From: route@monster.com
Sent: Wednesday, August 10, 2016 8:30 AM
To: hg@apeironinc.com
Subject: Please review this candidate for: Safety Coordinator
This resume has been forwarded to
you at the request of Monster User xapeix03
|
|||||||
|
|||||||
|
|
|
||||||
|
||||||
|
Gregory P.
LaBauve
LinkedIn: https://www.linkedin.com/in/gregorylabauve Email: greglabauve@gmail.com
Cell: 909.964.5654 Leadership; Openness; Compliance;
Honesty; Integrity; Excellence; Respect; Teamwork; Assess; Design; Innovate;
Repeat PROFESSIONAL SUMMARY - Dynamic, results-driven Senior
Telecommunications Engineer, with twenty-six years of management experience,
thirteen years having been in the energy sector, brings to the table, specialization
in Regulatory Compliance, Implementation, Optimization, and System Hardening
of Cyber and Physical Security Systems, for industrial systems which are
typically unique to Electric Utilities and Oil & Gas industries.
I’m a diverse professional, experienced with special projects that require
the incorporation of engineering theories, standards, concepts, and
techniques as well as engineering, industrial, government codes and
regulations. My
diverse skill-set and successes include self-employment, research associated
with governmental projects, project management of capital projects consisting
of real-world, enterprise-class Industrial Control System “ICS”, Distributed
Control Systems “DCS”, Supervisory Control and Data Acquisition “SCADA”
systems, including supportive network infrastructures, typical of
mission-critical systems for a globally known fortune 500 company. HIGHER EDUCATION ►The
University of Louisiana at Lafayette, BSEE - Electrical Engineering /
Telecommunications ►The
University of Louisiana at Lafayette, ASEE - Electrical Engineering /
Industrial Technologies ►Bakersfield
College, Advanced Training PLC - Ladder Logic REGULATORY AND PROFESSIONAL ASSOCIATIONS ►FERC
- Regular analysis of FERC correspondence, NOPRs, participating in FERC
Webinars ►NERC
- Monitor NERC Standards drafting team meetings, and NERC CIP standards
Version updates, providing highlights and feedback to team
members
►WECC
- Regular attendee for Webinars and Regulatory Training and Peer Sharing
Events, providing highlights and feedback to team
members
►WICF
- Western Interconnection Compliance Forum Member, participating in WICF
Training Events, providing highlights and feedback to team
members
►IEEE - Published in the IEEE Journal - “Design and
Development of Autonomous Intelligent Smart Sensors" As a T&D NERC CIP V5 Compliance Program Manager for the (T&D) Reliability Standards Compliance group “RSC”, I've
been part of a dedicated team that strives to understand and reduce
operational challenges to compliance with NERC CIP (Version 3) requirements,
while assessing the potential risks and impacts of NERC CIP V5. I'm a
program manager that can take on challenges, and provide in-depth knowledge
of regulatory standards, delivering proactive insights on developments in
NERC environments. As part of core cross-functional teams, we
have worked collaboratively towards the maturity of NERC CIP 002-5.1 through
014-2 NERC CIP Standards, creating strategies, policies, programs,
procedures, processes, and controls, that improve performance, to achieve
NERC and business requirements. I’m an innovative, performance-driven,
professional, that incorporates engineering theories, industry standards,
concepts and techniques, as well as government codes, and regulations into
mission-critical special projects. § Working in conjunction with Organizational Unit “OU”
SME's, my efforts have been focused on
the development and implementation of NERC CIP V5 reliability programs,
processes, procedures, measures, and controls. We’ve translated these
newly created program/documents into compliance obligations/actions
that provided guidance and instruction to T&D Business units, improving
consistency and quality of FERC compliance reporting methodologies. § Managing or implementing, recurring regulatory compliance
program elements, I interact with cross-functional
teams, performing quarterly and annual quality assurance reviews, and oversee
formal project planning and tracking, potentially identifying
shortcomings. Potentially, I work with OUs to develop
mitigations, documenting results of NERC compliance activities, encouraging
the development of standardized workflow processes that promoting
transparency, quality, increasing efficiency across organizational units
“OUs”. § What I bring to the table is real-world experience, developing best-practice processes designed to validate
an energy entity's industrial cyber-security posture, and NERC compliance
status, strategizing with OUs and SMEs regarding NERC CIP compliance program
initiatives. Regularly, I participate in the review and development
of project plans, or milestones, for program specific value added
documents, continually working to anticipate and develop strategies that
achieve project deliverables, evaluating the performance of ongoing projects
with NERC requirements and NERC V5/6 programs for alignment with corporate
goals. § As a seasoned cyber-security, NERC CIP reliability
standards compliance "SME",
I incorporate engineering theories, industry standards, codes, and
regulations, into day-to-day activities. I’am diverse professional with
an extensive technical background, regularly I working with legal and
regulatory affairs teams, to translate compliance NERC regulatory
requirements into actionable plans for business and operational purposes.
Typically, I add a technical component to the assessment process for
cyber-security compliance, compliance programs, policies, procedures, and
controls, and Change Management for NERC CIP V3, V5/6 activities, striving
for 100% alignment of internal NERC CIP V5/6 program components with NERC
Standards. My responsibilities also include assessing criteria
to determine whether facilities and cyber-assets are critical to the
reliability of the grid, identifying or processing Technical Feasibility
Exceptions “TFEs” for cyber-assets, evaluating security requirements,
supporting vendor-supported vulnerability assessments, and providing feedback
to disaster recovery and incident response plans. § As a technology and NERC CIP subject matter expert
"SME" on special topics, I've
recommended enhancements to workflow processes for regulatory programs,
policies, and procedures, analyzing areas for improvement, identifying
potential security risks, and areas of improvement within business units,
making proposals to reduce and mitigate risks. I’m a passionate
problem solver that possesses the ability to analyze and articulate
technical and non-technical topics to diverse groups, sponsoring initiatives,
taking accountability for managing cross-functional compliance efforts
seriously, continually working to gain respect from associates, driving and
arrive at complex decisions, even when situations are difficult. § I’m a motivated, enthusiastic, goal-oriented professional,
a critical thinker, who monitors change to state and
federal regulatory requirements, policies, compliance standards, codes, and
regulations, communicating potential gaps and proposals across organizational
units, managing designated portions of internal audits, or mitigation plans,
participating in regulatory audits as required. Consistantly, I
provide operational insight into the development of strategies and
procedures to improve controls, surrounding NERC compliance consistency
across organizational units. Daily, I stress accountability,
striving to achieve NERC compliance consistentancy, for projects having NERC
impact on transmission facilities, coordinating or facilitating assessments
of essential components of NERC CIP V5/6 compliance programs, working to
enhance internal processes, promoting transparency, and consistency. § A partial list of my professional abilities includes project analysis and design, dealing with industrial
cyber-security, NERC compliance activities, process controls related to DCS
systems, industrial communications systems, SCADA and data-acquisition
systems, commissioning and troubleshooting efforts. Utilizing energy industry experience, and knowledge of FERC, NERC, WECC, NIST, OSHA, NEC,
IEEE, ANSI, NEMA, and Serbians-Oxley concepts, I've performed a
significant role in the development of SCE NERC programs, processes, and
procedures for CIP 002-5 through 014-2 Standards, providing first-hand
knowledge of industrial cyber and physical security implementation, critical
vulnerability assessments, risk assessments, risk management, as well as
mitigation and remediation plans. Together with OU SMEs, we’ve
developed strategies, deliverables, and milestones, evaluating the
performance of programs, or project plans against internal controls for
alignment with regulatory standards, and company goals. Regularly, I
contribute to project strategies, developing success metrics, working to
removing obstacles that impede success. Diligently, I work to build
and strengthen effective client relationships with internal and external
customers and business partners, bridging gaps between organization units,
providing extensive knowledge of compliance regulations and controls, dealing
with programmable cyber-asset management and change control.
