent federal, state and local laws, codes, and regulations that affect confidential information cyber and physical security for special projects, and the Bulk Electric Systems Critical Infrastructure.
• My diverse skill-set and successes include self-employment, research associated with governmental projects, project management of capital projects consisting of real-world, enterprise-class Industrial Control System “ICS”, Distributed Control Systems “DCS”, Supervisory Control and Data Acquisition “SCADA” systems; including supportive network infrastructures, typical of mission-critical systems for a globally known fortune 500 company.

CORE COMPETENCIES:

• BES Working Groups, BES Cyber-Asset Identification
• Development or enhancement of BES programs, processes, and policies procedures, required by Confidential Regulatory Standards
• BES Confidential CIP V5 Compliance Program Management
• Management of Compliance cross-functional teams
• Monitoring change in Confidential Regulatory Standards
• Advising Stakeholders of Projected Regulatory Change
• Cyber Security
• Critical Vulnerability Assessments
• Secure Configurations
• Hardened Production Infrastructures
• BES Cyber-System Identification Methodology
• BES Cyber-Security Program Assessment/Development
• Development of BES Cyber-Security Methodologies
• BES Cyber-Security Protections, BES Cyber & Physical Security Mgt Best Practices, Cyber-Security Architectural Models
• BES Cyber Asset Baseline Assessment & Development Activities
• System Protection, Threat and Vulnerability Management (TVM)
• Cyber Asset Security Event Logging and Monitoring
• Production Infrastructure Security Event Monitoring
• Remediation Planning, Implementation, and Tracking
• Mitigation and Remediation Strategies
• Information Security & Process Assessment
• Disaster Recovery & Patch Management
• Vendor & Patch Management Supportive Services
• Disaster Recover Programs & Exercises
• Patch Management of Cyber Assets
• Patch Management Program / Processes / Assessments
• Risk Assessments
• Technological Architecture Assessments
• Technological Root-Cause-of-Failure
• Risk Analysis, Risk Mitigation/Remediation, Risk Management
• Big Data Analytics & Impact Analysis
• Technical Analytical Problem Solving and Research
• Situational Awareness, Planning, Implementation, and Tracking, Infrastructure Analysis
• KPI, Physical, Analytical
• Assessing compliance with Confidential (CIP) Reliability
• Developing / Assessing Workflow Processes
• Audit Readiness
• Confidential CIP Compliance Organizational Readiness Exercises
• Annual Regulatory Audit Preparation Activities
• Mock Audits, and Evidence Reviews
• Internal and Regulatory Compliance Processes
• Identifying, Collecting, and Analyzing Evidence for Audits
• Internal Spot Checks, External Data Requests
• Confidential Program / Project Management
• Management of Allocated Resources & Critical Process
• Coordination of Assignments, meeting/exceeding project deadlines
• Applying knowledge of Vulnerabilities to Current Issue
• Internal Compliance Support for Confidential, Information Technologies
• Assessing, Testing and Commissioning Evidence
• Building high-performing, results-oriented quality into projects
• Developing Stakeholder Buy-In
• Creation / Assessment of Electronic Security Perimeter - ESP diagrams depicting inter-connectivity between Cyber-Assets
• Creation/Review of accepted Technical Feasibility Exceptions
• Physical Security
• Access Management Processes
• Industrial Infrastructure Physical Security Assessments
• Cyber, Physical & Compliance Related Training Activities

EXPERIENCE:

Confidential, Los Angeles, CA

Compliance Program Manager

Responsibilities:

• Managed to achieve Confidential CIP 002-5 through 014-2 Standards, and business requirements, collaboratively creating Confidential CIP V5 strategies, policies, programs, procedures, processes, and controls, reducing operational challenges to compliance with Confidential CIP V3 requirements, while assessing and mitigating potential risks and impacts of Confidential CIP V5 to the corporation. As Confidential CIP-002-5.1 through 014-2 Standards have reached their current state of maturity, core compliance cross-functional teams and I have worked to achieve Confidential , and business requirements, collaboratively creating Confidential CIP V5 strategies, policies, programs, procedures, processes, and controls, that improve performance and reliability. Dedicated teams have worked to understand and reduce operational challenges to compliance with Confidential CIP V3 requirements, assessing and mitigating potential risks and impacts of Confidential CIP V5 to the corporation.
• Confidential CIP V3 to V5 transitional responsibilities assessing planned strategic initiatives for Confidential CIP V5 developmental projects, team consisted of matrixed organizational units, contributing significantly to the overarching Confidential CIP V5 compliance strategy.
• Confidential CIP professional ccoordinates compliance projects for production and EMS environments, working closely with utility IT, IS Security, T&D, System Operations and EMS teams to implement project plans.
• Performance-driven leader leverages industry and ever-evolving technological expertise, to identify opportunities for process improvement; providing in-depth knowledge of regulatory standards, transparently delivering proactive insights on developments in Confidential environments, and embracing opportunities for professional enhancement. OU SMEs, have worked with compliance groups, legal, regulatory affairs teams, and vendors, to translate Confidential V5/6 regulatory requirements into actionable plans for use by business operations, and technical design teams who are factoring in infrastructure considerations based on external regulatory requirements, and internal regulatory documentation; enhancing over-arching cyber-system(s) security posture for critical infrastructures.
• Whether coordinating or participating in activities with personnel from multiple “OUs”, proactively I have advocated for enhanced compliance and technical requirements to upper management for Confidential CIP impacted projects, that increase efficiency of production and operational compliance processes.
• Critical thinker monitors change to state and federal government regulations, policies, compliance standards, codes, and regulatory process, for changes in regulatory policy, assisting internal customers, developing remediation activities for potentially identified deltas.
• Forward thinking professional stays abreast of emerging security trends and threats to the energy industry, striving to ensure an appropriate compliance and risk aware culture. Continually, strengthening business relationships with industry, to gain strategic insights, identifying risk, working towards development or enhancement of value added documentation, required by upper management to formulate corporate goals.
• Experience formulating, and advocating for strategic enhancements and technical solutions, focused on enhancing information security, operational performance, and compliance requirements; emphasizing the need for flexibility while adapting to change. Diligently assesses operational performance, cyber, and physical security posture, advising mid-level leadership teams and upper management on the latest developments in regulatory processes for industrial cyber-security landscape, and potential impacts to the organization.
• Advocating for best practices, intending to enhance the reliability and sustainability of the Grid, insuring alignment with goals and regulatory requirements, conducting cross-training activities, delivering presentations and webinars, sharing lessons learned, mentoring others based on lessons learned. Continually, driving and delivering on strategic initiatives, fostering a safety-focused culture of continuous improvement within cross-functional teams engaged in planning activities, for projects consisting of multiple organizational units, identifying opportunities for self-improvement, and continual professional growth.
• Confidential CIP Subject Matter Expert "SME" provides guidance, proposals, recommendations, and detailed technical knowledge of numerous programmable cyber-systems and cyber-asset device classes, networking and security components, application platforms, and operating systems that typically reside within production facilities. Confidential CIP V5 Compliance professional, incorporates a technological perspective when analyzing capital projects, performing risk assessments, for physical and Cybersecurity vulnerabilities. Effectively collaborates with peers and program personnel, and all levels of management, developing recommendations and solutions that secure stakeholder agreements.
• Leveraged infrastructure security frameworks expertise, to assess confidential information, for security or non-compliance gaps; identifying potential opportunities for process improvement. Facilitating internal risk-based reviews including technology and Confidential compliance based critical infrastructure projects; performing data-intensive analytics of evidence, developing enhanced system evaluation process that promoting strategic problem-solving efforts, serving as a strategic resource, providing awareness to potential internal & external security issues and trends.
• Advanced knowledge of communication protocols, networking principles, technologies, topologies, and penetration testing techniques, utilizing manual or automated methods, scripts, commercial and open source tools, providing analysis of potentially identified vulnerabilities associated cyber assets or mission critical systems security. Provided proposals to identify, mitigate, and manage potential infrastructure technical risks, from information-centric cyber-assets and ever-changing technology, proposing mitigations for potentially identified security risks, developing related security controls.
• Practical experience utilizing analytics, risk analysis, and risk management methodologies, recommending, implementation of industrial cyber-security best practices for current and emerging technologies such as sensors/integrated platforms, DCS, SCADA systems, for connected infrastructures such as EMS and Production environments.
• Utilized a holistic approach to the security assessments, and periodic audits of data applicable to securing critical infrastructure, assessing potential industrial cyber and physical security vulnerabilities, providing responses that enhance mitigation strategies used for potential industrial emergencies. Assessment of cyber-security vulnerability assessment methodology, collaboratively working with site CIP site specialist, developing and tracking potential corrective action plans, formulating creative technical solutions; addressing potential technological gaps, tracking potential industrial cyber-security vulnerabilities; tracking mitigation plans throughout the remediation life cycle.
• Review and development of project plans, milestones, and program specific activities, working in conjunction with OU SMEs, to anticipate and develop strategies that achieve projected deliverables. Utilized root-cause-analysis for tracking potential Confidential CIP V3, V5/6 risks of non-compliance for highly visible critical infrastructure projects analyzing system specifications for a variety of complex system designs, and integration projects that support critical infrastructure reliability.
• Evaluating ongoing projects against Confidential Standards, and internal Confidential V5 programs, for alignment with corporate goals; advocating for standardized workflow processes that promote transparency and quality. Performing detailed big data analytics, recommending enhancements to processes or procedures to mitigate potentially identified security or compliance gaps. Suggesting remedies that increasing efficiency across organizational units and the organization.

Confidential

Responsibilities:

• Managing and implementing, recurring regulatory compliance program elements, interacting with cross-functional teams performing quarterly and annual quality assurance reviews, overseeing formal project planning, tracking, and identifying potential shortcomings.
• Managing complex challenges, working cross-functionally amongst multiple OUs, prioritizing as necessary, promoting potential solutions, communicating proposals across organizational units and to upper management, collaborating with project leaders, and stakeholders, across the organization to align current processes with business objectives. Assisted internal clients with development of mitigation plans or remediation plans; recommending methods to increasing transparency, efficiency, and accountability for potentially identified findings, escalating upwards when appropriate.
• Functioned as point of contact for internal audits of critical infrastructure projects, and other security and compliance initiatives; providing recommendations that crossed multiple disciplines and environments; in corporate compliant solutions, the ensure achievement of corporate objectives.

Confidential

Responsibilities:

• Hard-working, ethical, professional provides in-depth knowledge, participating in the development of core Confidential compliance functions, potentially identifying industrial cyber-security vulnerabilities, and potential Confidential compliance gaps, as part of transition activities from Confidential CIP V3 to V5/6 internal regulatory compliance transitional documentation development.
• Experience representing the Reliability Standards Compliance “RSC” organizational unit, supporting the development of Confidential CIP V5/6 BES programs, partnered with internal organizational units, participating in the design and implementation of Confidential programs, processes, and procedures, enabling continuous compliance with regulatory standards, endeavoring to improve compliance and quality of assessment activities.
• Functioning as a technical advisor, I have communicated observations to applicable departments within the organization, identifying project risks, driving implementation of proposals to mitigate potential technological or compliance gaps.
• Cross-functional teams and I, working in conjunction with internal and external parties have collaboratively worked towards the development of strategies for assessment of Confidential CIP 002-5.1 through CIP 014-2 standards and requirements, applicable to BES Cyber-Assets, and Systems to achieve Confidential CIP regulatory and business requirements.
• Strong knowledge of various industry and government strategies, standards, regulatory requirements, and guidance documentation
• RSCs T&D Confidential CIP V5 Program Manager coordinates and conducts analysis for ongoing project deliverables, regularly providing knowledge and proposals; participating in the development, evaluation, implementation, or potential mitigation/remediation efforts, communicating lessons learned and status updates to upper management. Utilizing security awareness strategies, provided to upper management information regarding potential degrading or missed compliance goals, advising senior management of potential compliance gaps, and recommendations for appropriate compliant mitigation strategies.
• Prioritized deliverables in a manner that met projected milestones, advising and providing upper management with the needed levels of understanding of technical risks in business terms, which is required to make appropriate business decisions, for the implementation of new or existing technologies.
• Working in conjunction with internal clients and project teams, participated in the development of strategies for enterprise-wide security awareness, educating and advising technology and business stakeholders about potential technology risks.
• Experience advocating for cost effective best practices that ensuring alignment with company goals and Confidential requirements and apply to T&D Confidential compliance activities.
• Extensive knowledge of security, and privacy provisions for a variety of regulations such as (FERC, Confidential , WECC, NIST 800 series, OSHA, NEC, IEEE, ANSI, NEMA, and Sarbanes-Oxley 404) concepts and guidelines.
• Represented “RSC” the Reliability Standards Compliance Unit for Confidential CIP Standards and requirements for physical, and cyber-security of Confidential impacted facilities, attending regulatory conferences, training events, webcasts, and conference calls relating to Confidential CIP V3 and V5/6 compliance matters. Committed, self-motivated professional demonstrates strong personal drive, interacting directly with engineers, business stakeholders, technical and project management teams, and client/sponsor organizations.

Confidential

Responsibilities:

• Daily, utilizing analytics to identifying potential areas for process improvement, performed assessments of many types, using quantitative and quantitative analytics, to develop security metrics that measure effectiveness, efficiency, and operational risk, focusing on changes in Confidential CIP standards and (FERC 693, 706, 802, 791, 822, and 1000). Consistently, utilized personal drive and self-motivation, to maintain subject matter knowledge of Confidential regulatory standards, for commercial and industrial power and communications systems, providing technical recommendations based on lessons learned and best practices, to project teams integrating and aligning operating procedures with company policies and procedures.
• Collaborating with OUs, we have provided analytical support services, evaluating changes in Confidential standards that potentially trigger updates to business strategy, policies, and related materials based on the potential impact to Confidential regulatory compliance programs, and business plans.
• Annually, OU SMEs and I have assessed applicable internal Confidential CIP documentation for compliance with Confidential CIP V3, V5/6 regulatory standards, potentially identifying gaps within organizational units, or Confidential CIP compliance programs, processes, and procedures, during the design build phase, reducing potential compliance impacts relating to larger, more complex infrastructure protection projects.
• First-hand knowledge of industrial cyber and physical security implementation, critical vulnerability assessments, risk assessments, risk management, as well as mitigation and remediation activities. Experience working with cross-functional organizational units, and project teams’ enterprise-wide, providing technical knowledge, collaboratively implementing practices that meet defined industry standards for maintaining policies pertaining to information system security documentation.
• Monitoring change in Confidential CIP Reliability Standards; conducting systems analysis of potentially impacted critical systems, evaluating opportunities for improvement. Proactively providing a technical lessons learned perspective, for Confidential standards requirements, best practice, and any other performance requirement, measure, program, procedure, process design, or internal control.
• Collaborating with internal OU SMEs and management, I have worked to define and develop strategic plans to analyze data management processes for production cyber-system functionality, including internal maintenance of Confidential standard internal compliance program components, and internal controls, streamlining technical and operational cyber-security requirements, applicable to Confidential CIP V3, V5/6 standards.
• Working with internal and external groups and cross-functional teams, emphasized the need to prioritize critical decisions, effectively managing multiple tasks and complex follow-up activities, developing or enhancing efforts to align with Confidential requirements that are cost effective and increase industrial security awareness for mission critical infrastructures.
• Establishing or enhancing effective business relationships, exercising sound judgment, recommending compliant creative solutions, driving technical and compliance requirements for modifications to cyber devices, or the implementation of new technologies that improve system performance testing processes.
• Proactively, I have utilized in-depth understanding of mission-critical cyber-systems, enhancing assessment practices, and internal controls that affect data applications, platform, or cyber-system upgrades, to ensure technical solutions adhere to Confidential CIP standards.
• Advised and provided upper management with the needed levels of understanding of technical risks in business terms for implementation of new or existing technologies, prioritizing deliverables in a manner that meets projected milestones required for appropriate business decisions.
• Utilized working knowledge of Confidential CIP Standards, best practices, and procedures, conducted ongoing compliance security reviews, and competitive research in technological areas pertaining to information management systems, and security controls across complex industrial networks, application platforms, and infrastructures, ensuring attention to security and Confidential regulatory requirements, driving QA/QC initiatives as part of the critical process.
• Managed/performed internal Quality Assessment & Quality Control “QA/QC” processes , including spot checks, for planned or ongoing infrastructure projects, and associated activities, investigating incidents of potential non-compliance, performing risk assessments, reviewing critical vulnerability assessment data, reports, and remediation plans, ensuring practices and activities meet Confidential requirements.
• Frequently, I have taken the initiative to research alternatives and innovative solutions to both business and technical problems, analyzing data, delivering professional insights and recommendations, ensuring attention to security and regulatory considerations, driving QA/QC initiatives as part of the critical process.
• Proven ability to observe potential cyber security risks and weaknesses and take into account complexity or interdependencies of industrial systems, and corporate technological applications.
• Collaborated with organizational units and compliance teams; addressing potentially identified gaps in compliance or security for information management and privacy requirements. Proficient at understanding and assessing risk related to cyber security, compliance programs, processes, or procedures, including internal controls.
• Provided infrastructure security recommendations to project and delivery teams; advocating for opportunities for process improvement, which provide uniform quality, accuracy, and consistency of compliance evidence supporting compliance requirements and the company vision.
• Consistently assessed key areas of security and compliance to understand potential gaps; analyzing and recommending approaches or solutions; distilling results in a way that provides consultative support; reporting status of impacts to group leaders and upper management.

Confidential

Responsibilities:

• Technical experience across various technologies and architectures including network switching and routing (TCP/IP, UDP, DNP3, Modbus, IEC 61850, etc.), firewalls, gateways, and wireless knowledge including WiFi and Radio Frequency (RF) networks, Internet of Things, and network data/packet capture and analysis. Provided advanced knowledge transfer of embedded systems, programmable cyber-asset classes, ICS/SCADA architectures, Power Systems, SCADA and Data acquisition systems, MODBUS, DNP3, and IEC 61850 “Goose” protocols to name a few.
• Experience with industrial cyber-security activities designed to protection of confidential information for large industrial enterprises, identifying and analyzing industrial topologies, recommending system modifications that improve efficiency, and accuracy of inventory for T&D and It confidential infrastructure documentation.
• Functioning as a team member for infrastructure related projects, we have analyzed complex project parameters, utilizing multiple analytical techniques, conceptual system analysis, strategic thinking, and intuition to analyze moderately high-risk situations and potential industrial cyber-security concerns, recommending system or evidence modifications to OU SMEs that improve efficiency and accuracy for confidential infrastructure information protection.
• Experience validating configuration of industrial systems in EMS, and production environments, including cyber-system hardening, proactively providing analytical root-cause-analysis of potentially identified issues related to Confidential CIP non-compliance. Technical knowledge of cyber-security tools, intrusion detection, prevention systems, antivirus, log analysis, "Splunk", packet capture, and vulnerability management applications.
• Represented the Reliability Standards Compliance “RSC” OU, supported the development of the Confidential CIP V5 Vulnerability Assessment Program, performing Confidential impacted facility vulnerability assessment analysis of available cyber-asset criteria, to determine potential risks to Confidential facilities.
• Continually, strived to ensure and establish best practice risk-based management processes and procedures, proactively assessing industrial project related evidentiary documentation, evaluating testing of security configurations for integrated systems and physical or logical security concerns for industrial infrastructures.
• As part of project evaluations, project teams’ work closely assessing Confidential impacted project parameters and related evidentiary documentation to evaluate potential security vulnerabilities, proposing mitigation strategies for potential network vulnerabilities, and identifying opportunities for process improvements.
• As part of CVA assessments, SMEs and external vendors, have reviewed cyber-asset configuration, cyber-asset lists within ESP/PSP, network/Electronic Security Perimeter "ESP" diagrams, cyber-asset ports and services documentation, patch management policies and levels, password policy's, physical security systems, switches, and firewall rules, for Confidential impacted facilities.
• Provided detailed technical knowledge of potential network infrastructure threats, assessing intrusion containment and mitigation techniques, performing vulnerability analysis of select, available cyber-asset criteria, such as cyber-asset baselines, configurations, cyber-asset ports and services, password policy's, cyber-asset lists, ESP/PSP diagrams, physical security, patch management policies and levels, switching, and firewall rules (etc.), for applicable Confidential impacted facilities. Assessed potential gaps in operating effectiveness, and compliance status, potentially identifying gaps in operating effectiveness or compliance, proposing opportunities for process improvements; tracking the remediation of potentially identified deltas, driving initiatives, developing and executing appropriate action plans to mitigate potential system security vulnerabilities.
• Collaborated on various infrastructure and Confidential related projects, with multiple organizational business units, cross-functional teams, field personnel, and third-party service-oriented providers concerning cyber-security assessment reviews, providing identification and transparent communication relating to potential vulnerabilities, reducing the likelihood of a non-compliance finding. Proactively, assessed Confidential impacted project parameters and related evidentiary documentation, potentially identifying gaps in operating or security effectiveness, or compliance status, tracking the remediation of potentially identified deltas.
• Experience identifying technical and compliance gaps, proposing opportunities for process improvements; driving initiatives to develop and execute appropriate action plans that mitigate potential system security vulnerabilities identified as part of critical vulnerability assessments; and tracking the remediation of potentially identified gaps; clearly articulating systems evaluation results in a focused, clear, and concise manner upward. Provided technical knowledge, participating in the development of mitigation techniques, for potentially identified network infrastructure threats, tracking mitigation efforts for potential risks to Critical Infrastructure.
• Assessed potential risks associated with production infrastructure projects, reviewing Confidential CIP V5 project plans, ESP/PSP/PSZ diagrams, specification diagrams, and flowcharts, conceptual, logical, physical security related to data flow, for infrastructure documentation, or information security programs for industrial systems, providing timely feedback to upper management.
• Assessed process and project development life cycle of T&D documentation, utilizing strategic thinking, and analytical skills, interacting with managers and SMEs, associated with production infrastructure projects.

Confidential

Responsibilities:

• Assessed infrastructure architectures and design strategies, evaluating interdependencies between infrastructure, application platforms, capabilities, design limitations, as well as configuration of industrial cyber-security controls, across cross-functional matrixed environments, especially those relating to firewalls, access control, authentication, endpoint protection, anti-virus/anti-malware, patching, logging, and security monitoring.
• Interacted with vendors and project teams to ensure solutions deployed are compliant and in alignment with corporate policies and Confidential standards for industrial cyber-asset security-related software patches, for applicable cyber-assets at Confidential impacted facilities.
• Proposed “Secunia” security patch management application for tracking new critical cyber asset patches, and proposing design implementation processes for tracking, evaluation, and testing of required security patches for mission critical cyber-systems.
• Provided insight of enterprise security strategies, advised internal customers during BES infrastructure development and implementation phases.
• Participated in planning and implementation of disaster recovery programs, operating procedures, external and internal audits, risk-assessment processes, for industrial infrastructures and cyber-assets
• Participated in disaster recovery planning, reporting status of system recovery processes, procedures, and disaster recovery plans upward.
• Demonstrated proficiency with internal audits for enterprise-class organizations, assessing, and recommending the implementation of remedial measures intended to reduce the risk of potential Confidential CIP non-compliance incidents. Participated in SCE’s Confidential regulatory compliance audit providing pre-audit supportive services.