Continually, I stress compliance objectives, to ensure an appropriate
compliant, risk-aware culture, consistently striving to maintain a safety
focused, productive climate, motivating, mobilizing, and coaching co-workers
to meet high-performance goals and objectives, including system stability and
cost effective solutions. As a NERC CIP compliance professional, I incorporate a technological perspective when analyzing capital
projects, performing risk assessments, for physical and cyber-security
vulnerabilities. I'm a self-motivator, a diverse professional
who possesses a strong sense of self-worth and ethical responsibility, who
has a strong compulsion to trust, but verify and do things right the first
time. § Demonstrated ability and experience with tools and methods to manage program components, monitoring and reporting
program status. Continually, and accurately, I analyze information,
integrating people, processes, systems, and technologies. Developing
plans to meet critical project timelines to make decisions regarding a
project or programs impact to the organization, coordinating activities ensuring
timely delivery. § Utilizing root-cause-analysis expertise I've tracked potential NERC CIP V3, V5/6 risks of
technical non-compliance, for highly visible critical infrastructure
projects, providing analysis of system specifications for a variety of complex
system designs and integration projects, supporting infrastructures
reliability. § Continuously, I assess information and infrastructure
security frameworks for gaps,
monitoring for potential instances of non-compliance, reporting on methods to
increasing transparency and accountability, escalating upwards for events and
when appropriate. Security aspects of the energy industry, technologies, and regulations
are ever changing, business related documentation, related to
security of the Bulk Electric System needs modification from time to
time. Likewise, critical infrastructures may also require changes
simultaneously, or they may fall behind from a technological
perspective. Consistently, I’ve interacted across areas of the
corporation, enhancing business services, promoting customer satisfaction
and productivity, managing risk appropriately, developing or executing plans,
managing information, and providing exceptional service to customers. Regularly,
I collaborate with system owners, operators, management, and other
personnel, to ensure that all applicable documentation is in alignment with
regulatory standards. § Demonstrated transparent decision-making ability, effective team building and project planning skills,
consistently staying current with technological innovations. § Utilizing strong ethics, interpersonal skills, and moral
leadership values, I possess the ability to
influence, negotiate, communicating effectively to cross-functional teams and
upper management, and managing stress in a fast paced, data intensive work
environment. Consistently, I’ve demonstrated value by promoting a
safety culture to ensure a safe work environment for everyone, providing a
lesson's learned perspective about the implementation of cyber-security
initiatives for NERC CIP impacted facilities, enhancing the understanding of
technological infrastructure considerations, internal controls, cyber and
physical security for industrial infrastructures. Throughout my career, I've
managed, collaborated, and leveraged diverse, distributed project teams
through complex system design and deployment efforts for industrial electrical
systems. Over the years, I've conducted security and regulatory
compliance assessment for utility organizational units, including NERC CIP
internal and external reviews, gap analysis, compliance documentation
development, on-site NERC audit support, physical and cyber-security
evaluations, mitigation and remediation plans. Utilizing
root-cause-analysis, proactive project teams and I have identified and
resolved issues as part of commissioning of electronic controls, for
industrial instrumentation, SCADA, automation, communication,
telecommunication, Wireless Ethernet, Microwave, Broadband network & RF
optimization planning projects, for industrial systems supporting electrical
distribution and distributive control systems. PROFESSIONAL EXPERIENCE ►RSC - T&D NERC CIP V5 - Compliance Program
Manager
2013 to Present ►Southern
California Edison "SCE" – Transmission and Distribution,
Reliability Standards Compliance group "RSC", Los Angeles, CA ►CIP / Electrical / Automation / Sr. Communications
Engineer
2011 to 2013 ►Tucson
Electric Power "TEP" – PCAM Group, Tucson, AZ ►Electrical
Engineer
2009 to
2011
►Electrical
Instrumentation Unlimited of California - Bakersfield, CA ►Senior Industrial Automation & Communications
Specialist
2007 to
2009
►LDL
Services Inc. of California - Bakersfield, CA ►Industrial Instrumentation & Automation / Communications
Specialist
2004 to 2007 ►EIU -
Electrical Instrumentation Unlimited of California - Bakersfield, CA ►Electrical / Communication
Specialist
2003 to 2004 ►Electrical
Instrumentation Unlimited of California - Memphis, TN ►Network Support Team
Member
2001 to 2003; 1996 to 1999 ►Information
Technical Networks - The University of Louisiana at Lafayette – Lafayette, LA ►Computer Support and Manufacturing Research Team
Liaison
1999 to 2001 ►Apparel
Computer Integrated Manufacturing - Lafayette, LA RESUME - GREGORY LABAUVE PROFESSIONAL EXPERIENCE ►Promoted - RSC-T&D NERC CIP V5 - Compliance Program
Manager
2013 to Present ►Southern California Edison “SCE” – Transmission and Distribution,
Reliability Standards Compliance group “RSC”, Rosemead, CA As NERC CIP 002-5.1 through 014-2 Standards have reached their current
state of maturity, core compliance cross-functional teams, and I have worked to achieve
NERC, and business requirements, collaboratively creating NERC CIP V5 strategies,
policies, programs, procedures, processes, and controls, that improve
performance and reliability. As a NERC CIP V5 professional, I take
on challenges, and provide in-depth knowledge of regulatory standards,
delivering proactive insights on developments in NERC environments. From
the on-set, I've participated in the planning of strategic initiatives for
NERC CIPP V5 developmental projects consisting of multiple organizational
units, contributed significantly to “SCEs” NERC CIP V5 compliance strategy.