Confidential

Sr. Communications Engineer

Responsibilities:

• As part of these dedicated teams, I have worked to coordinate and implement medium to large industrial compliance projects, developing and executing plans to meet deadlines that are in alignment with government codes and regulations, and Confidential compliance requirements. Conducted, monitored, and reported CVA status coordinating assigned Confidential CIP activities, analyzing data for engineering projects. Regularly, interacted with management at all levels, wireless service providers, network OEM’s, electrical and communications network design companies, individuals and teams involved in cyber security and analysis of production infrastructures.
• Coordinated special projects, incorporating engineering theories, Confidential standards concepts, and techniques as well as engineering and government codes and regulations, utilizing specialized utility programs, and vendor-specific software, developing security test cases and cyber asset, device-class profiles needed to implement security strategies; continuously, working to ensure understanding of Confidential compliance requirements.
• Provided technical support to multiple project teams, ensuring technical performance specifications were clearly defined and application was fully understood; synthesizing complex information ensuring adherence to directives for security monitoring, infrastructure reliability, and performance management, enhancing an overall security posture.
• Provided presentations to management at all levels, service providers, network OEM’s, electrical and network individuals, and design teams involved in cyber security quantitative, and quantitative analysis of production infrastructures, providing technical support to team members.
• Participated in cross-training activities designed to share lessons learned with cross-functional teams, providing tested and proven expertise based on lessons learned, fostering a culture of continuous improvement.
• Responsible for annual and quarterly review, management of change, technical feasibility exceptions, and critical vulnerability assessments of Confidential CIP V3 impacted facilities.
• Participated in Cyber Confidential Team exercises and emergency response activities, working together with vendors, application developers, database administrators, corporate IT and other technology groups, towards annual assessment requirements and potential problem resolutions.
• Responsible for attended regulatory conferences, FERC, Confidential webcasts, WECC and WICF workshops, providing first-hand accounts, reporting on topics of interest and importance to upper management and the team.
• Participating in cross-functional teams, we have maintained strong, dynamic partnerships across organizational lines, engaging with technical experts, developing awareness of operational issues, enhancing knowledge, of each team member involved to the extent possible, for compliance related to Confidential CIP-Version 3 reliability standards . Consistently, operational maintenance teams have utilized root-cause-analysis, automated tests, implementation of system upgrades, and coordination of resources to meet compliance and business requirements. Compliance teams have worked to prioritize deliverables in a manner that meets projected milestones, coordinating project compliance related activities across various business lines and area departments.
• Managing projects effectively, meeting operational deadlines, develop and understand organizational compliance objectives and disseminating information internally and across business units. Implementing organizational objectives set by directors and upper management, interfacing / collaborating with design teams and project members at all levels; participating in decision-making processes to determine anticipated benefits, contributing to continuous process improvements, preparing reports of project milestones for upper management.
• Development of annual review of Confidential CIP processes and procedures, ensuring that the reliability, performance, integrity, and recoverability of identified Critical Cyber Asset (CCA’s) comply with Confidential CIP Version 3 requirements.
• Coordinated compliance projects, for production environments, working closely with utility IT, IS Security, T&D, System Operations and EMS teams to implement project plans, ensuring timely completion of Confidential CIP compliance deliverables. Proven ability to handle multiple projects and priorities, prioritizing as necessary to align with current business objectives, interfacing and collaborating with project personnel at all levels of project milestones updating upper management as required.
• Project management and coordination of cross-functional teams and technical experts, coordinating projects, working closely with utility teams and individuals from IT, IS Security, T&D and EMS to ensure CIP compliance and report project progress to upper management; providing cross-functional coordination of resources, for systems implementation, design, and configuration, implementation of critical systems, operational maintenance testing, and usage monitoring utilizing root-cause-analysis for systems assessment.
• Established and maintained positive and productive working relationships with team members, various individuals, groups, peers and cross-departmental groups, enhancing a mind-set for continuous improvement. Worked to raise the knowledge, and understanding of engineering team members responsible for compliance activities associated with Confidential CIP -Version 3 reliability standards.
• Responsible for change management for all hardware and software modifications and TFE processes for hardware updates and software configuration changes to industrial infrastructures. For assigned projects managed estimation of timelines, milestones, and course corrective actions to achieve company objectives.
• Participated in cyber Confidential exercises; disaster recovery planning; reporting on system preparatory recovery efforts.
• Expertise and specific technical knowledge of cyber-security tools, intrusion detection and prevention systems, antivirus, log analysis "Splunk", packet capture “Net Decoder”, and vulnerability management applications. Field experience validating the configuration of industrial systems in EMS, and production environments, that include cyber-system hardening, and proactively providing analytical root-cause-analysis of potentially identified issues related to Confidential CIP non-compliance.
• Utilizing a systems development life-cycle approach, provided a holistic point of view pertaining to enterprise cyber and physical security status for projects deployed in or planned for production environments, analyzing industrial control system architectures, and security processes. Proficient using independent judgment to coordinate, or support management of internal groups implementing information security procedures designed to ensure compliance with regulatory requirements, making timely recommendations to upper management in a clear and informative manner.
• Experience serving as a Confidential CIP compliance technical subject matter expert "SME", proactively working to identify or anticipate benefits, or consequences, and potential impacts of alternatives, driving the concept of continual process improvements to specialized teams involved and upper management. Interacting with all levels of EMS, Production and support personnel, including design, implementation, configuration, and cross-functional teams who worked to ensure coordination between all internal customers.
• Participated in user acceptance testing, potentially identifying risks, and mitigations; provided updates to stakeholders in a timely manner.
• Regularly assessed industrial production, cyber assets, utilizing network sniffers, and scripts, performing system log statistical analysis using “Splunk,” disseminating information internally across business units, promoting transparency, and understand of organizational compliance objectives.
• Annual and quarterly reviews of various documents, configuration management processes, tracking Change Management documentation for all appropriate hardware and software modifications; Technical Feasibility Exceptions
• Functioning as a subject matter expert, serving on cross-functional teams demonstrating cross-group collaboration while implementing change management processes for hardware and software upgrades, directly participating in system updates and software configuration changes for industrial cyber-assets, reviewing project or process designs, milestones and TFE creation or review. Responsible for T&D Change Management processes, monitoring configuration changes, hardware and software updates to critical cyber assets, maintained cyber-asset database for Confidential impacted facilities, working directly with engineers, business stakeholders, and technical project management teams to understand the scope of ongoing projects, effectively managing interactions to ensuring timely completion of compliance, and operational requirements.
• Responsible for initiation of change management requests, managing Change Management process documentation, evidence collection for projects involving the addition, modification, or decommissioning of critical cyber assets in production environments.
• Participated in development and testing efforts utilizing “Service Now” for evidence processing, categorization, of project milestones.