Dedicated teams and I strived to understand and reduce operational challenges
to compliance with NERC CIP V3 requirements, while assessing potential risks
and impacts of NERC CIP V5 to the corperation. Security aspects of the energy industry, technologies and regulations
are ever changing, business related activities, related to
Physical and Cyber Security of the Bulk Electric System needs modification
from time to time. The number of cyber-attacks is increasing rapidly,
they are evolving quicker, and becoming more resilient, making it difficult
to defend against, and prevent. Cybersecurity is more vital an
critical now than ever before. Likewise, critical infrastructures
may also require changes simultaneously, or they will fall behind from a
technological perspective. § Whether coordinating or participating in activities with
personnel from multiple OUs,
proactively, I advocate for enhanced compliance and technical requirements to
upper management, for NERC CIP impacted projects, to increase the efficiency
of production and operational processes, in a manner that enhances the
over-arching cyber-system(s) security posture for critical
infrastructures. Being a forward thinking professional, I work
to stay abreast of emerging security trends and threats to the energy
industry, striving to ensure an appropriate compliance and risk aware
culture. § Continually, I've endeavored to strengthen business
relationships with industry, to gain
strategic insights, identifying risk, working towards development or
enhancement of value added documentation, which is used by upper management
to formulate corporate goals. § Enthusiastic,
performance-driven leader, I’m a critical thinker who leverages
industry and technilogical expertise, to identify opportunities for process
improvement. Regularly, I monitor change to state and federal
government regulations, policies, compliance standards, codes, and
regulatory process, assisting internal customers developing remediation activities
for potentially identified deltas, in an effort to enhance operational
performance and security posture. § Continually delivering on strategic initiatives, fostering a culture of continuous improvement within
cross-functional teams engaged in planning activities, for projects
consisting of multiple organizational units. On a regular basis, as
part of cross-training activities, I delivering presentations and
webinars, sharing lessons learned, delivering presentations and webinars, and
mentoring others based on lessons learned, intending to inspire myself and
others. My efforts are intended to foster a safety focused culture
of continuous improvement within cross-functional teams, that are
continually challanged to identify opportunities for self-improvement. § Dedicated teams, SMEs and I have worked in conjunction
with compliance groups, legal, regulatory affairs teams, and vendors, to translate NERC V5/6 regulatory
requirements into actionable plans, for use by business operations, and
technical design teams who are factoring in infrastructure considerations
based on internal regulatory documentation. Continually, I advise
mid-level leadership teams and upper management on the latest
developments in regulatory processes, for industrial cyber-security
landscape, and potential impacts to this organization, and advocate for
enhancements to information security systems, which inturn enhance compliance
posture, and efficiency. § While formulating strategic enhancements and technical
solutions that are focused on enhancing
operational performance and compliance requirements, I continually
emphasize the need for flexibility while adapting to change. Continually,
I advocate for best practices, which enhance the reliability and
sustainability of the Grid, in a manner that aligns with company goals and
regulatory requirements. Throughout my career, I've managed, collaborated with or leveraged
diverse, distributed project teams, through
complex system design and deployment efforts for industrial electrical
systems. Over the years, working with infrastructure
specialists, I've conducted numerous security, and regulatory compliance
assessment for utility organizational units, including NERC CIP internal and
external reviews, gap analysis, compliance documentation development, on-site
NERC audit support, physical and cyber-security evaluations, mitigation and
remediation plans. What I bring to the table, is a diverse
background including an enhanced understanding of industrial cyber and
physical security landscapes, including extensive technical, and compliance
documentation experience. ►Active
participation and co-author of the Reliability Standards Compliance group
“RSCs”, Vision and Mission Statements that align
with corporate goals. As the T&D NERC CIP V5 Compliance Program Manager, for the
Reliability Standards Compliance group “RSC”, cross-functional teams
and I work collaboratively developing strategies, policies, and procedures to
improve internal performance in an effort to achieve regulatory, and business
requirements. I’m a motivated management professional who takes on
challenges, providing in-depth subject matter knowledge of regulatory
agencies, providing proactive insight on developments in regulatory
requirements. Proactively, to help improve cyber-systems security posture, and increase the efficiency of production and operational
infrastructures, I utilize key performance indicators, continually working to
stay abreast of emerging threats to the energy industry, tracking NERC CIP-V3
& V5/6 compliance requirements, for highly visible information-centered
critical infrastructure projects. As part of T&D and IT-PSC CABs,
I’ve developed performance metrics, assessing risk utilizing
root-cause-analysis, removing obstacles that impede success, assessing,
creating and/or implementing change management authorizations, approvals, or
rejection processes for NERC impacted projects to proceed to production
environments. § Keys to assessing risk that may cause delays include: documentation reviews, information gathering processes,
analysis of validation lists and all assumptions, diagramming, complete
understanding of project scope and all deliverables and deadlines, buy in from
stakeholders and risk tolerance, information value versus cost,
organizational policies and procedures that are ever changing, environmental
factors § A sample of root cause analysis key technical and human considerations are: system model; system capabilities; field tech skills, or
responsibilities; problem or condition data collection criteria; data to be
collected and why; factors versus conclusion; analysis to the extent of
problem resolution; operator experience; initial problem/condition report; risk,
urgency and significance; root contributing cause, direct cause; corrective
actions; containment actions; preventive measures; preventive analysis,
corrective action; root cause analysis techniques; change management
analysis; failure mode & effects analysis; cause & effects analysis;
timeline analysis; problematic risk or safety analysis; hardware performance
root causes; corrective action status and tracking; reporting upward. Throughout the development of SCE BES V5 Programs, my focus has been on assigned projects, and weekly participation
in BES Developmental Workshops, categorizing facilities, and cyber-assets,
providing feedback for either BES Cyber-Assets (BCAs) ID Methodology, or
Protected Cyber Assets (PCAs) ID Methodology, participating in the
development and utilization of BES Cyber System Grouping Strategy, BES
Cyber-System (BCS) Methodology, the Impact Rating Criteria for BES
facilities, the Impact Rational Table (SRIRT), and 2015-04-06-BES-03
Assumptions&Positions documentation. EXPERIENCE & RECENT PROJECTS ►NERC Compliance Program “NCP” – Developmental contributor, NERC CIP
V5 document(s) reviewed, provided comments to Stakeholders - “RAI”
– Initial individual developmental contributor,
RAI as applicable to NERC CIP V5 reviewed document(s), provided comments in
Autograph ►BES V5 Asset Management Program “BES” – Developmental contributor and evaluation of the SCE NERC
CIP V5 Asset Management Program ►T&D Compliance Readiness Project - Individual contributor towards the development towards SCE /
T&Ds Compliance Readiness Project o
Current active member of the BES
V5 Work Group, participated in most NERC CIP V5 Pilots - NERC
CIP-V5 BES Programs - Developmental contributor, V5
document(s) reviewed, provided timely feedback to Stakeholders. - Participated
in SCE NERC CIP V5 Program Workshops -1st, 2nd, 3rd Quarter NERC CIP V5 Workshop, Maditory NERC CIP V5 BES Controls
Workshop (06/2015) o
SCEs BES
V5 Program, Master Program Plan
“MPP”- Currently, participating in ongoing BES V5 Workshops
activities, and associated training §
Represented Reliability Standards
Compliance "RSC" Organizational Unit, as an active member of the
BES V5 Program Group §
Developmental contributions to AMR, BAM, CCM, CST, DRP, IRP, IPP, MCP, PAC, PRA, PSM,
SAP, SSM, VCP, and VAP programs. §
Continual support and
developmental contributions towards SCEs “MPP” and NERC CIP V5 BES Programs,
Processes, Procedures, and Internal Controls provided timely feedback to
Stakeholders. - NERC
CIP-V5 Internal Controls Identification -
Individual contributor towards the development of SCEs V5 internal controls
matrix - Conducted
“RSC” NERC CIP V3 to V5 Transitional Gap analysis, provided timely
feedback to Stakeholders. o
Participation in the development
of core NERC CIP V5 compliance functions, potentially identifying
cyber-security vulnerabilities, and compliance gaps, as part of transitional
activities from NERC CIP V3 to V5, provided feedback to stakeholders - BES
CSIM Evaluation Team - Represented
"RSC" Organizational Unit, currently participating as a
developmental contributor, assessing 15-minutre impact criteria. ►Facility & Asset Rating Project - Individual contributor for NERC impacted facility impact ratings,
and cyber asset classification ►CADGE Pilot, CADGE & CADGE 2 Projects - Individual contributor, assessing available
infrastructure data, for technical and compliance impact to the company,
provided timely feedback to Stakeholders - BES
Developmental Workshops - Active member BES
V5 Working Group, weekly developmental contributor o
BES
Workbook Cyber Asset Assessments - Represented
Reliability Standards Compliance "RSC" Organizational Unit,
currently participating as a developmental contributor for SCEs NERC CIP V5
BES Master Consolidated Workbook updates o
Evaluated
(BES Workbook Bundles 1-9.x)
assessed Cyber Asset, and facility data provided, for alignment with NERC
Standards, and company policies, provided timely feedback to Stakeholders o
Utilized Autograph for review and
redline of (BES Workbook Bundles 1-9.x)
providing timely comments and recommendations to Stakeholders ►BES Cyber System / Asset Identification Methodology
“BCSAM”- Active member of BES
V5 Working Group, interacting with NCP and T&D SMEs as a
developmental contributor - BES
Cyber Asset-System Identification & Categorization Pilot Evaluations - Developmental contributor and evaluation if first facilities
assessed. - BES
Cyber Asset Grouping Strategy - Active
member of BES V5 Working Group, interacting with NCP and T&D SMEs as a
developmental contributor - BES
Cyber System Naming Strategy - Active
member of BES V5 Working Group, interacting with NCP and T&D SMEs as a
developmental contributor - Recently,
I participated in SCEs NERC CIP V5 Organizational Readiness Exercises. ►Change Control and Configuration Management Program
“CCM” – Program developmental contributor, document(s)
review and comments in Autograph, provided timely feedback to CCM/BAM T&D
Stakeholders - Evidence
Review Boards - Weekly participation in IT-PSC, and T&Ds ERB
Workshops, actively engaging in enterprise architecture evidence review board
processes, involving key stakeholders and technology groups, assessing
business cases justifications, design considerations, in support of
infrastructure security. - T&D
Change Management (RFC/CRQ) -Weekly,
as part of the T&D's Change Management board, I’ve assessed (RFCs/CRQs)
o
Recommending, authorizations,
approvals, or rejections for projects to proceed to production environments o
Provided regular insights and
compliance knowledge of NERC CIP V5 issues that potentially affect all
departments affected by NERC CIP Standards - IT-PSC
Change Management (RFC/CRQ) - Weekly
participation in “IT-PSC Change CAB” workshops, collaborating
with internal organizational units OU SMEs, discussing significant project
milestones, and associated documentation for compliance with NERC CIP V5
requirements o
Provide regular insights and
compliance knowledge of NERC CIP issues that potentially affect all
departments affected by NERC CIP Standards - BMC
REMEDY - Recommended “Remedy” as an option for a
“Change Management” database o
Contributed to the initial
development, and acceptance testing of "BMC Remedy" as a
“Change Management Tool”, for both IT-PSC, and T&D ►CCM-BAM Project - Developmental contributor, discussing open issues, defects,
Client Q&A Post Go-Live for NERC CIP BAM CCM project o
NERC
CIP V5 – “BAM CCM Project” –
“Participated in “Daily Triage Meetings” §
CCM-BAM - Assessed integrity of initial data sets, prior to
upload into the BAM tool §
BAM
UAT - Developmental contributor, and
participant in “User Acceptance Testing” provided comments to UAT
team, participated in the CCM/BAM training and “Final Content Review” ►Cyber Security Training Program “CST” - Developmental contributor, and participant in “CST
Programs” NEC CIP V5 Training - Developmental
contributor for the annual Cyber Security “CST”, NERC CIP V5 Training Deck,
providing feedback to CST Program ►Incident Response Program “IRP” – Developmental contributor, NERC CIP V5 document(s) reviewed,
provided comments in Autograph ►System Security & Monitoring Program “SSM” - Developmental contributor, NERC CIP V5 document(s) reviewed, comments
in Autograph - ESP
Management - Developmental contributor, assessing various “ESP/PSP/PSZ”
diagrams o
Developmental contributor, “ESP/PSP/PSZ”
NERC CIP V5 document(s) reviewed, provided timely feedback for “ESP/PSP/PSZ”
to Stakeholders - Patch
Management - Developmental contributor, NERC CIP V5
document(s) reviewed, provided comments in Autograph o
Provided input to “Patch
Management” process, pertaining to vendor provided “Security Patches”,
provided timely constructive feedback to Stakeholders o
Secunia
- Based on first-hand knowledge,
recommended “Secunia” for Cyber Asset, “Security Patch”
management and tracking - System
Access Control - Developmental contributor, NERC CIP V5
document(s) reviewed, provided comments in Autograph ►Disaster Recovery Program “DRP” – Developmental contributor,
NERC CIP V5 document(s) reviewed, provided comments in Autograph ►Information Protection Program “IPP” – Developmental contributor, NERC CIP V5 document(s) reviewed,
provided comments in Autograph ►Physical Security and Security Management Program “PSM”
– Developmental contributor, NERC V5 document(s)
reviewed, provided comments to Stakeholders ►Vulnerability Assessment Program “VAP” – Developmental contributor NERC CIP V5 document(s)
reviewed, provided comments in Autograph - Vulnerability
Assessment and reviews, providing professional insights, and recommendations,
timely feedback to Stakeholders - SCET
Vulnerability Assessment Remediation Planning - Addressed cyber insights and compliance knowledge of NERC CIP V5
issues impacting inscope substations, and potentially all departments