Confidential

Responsibilities:

• As part of Critical Vulnerability Assessments, reviewed cyber-asset configuration, validated cyber-asset list within ESP/PSP, reviewed network and Electronic Security Perimeter "ESP" diagrams, reviewed cyber-asset ports and services, patching and password policies for SCADA and Physical Security systems, switches, and firewalls within Confidential impacted facilities. Assessment of information security frameworks, and operating effectiveness, and opportunities for more efficient, effective controls; proactively identify potential compliance issues, performed supportive mitigation plan activities.
• As part of T&D infrastructure projects, utilizing automated and manual methods, provided detailed testing, diagnosis, and analytical results, regularly reviewing system configurations, assessing mission critical network appliances associated with industrial production systems within substation environments, potentially identifying opportunities for process improvements, informing business stakeholders and upper management of the results. Proactive participation assessing Confidential CIP V3 processes and procedures performing system integrity, and recoverability assessments of identified Critical Cyber-assets (CCA’s), that included assessment of critical cyber asset databases, and management of user electronic access to critical cyber assets within ESP’s.
• Annually, in conjunction with external vendors, managed/performed technical audits of mission-critical infrastructures coordinating, reviewing and validating vulnerability assessments of mission critical infrastructures, and communications systems, assessing systems from a compliance and security perspective, looking for potential industrial cyber-security gaps.
• Randomly, or as part of the change management process, performed vulnerability assessments "Pen Testing" and related security measures, for critical cyber assets, testing over-arching security defenses, intended to identify opportunities for process improvements, providing proposals to upper management.
• Annual assessment site-specific drawings, ensuring accurate depiction of inter-connectivity between differing mission critical facilities and cyber systems, assessing compliance with Confidential CIP V3 regulatory requirements.
• Served as an SME for site-specific hardware, software, and architectures upgrades, supported network infrastructure activities intending to identify, potential intrusion or system breach, utilizing third party tools, providing detailed analytics diagnosing test results using automated and or manual processes.
• Testing and validating of security configuration for integrated systems, and/or physical and logical communications networks. Driving initiatives to develop and execute appropriate action plans to resolve potential system security and BES reliability issues identified as part of a vulnerability assessment(s); performing data analysis requested by management staff responsible for compliance programs; creation and tracking of mitigation plans, validating and remediating potential VA findings.
• Hands-on experience configuring, deploying, and managing mission critical network appliances associated with industrial IT architecture systems, revising or modifying systems to enhance security within substation network environments. Proficiency in the use of tools and applications utilized to automate data collection processes, analyzing, and reporting findings of real-time mission-critical data required to maintain compliance documentation.
• Hands-on experience configuring, deploying, and managing mission-critical cyber assets associated with industrial production architectures, revising or modifying systems within Confidential impacted network environments; routinely conducting spot checks for compliance of ongoing projects.
• Experience utilizing specialty tools, scripts, and applications to automate the data collection processes, analyzing, and reporting findings of real-time, mission-critical systems data, needed to maintain compliance with Confidential reliability standards.
• Interacted with managers and SMEs developing Confidential CIP V3 project plans, specification documents, diagrams, and flowcharts for critical infrastructure projects, providing recommendations concerning changes in mission-critical cyber-security measures due to technology, or regulatory change, expansion, upgrade, or modification.
• Annually review and assessment of SCADA networks and Electronic Security Perimeters “ESP” site and topology diagrams/drawings to ensure the accurate depiction of systems and connectivity, minimizing the risk of unintentional data transfer between networks or different trust levels.