affected by NERC CIP Standards ►Transmission & Distribution “T&D” - Cyber
Assets - Provided random “Cyber Asset, Device
Class Assessments”, based on functionality, and compliance for applicable
NERC impacted facilities. - T&D
NEC CIP Project Evaluations - Level
1, and Level 2 Evaluation of High Profile Infrastructure Projects for NERC
Impact, and risk Southern California Edison. o
BES
CSIM Evaluation Team - Developmental
contributor, NERC CIP V5 reviewed process and procedure document(s), provided
comments in Autograph o
Impact
Rational Table “SRIRT” -
Developmental contributor, NERC CIP V5 reviewed document(s), provided comments
in Autograph o
Substation
BES Impact Reference Table SCE Pilot Evaluations - Developmental contributor, NERC CIP V5 reviewed process
and procedure document(s), provided comments in Autograph o
Ports
and Services - Developmental contributor, NERC
CIP V5 reviewed process and procedure document(s), provided comments in
Autograph o
Device-Class
Baselines - Developmental
contributor, NERC CIP V5 reviewed process and procedure document(s), provided
comments in Autograph o
Interactive
Remote Access - Developmental contributor, NERC
CIP V5 document(s) reviewed, provided comments in Autograph o
Shared
Accounts Management - Developmental contributor, NERC
CIP V5 document(s) reviewed, provided comments in Autograph o
Monitoring
Events - Developmental contributor, NERC
CIP V5 reviewed process and procedure document(s), provided comments in
Autograph §
Initial
recommendation of "Splunk" to “SCE”
for monitoring and analysis of valid and invalid login events o
Clean
Room Approach - Developmental contributor, NERC
CIP V5 reviewed process and procedure document(s), provided comments to
Stakeholders o
Malicious
Code Prevention - Developmental contributor, NERC
CIP V5 reviewed process and procedure document(s), provided comments to Stakeholders o
Anti-Virus
- Developmental contributor, NERC
CIP V5 reviewed process and procedure document(s), provided comments to
Stakeholders - Hardened
Laptops - Provided initial recommendation to “SCE”
for “dedicated hardened laptops” to interface with Cyber Assets at
NERC impacted facilities. o
Provided timely developmental
feedback to NCP, compliance teams, and upper management pertaining to “SRIRT”
developmental considerations, Cyber Assets, Device Class Baselines, Clean
Room Approach, providing initial recommendation for stationary “Hardened
Laptops” for NERC impacted facilities ►Security Awareness Program “SAW” - Developmental contributor, NERC CIP V5 document(s) reviewed,
provided comments in Autograph ►Access Management and Revocation “AMR” – Developmental contributor, NERC CIP V5
document(s) reviewed, provided comments in Autograph ►2013, 2014, 2015 NERC Annual review - SCE NERC CIP Compliance documents reviewed, timely feedback was
provided to Stakeholders ►Cyber Security Policy - Developmental contributor, NERC CIP V5 reviewed
process and procedure document(s), provided comments to Stakeholders ►Technical Feasibility Exceptions “TFEs” - Individual contributor, participating in the analysis of “Technical
Feasibility Exceptions”, for completeness and alignment with
company policies, and NERC Standards. ►Material Change Request “MCR” - Individual contributor, participating in the analysis of “MCRs” for
completeness, and alignment with company policies, and NERC Standards ►SCEs 2015 WECC Audit -
Recently, participated in SCEs 2015 NERC regulatory compliance audit,
providing pre-audit supportive activities ►Participation in Low Impact Workshops – Pertains to Upcoming work related to Low Impact NERC facilities - Currently
assessing NERC CIP Standards applicable to SCE for Low impact NERC
facilities, and Low impact Cyber Systems in general. ►RSC Procedures - Individual
contributor, for NERC CIP V5 document(s) reviewed, provided comments to
Stakeholders ►PHASOR Project- The
PHASOR project implements a grid monitoring system, which communicates with
synchrophasor data measurement devices. The Phasor project, in
conjunction with DFR/PMU devices collects synchrophasor data stored, verifies
and shares this information with “WECC”. - Developmental
contributor, NERC CIP V3 compliance assessment responsibilities, for the
evaluation of documentation of the Phasor Project. - Provided
for NERC regulatory compliance evaluation of the high profile "Phasor
Project", consisting of numerous systems. ►DFR/PMUs - (i.e. Digital Fault Recorder/Phasor Measurement
Unit "DFR/PMU Upgrade Project") o
NERC CIP V3 compliance assessment
responsibilities for evaluation of documentation provided "DFR/PMU
Upgrade Project" ►CRAS Project - The implementation of a CRAS system provides, a centralized
protection system designed to maintain the reliability of the power grid
needed to accommodate the growing number of interconnection requests for
renewable generation sources. - CRAS
“ERB” – ERB member, contributor to the “CRAS
Evidence Review Board” responsible for confirming completeness, and
compliance of this project. ►CRAS Project Risk Assessment – As a combined effort, provided “CRAS Project Risk Assessment”
to project leads, NCP and RSC management 12/2015. o
Evidentiary risk assessment
providing documented findings for ElNido, LaFresa, ElSegundo, LaCieniga, as
part of the CRAS Project QA Process. o
NERC
CIP V5 Compliance Assessment responsibilities, of documentation provided. §
Provided for NERC regulatory compliance
evaluation of the high profile Centralized Remedial Action Scheme
"CRAS" Project. §
TD-BES-CR-0047 Process
T&D CRAS assets - El Nido, El Segundo, La Cienega, La Fresa to Tab 3 per
file "CRAS_Bundle.xls" §
Developmental contributor for the
Cyber System naming convention, and or grouping of CRAS cyber assets into
cyber systems. §
Interacting with GE Engineers,
pertaining to GE device class passwords, ports and services topics, and patch
management of GE Relays. §
Interacted with GE Engineers,
SC&M, and Engineering at PIV LAB to evaluate testing results and options
for CRAS relays. As a seasoned cyber-security, NERC CIP Subject Matter Expert
"SME", I incorporate engineering theories, industry
standards, codes, and regulations into my day-to-day activities, analyzing
specific topics applicable to internal regulatory programs, policies, and
procedures; potentially identifying security risks, and areas in need of
process improvement within business units. Strategizing with OUs and
SMEs regarding NERC CIP compliance program initiatives, I provide
recommendations designed to enhance workflow process, and mitigate
risks. A partial list of activities include NERC CIP V3, 5/6
compliance activities related to technical analysis of commissioning,
troubleshooting, and project design, dealing with industrial Cyber security
for process controls related to “DCS” systems, Industrial Control Systems
“ICS” technologies, Remote Terminal Units “RTUs”, Programmable Logic
Controllers “PLCs”, Supervisory Control and Data Acquisition “SCADA” and
Data-Acquisition Systems, Wireless, Serial, and IP based Industrial
Communications Systems, VOIP, and Communication Protocols, (switching,
firewalls, routing, IPS/IDS, VPNs). Additionally I’ve assessed
criteria to determine whether facilities and cyber-assets are critical to the
reliability of the grid, identifying and processing Technical
Feasibility Exceptions “TFEs” for cyber-assets, evaluating security
requirements, supporting vendor-supported vulnerability assessments, and
providing disaster recovery and incident response plan feedback to
Stakeholders. - As
part of T&D and IT-PSC CABs, I’ve
develop performance metrics, assessing risk, utilizing root-cause-analysis,
implementing Change Management authorizations, approvals, or rejection
processes for NERC impacted projects to proceed to production environments,
and continually striving to remove obstacles that impede success.
Dedicated teams, SMEs and I have worked in conjunction with compliance
groups, legal, regulatory affairs teams, and vendors, to translate NERC V5/6
regulatory requirements into actionable plans, for use by business operations,
and technical design teams who are factoring in infrastructure considerations
based on internal regulatory documentation. - In
addition to NERC CIP V3 responsibilities,
part of my focus has been partnering with compliance teams assessing NERC CIP
V5/6 programs, policies, processes, and procedures, for alignment with NERC
standards. A portion of my responsibility is to support the FERC
Compliance Policy and Contracts, Reliability Standards Compliance “RSC”
group, and manage assigned components of the Transmission and Distribution
“T&D” NERC compliance programs. - As
a seasoned, forward-thinking professional, I
coordinate and participate in activities with engineering personnel for NERC
"CIP" impacted projects. Regularly, I interact with legal
and regulatory affairs teams to translate NERC regulatory requirements
into actionable plans for business operations, providing first-hand knowledge
of industrial cyber and physical security implementation. - In
conjunction with my NERC CIP V5 responsibilities, I’ve interacted across multiple areas of the corporation, enhancing
business and services, promoting customer satisfaction and productivity,
managing risk appropriately, developing and executing plans, managing
information and providing exceptional service to internal and external
customers. Together OU SMEs and I have developed strategies,
deliverables, and milestones, evaluating the performance of programs, or
project plans against internal controls for alignment with regulatory
standards, and company goals. In addition to these strengths, I
possess the ability to assess NERC impacted facility’s functionality and
technically, filtering sensitive information collected through a regulatory
compliance lens, leverage potential findings, to navigate through uncertain
situations, formulating strategic technical solutions, emphasizing the need
to be flexible while adapting to change in order to enhance operational
compliance, and performance requirements. EXPERIENCE & RESPONSIBILITIES ►What I bring to the table is experience with securing
Critical Vulnerability infrastructures - Functioning
as a NERC CIP Subject Matter Expert
"SME", I've provided guidance, proposals, recommendations, and
detailed technical knowledge of numerous programmable cyber-systems and
cyber-asset device classes, networking and security components, application
platforms and operating systems that typically reside within production
facilities. Leveraging technical expertise, I assess
information and infrastructure security frameworks for gaps, monitoring
for potential instances of non-compliance, and opportunities for
process improvement, effectively collaborating with peers and program
personnel, and all levels of management, developing recommendations and
solutions, securing stakeholder agreements. - Utilizing
root-cause-analysis, I've tracked
potential NERC CIP V3, V5/6 risks of non-compliance for highly visible
critical infrastructure projects, providing analysis of system specifications
for a variety of complex system designs, and integration projects, which
support infrastructure, and Grid Reliability. Serving as a NERC CIP
V5 Compliance professional, I incorporate a technological perspective
when analyzing capital projects, performing risk assessments, for physical
and Cybersecurity vulnerabilities. I’m innovative self-starter, a
diverse professional who possesses a strong sense of self-worth and ethical
responsibility, and has a strong compulsion to trust, but verify and do
things right the first time; and provide a lesson's learned perspective
pertaining to the implementation of cyber-security initiatives for NERC CIP
impacted facilities, enhancing the understanding of technological
infrastructure considerations, internal controls, cyber and physical security
for industrial infrastructures. - Expertise
performing detailed analytics, recommending enhancements to processes or procedures to mitigate potentially identified
gaps. Advanced knowledge of communication protocols, networking
principles, technologies, topologies, and penetration testing techniques,
utilizing manual or automated methods, scripts, commercial and open source
tools, I provided as needed, analysis of potentially identified
vulnerabilities associated cyber assets or systems security. Proactively,
I utilize a holistic approach to the security assessments and periodic
audits of data applicable to secure environments. Assessing
potential industrial cyber-security vulnerabilities, providing responses
that enhance mitigation strategies used in potential industrial
cyber-security emergencies. Regularly, I facilitate internal
risk-based reviews that include technology and NERC compliance for
critical infrastructure projects, developing system evaluation documentation,
performing data-intensive analytics of evidence, drawing meaningful
conclusions, and promoting strategic problem-solving ideas. - Practical
experiences utilizing big data analytics, risk analysis,
risk management and methodologies, I've recommended, implementation of
industrial cyber-security best practices for current and emerging
technologies such as sensors/integrated platforms, DCS, SCADA systems, and
connected infrastructures such as EMS and Production environments. Serving
as a strategic resource, I provide awareness to potential internal &
external security issues and trends. Based on continuous review
and professional growth, I provide proposals to identify mitigate and
manage potential infrastructure technical risks, from information-centric
cyber-assets and ever-changing technology, proposing mitigations for
potentially identified security risks and related security controls. - Regularly,
participating in the review and development of project plans, milestones, program specific activities, I work to anticipate and
develop strategies that achieve project deliverables, evaluating the
performance of ongoing projects, against NERC Standards and internal NERC V5
programs for alignment with corporate goals. Routinely as part of
NERC compliance activities, I encouraging the enhancements to standardized
workflow processes, that promote transparency and quality, suggesting
remedies that increasing efficiency across organizational units and the
organization. - Review
and assessment of cyber-security vulnerability assessment methodology, potential tracking vulnerability, collaboratively working
together with site CIP site specialist to develop and track potential
corrective action plans, formulating creative, technical solutions, that address
potential technological gaps, tracking potential industrial cyber-security
vulnerability mitigation plans throughout the remediation life-cycle. ►Managing and coordinating RSC's T&D NERC CIP V5
Compliance Program component deliverables - Functioning as RSC’s T&D NERC CIP V5 compliance program manager, I've tracked
project solutions end-to-end supporting the development, and implementation
of effective NERC CIP V5/6 programs, processes, procedures, and internal
controls that were developed to align with corporate objectives. Continually,
I’ve provided solutions that incorporate appropriate, compliant, concepts
that crossed multiple disciplines and environments, and ensured achievement
of corporate objectives. Managing complex challenges, and
promoting potential solutions, communicating proposals across organizational
units and to upper management. - Managing
and implementing, recurring regulatory compliance program elements, I interact with cross-functional teams performing quarterly and
annual quality assurance reviews, overseeing formal project planning,
tracking and identifying potential shortcomings. Assisting internal
clients with the development of remediation services for potentially
identified findings, I report on methods to increasing transparency and
accountability, escalate upwards when appropriate. - Managing
multiple priorities, I work cross-functionally amongst multiple OUs,
prioritizing as necessary, collaborating with project leaders, and
stakeholders, across the organization to aligning current processes with
business objectives. As a point of contact for internal audits and
reviews of critical infrastructure project parameters, I strive to
influence others, gaining customer support, and project momentum, while
simultaneously leading efforts to improve the understanding of information
risk management frameworks, NERC requirements, and data protection processes,
encouraging the development of standardized workflow processes that promote
transparency, quality, and efficiency. ►Providing compliance and technical insight towards the
development of NERC CIP-V5/6 programs - Hard-working,
ethical, professional provides in-depth knowledge freely, and transparently, participating in the development of
core NERC compliance functions, potentially identifying industrial
cyber-security vulnerabilities, and potential NERC compliance gaps, as part
of transition activities from NERC CIP V3 to V5/6 internal regulatory
compliance documentation. - Representing
the Reliability Standards Compliance “RSC” organizational unit, supporting the development of NERC CIP V5/6 BES programs, I’ve
partnered with internal organizational units, participating in the
design and implementation of NERC programs, processes, and procedures, enabling
continuous compliance with regulatory standards, endeavoring to improve
compliance and quality of assessment activities. Cross-functional teams
and I, in conjunction with external parties, have collaboratively worked
towards the development of strategies for assessment of NERC CIP 002-5.1
through CIP 014-2 standards and requirements, applicable to BES Cyber-Assets,
and Systems, PCAs, EACMs, and PACS, in an effort to achieve NERC CIP
regulatory and business requirements. - Functioning
as a technical advisor, I communicate
observations to applicable departments within the organization, identifying
project risks, driving implementation of proposals to mitigate potential
technological or compliance gaps. Middle
management, special interest groups, and I have worked to create
or fine-tune required compliance documentation, providing correspondence for
internal control-related matters, associated with potential operational
risks, in writing and oral presentations to upper management. Continually,
I advocate for the development of enhancements to implement long and
short range plans, recommending program objectives, prioritizing potential
issues in need of resolution that must comply with NERC regulatory standards,
communicating complex highly technical information to diverse
audiences. ►Strong knowledge of various industry and government
strategies, standards, regulatory requirement and guidance documentation. - Extensive
knowledge of security, and privacy provisions for a variety of regulations such as (FERC, NERC, WECC, NIST 800
series, OSHA, NEC, IEEE, ANSI, NEMA, and Sarbanes-Oxley 404) concepts and
guidelines; with a strong compliance focus on NERC CIP Standards and
requirements for physical, and cyber-security protections for NERC impacted
facilities. ►Educating and advising technology and business
stakeholders about potential technology risks - Regularly,
I represent SCE and the Reliability Standards Compliance “RSC” Unit at regulatory conferences and training events, webcasts, and
conference calls relating to NERC CIP V3 and V5/6 compliance matters.