• First-hand knowledge and field experience with various security technologies used for secure ID log analysis, such as "Splunk" for log reviews, performing additional analysis of firewall rules, and system configuration files.
• On a quarterly basis, or more, conducted log reviews of failed or successful login attempts to critical cyber assets utilizing “Splunk” for log reviews. Proficiency in the use of tools and applications utilized to automate data collection processes, analyzing and reporting on potential findings of real-time mission-critical data needed to maintain compliance documentation for Confidential reliability standards, informing stakeholders and upper management of the results.
• Responsible for quarterly security monitoring, interpreting logs from a wide selection of cyber-asset classes and models, assessing potential production environment breaches, correlating rules, translating potential threats into action alerts, proactively, assessing mission-critical infrastructures, and cyber-assets; taking steps to mitigate potentially identified gaps; minimizing possible Attack-Vectors and associated Cyber-Risk.
• Collaborated with external vendors, we assessed security, and or system test results with Confidential CIP and facility specialists, enhancing relationships, gaining strategic insight, ensuring than potential solutions deployed are in alignment with project specifications, and Confidential standards.
• Participated in restoration and disaster recovery readiness activities, reporting on testing of system recovery processes, including disaster recovery planning, implementing, testing; supporting backup and restoration efforts for mission-critical production systems.
• Participated in various compliance validation exercises for industrial IP, serial and fiber production infrastructures, analyzing and reporting on potential gaps of real-time mission-critical infrastructures; potentially requiring updates to comply with Confidential reliability standards, communicating status to upper management

Confidential

Responsibilities:

• Utilized industrial cyber-security and networking principles, and enhanced knowledge of physical or cyber-security within production environments, evaluating cyber-security configurations, verification, or update of security patch versions for production critical cyber assets.
• Factoring in Confidential standards, and potential risks to the infrastructure and company, evaluated status of applicable cyber-asset security and related firmware, or patch upgrades, utilizing "Secunia" for assessment of cyber-assets security patches, assessing security settings, and configured cyber-devices.

Confidential, Bakersfield, CA

Electrical Engineer

Responsibilities:

• Progressive project management experience with capital projects for mission critical primary and secondary distribution systems, interacted daily with customers, vendors, and Occidental, Vintage Petroleum top management, providing project reports, communicating status about potential security weaknesses and threats to industrial infrastructures, instrumentation, automation, and industrial serial, Ethernet, and Gigabit fiber communication systems.
• Hands on experience with deployment of hardened infrastructure designs for a global company, providing technical review of project specifications, electrical one-lines, and communication diagrams, conducting acceptance testing, and field commissioning of commercial and industrial electrical systems.
• Utilized ever-evolving analytical and technical skills to understand complex problems conducted in-depth system analysis, and prototyping, identifying and defining solutions to address potential critical issues, evaluating potential security concerns to industrial infrastructures.
• Performed electrical field surveillance and power quality analysis to facilitate reliable electrical equipment operations of motors, transformers, switchgear and substations, providing daily field operations support for electrical equipment deployment, investigation of problems or failures recommending engineered solutions
• Utilizing ETAP, performed Arc Flash, and Hazard Analysis Studies of California Oil Field power-line electrical equipment, analyzing primary/secondary power distribution systems for hazardous area installations. Conducted power flow studies of (12.5kV, 46kV, 138kV, 345kV) infrastructure systems, performed electrical field surveillance, load studies, and power quality analysis, facilitating reliable electrical equipment operations of motors, transformers, switchgear and substations; creation and deployment of Arc Flash PPE Labeling.