Continually, participating in the development, evaluation, implementation, or
potential mitigation/remediation efforts, communicating lessons learned and
status updates to upper management related to potential impacts to the
company. - As
RSC T&D NERC CIP V5 Program Manager,
I've coordinated and conducted analysis for ongoing project deliverables,
regularly providing knowledge and proposals, for security awareness
strategies that provide early warning to upper management regarding potential
degrading or missed compliance goals, advising senior management of potential
compliance gaps, and recommending appropriate compliant mitigation
strategies. Continually, I advocate for best practices, with
regards to NERC CIP regulatory requirements, which apply to T&D
compliance activities, ensuring alignment with company goals and NERC
requirements. - I’m
a committed, self-motivated professional that demonstrates strong personal
drive, interacting directly with engineers, business
stakeholders, technical and project management teams, and client/sponsor
organizations. Working in conjunction with internal clients and
project teams, I’ve participated in the development of strategies for
enterprise-wide security awareness and education programs. Continually,
I prioritize deliverables in a manner that meets projected milestones,
advising and providing upper management with the needed levels of
understanding of technical risks in business terms, which is required to make
appropriate business decisions, for the implementation of new or existing
technologies. ►Monitoring Change in NERC CIP V3, V5/6 regulatory
standards - Partnering
with OUs, I provide analytical support services, evaluating changes in NERC standards that potentially trigger updates
to business strategy, policies and related material based on the potential
impact to NERC regulatory compliance programs, and business plans. Regularly,
I’ve supported and participated in the development of infrastructure
compliance documentation required by NERC CIP regulatory standards. - Consistently,
I utilize personal drive and self-motivation, to maintain subject matter
knowledge of NERC regulatory standards, for commercial and industrial power
and communications systems, providing technical recommendations to project
teams, integrating and aligning policies and operating procedures based on
lessons learned and best practices, with company policies and procedures,
ensuring consistent business processes, and continuous process
improvement. - Daily,
I utilize analytics to identifying potential areas for process improvement, performing assessments of many types, using quantitative and
quantitative analytics, to develop security metrics that measure
effectiveness, efficiency, and operational risk, focusing on changes in NERC
CIP standards and (FERC 693, 706, 802, 791, 822, and 1000). - Annually,
I’ve reviewed applicable NERC CIP Standards
documentation for compliance with NERC CIP V3, V5/6 regulatory
standards. - Potentially,
identifying gaps in NERC CIP compliance programs, processes, and procedures,
during the design build phase, reducing potential compliance impacts relating
to larger, more complex infrastructure protection projects. - Annually,
I review internal NERC CIP internal
compliance value added documents, potentially identifying gaps within
organizational units, reducing compliance impacts relating to larger, more
complex infrastructure protection projects. ► Developing initiatives, striving to ensure compliance
with enterprise security policies and NERC standards - Weekly,
I monitor changes in NERC CIP Reliability Standards potentially identifying new compliance requirements. Effectively, I
work face-to-face with multiple cross-functional internal and external teams,
and diverse stakeholders, establishing and maintaining effective
business relationships, collaborating with SMEs, exercising sound judgment,
driving technical and compliance requirements for modifications to existing
infrastructures or devices. - Regularly,
I work with organizational units, and project teams enterprise-wide providing technical knowledge, and feedback, collaboratively
implementing practices that meet defined industry standards for maintaining
policies, and information system security documentation. Continually,
I work to evaluate opportunities for improvement, conducting systems analysis,
of potentially impacted critical systems, proposing enhancements.
- Proactively,
I provide a technical lessons learned perspective, about NERC standards
requirements, best practice, and any other operating
performance requirement, measure, program, procedure, process design, or
internal controls. Diligently, I strive for continual improvements
to internal practices for information technology, and risk management,
such as, but not limited to, the potential for gaps in application security,
infrastructure security. ►Delivering cost-effective, compliant solutions and
recommendations for validation of data - Partner
with internal OU SMEs and management
to define and develop strategic plans to analyze data management
processes for production cyber-system functionality, including internal
maintenance of NERC standard internal policies, programs, processes,
procedures, and internal controls, that support technical and operational
cyber-security requirements, applicable to NERC CIP V3, V5/6 standards.
Continually, I advise and provide upper management with the needed levels
of understanding of technical risks in business terms, for implementation
of new, or existing technologies, prioritizing deliverables in a manner that
meets projected milestones, which is required to make appropriate business
decisions. - Consistently,
I utilize in-depth understanding and experience of mission-critical
cyber-systems, assessment practices, and
internal controls, including those that impact data applications, platform or
cyber-system upgrades, to determine and ensure technical solutions adhere to
NERC CIP standards. Regularly, I work with internal and external
groups and cross-functional teams, clearly emphasizing the need to
prioritize critical decisions, effectively managing multiple tasks and
complex follow-up activities, developing or enhancing efforts to align with
NERC requirements, that are cost effective, and increase industrial
security awareness for mission critical infrastructures. Establishing and maintaining effective business
relationships, exercising
sound judgment, driving technical and compliance requirements for
modifications to cyber devices or the implementation of new
technologies. Continually, I work to improve system performance testing
processes, recommending creative solutions which are compliant. Providing
advanced knowledge transfer of embedded systems, programmable cyber-asset
device classes, ICS/SCADA architectures, power systems, SCADA and data
acquisition systems, MODBUS, DNP3, and IEC 61850 “Goose” protocols to name a
few. ►Quality Assessments /Quality Control Processes - Proven
ability to observe potential cyber security risks and weaknesses, taking into account complexity and interdependencies of industrial
systems, and corporate technological applications. Providing security
recommendations to project and delivery teams, and advocating for
opportunities for process improvement, which providing uniform quality,
accuracy and consistency of compliance evidence that supports compliance
requirements, and the company vision. - Partnering
with organizational units and compliance teams to address potentially identified gaps in compliance or security, for
information management and privacy requirements. Proficient at understanding
and assessing risk related to cyber security, compliance, programs,
processes, and procedures, including internal controls. Continually
assessing key areas of security, and compliance to understand potential gaps,
analyzing, and recommending approaches, or solutions, distilling results
in a way that provides consultative support, reporting the status of impacts
to group leaders and upper management. - Performing
internal Quality Assessment & Quality Control “QA/QC” processes, including spot checks, for planned or ongoing infrastructure projects,
and associated activities, I’ve investigated incidents of potential
non-compliance, performing risk assessments, reviewing critical vulnerability
assessment data, reports, and remediation plans, ensuring practices and
activities meet NERC requirements. Frequently, I take the initiative
to research alternative and innovative solutions to both business and
technical problems, analyzing data, delivering professional insights, and
recommendations, ensuring attention to security and regulatory
considerations, driving QA/QC initiatives as part of the critical
process. Continually, I strive to protect confidential information from
unauthorized access, use, disclosure, disruption, modification, inspection,
recording or destruction, regardless of the form the data may take, be that
electronic or physical. - Significant
industry knowledge and expertise, pertaining
to the design of information management systems and security controls, across
complex industrial networks, application platforms and infrastructures, in a
way that ensures attention to security and NERC regulatory considerations,
driving QA/QC initiatives as part of the critical process. Working
knowledge of NERC CIP Standards concepts, best practices, and procedures
related to this organization, conducting ongoing compliance security reviews,
and competitive research in technological areas. - Team-oriented
professional possesses the proven ability to collaborate
effectively with organizational units, managing the execution of internal
reviews related to external assessment efforts, participating, tracking,
reporting on potential security concerns, establishing compliance, and
security reports, promoting continuous process improvement.
Functioning as a team member for infrastructure related projects, I’ve
utilized innovation and multiple analytical techniques such as critical and
conceptual system analysis, strategic thinking, and intuition to analyze
moderately high-risk situations. - Presenting
results in a clear, focused, accurate manner, driving standardization, process improvement, and information
assurance into extremely challenging situations, recommending resolutions of
complex project parameters, analyzing, and communicating proposals for
solutions upward. - Experience
with industrial cyber-security activities designed to protection of
confidential information for large industrial
enterprises, identifying and analyzing industrial topologies, recommending
system modifications that improve efficiency, and accuracy of inventory for
T&D and It confidential infrastructure documentation. Continually,
I strive to protect confidential information from unauthorized access,
use, disclosure, disruption, modification, inspection, recording or
destruction, regardless of the form the data may take, be that electronic or
physical. Identifying and analyzing potential industrial
cyber-security concerns of large industrial enterprises, I’ve analyzed
complex project parameters, recommending system or documentation modifications
that improve efficiency and accuracy for T&D and IT confidential
infrastructure documentation. - Expertise
and specific technical knowledge of
cyber-security tools, intrusion detection and prevention systems, antivirus,
log analysis "Splunk", packet capture (Net Decoder), and
vulnerability management applications. Field experience validating the
configuration of industrial systems in EMS, and production environments, that
includes cyber-system hardening, and proactively providing analytical root-cause-analysis
of potentially identified issues related to NERC CIP non-compliance. ►NERC CIP Vulnerability Assessment Reviews - Representing
the Reliability Standards Compliance “RSC” OU, supporting the development of the NERC CIP V5 Vulnerability
Assessment Program. Performed NERC impacted facility
vulnerability assessment analysis, of available cyber-asset criteria, to
determine potential risks to NERC facilities. - As
part of CVA assessments, I've reviewed
cyber-asset configuration, cyber-asset lists within ESP/PSP,
network/Electronic Security Perimeter "ESP" diagrams, cyber-asset
ports and services documentation, patching management policies and levels,
password policy's, physical security systems, switches, and firewall rules,
for NERC impacted facilities. Continually, I provide detailed
technical knowledge of potential network infrastructure threats,
assessing intrusion containment and mitigation techniques, performing
vulnerability analysis, of select, available cyber-asset criteria, such as
cyber-asset baselines, configurations, cyber-asset ports and services,
password policy's, cyber-asset lists, ESP/PSP diagrams, physical security,
patch management policies and levels, switching, and firewall rules (etc.),
for applicable NERC impacted facilities, continually providing technical
knowledge and mitigation techniques for potential network infrastructure
threats. - Proactively,
I've reviewed NERC impacted project parameters and related evidentiary documentation, potentially identifying
gaps in operating effectiveness, or compliance status, tracking the
remediation of potentially identified deltas. - For
various infrastructure and NERC related projects, I collaborate with members
of different organizational business units,
cross-functional teams, field personnel, and third-party service-oriented
providers, with regards to cyber-security assessment reviews, providing
identification and transparent communication, of potential vulnerabilities,
reducing the likelihood of a non-compliance finding. - Working
closely with infrastructure teams, I've
evaluated potential security vulnerabilities, proposing mitigation strategies
for potential network vulnerabilities, identifying opportunities for process
improvements. As part of continual evaluations, I've reviewed NERC
impacted project parameters and related evidentiary documentation,
for potential gaps in operating effectiveness, and compliance status,
potentially identifying gaps in operating effectiveness or compliance,
proposing opportunities for process improvements, tracking the remediation of
potentially identified deltas, driving initiatives to develop and execute
appropriate action plans that mitigate potential system security
vulnerabilities. - Potentially
identifying gaps in operating effectiveness or compliance status, proposing
opportunities for process improvements, driving initiatives to develop and
execute appropriate action plans that
mitigate potential system security vulnerabilities, identified as part of a
critical vulnerability assessments, tracking the remediation of potentially
identified gaps, clearly articulating systems evaluation results in a
focused, clear and concise manner upward. - Continually,
I strive to ensure and establish best practice risk-based management processes and procedures, proactively assessing
industrial project related evidentiary documentation, evaluating testing of
security configurations for integrated systems and physical and logical
security concerns for industrial infrastructures. ►ESP/PSP/PSZ Flow Diagrams and Drawings - On
a regular bases I assessing potential risks associated with production
infrastructure projects, reviewing NERC CIP V5 project
plans, ESP/PSP/PSZ diagrams, specification diagrams, and
flowcharts, to assess conceptual, logical, physical security, related to data
flow, for T&D documentation, or information security programs for
industrial systems, providing timely feedback to upper management. As part
of asessment processes, and development life-cycle of T&D documentation,
utilizing strategic thinking, and analytical skills, I’ve interact with
managers and SMEs, associated with production infrastructure technology
projects. ►Patch Management Regularly,
I've assessed infrastructure architectures and design strategies, evaluating interdependencies between infrastructure,
application platforms, capabilities, design limitations, as well
as configuration of industrial cyber-security controls, across
cross-functional matrixed environments, especially those relating to
firewalls, access control, authentication, anti-virus/anti-malware, patching,
logging, and security monitoring. - Interacting
with vendors and project teams to ensure solutions deployed are compliant and in alignment with corporate policies and NERC standards for
industrial cyber-asset security-related software patches, for applicable
cyber-assets at NERC impacted facilities. - Providing
proposals for the design, implementation, and
monitoring of security patch management program, and for tracking,
evaluation, testing, and installation of required security patches to mission
critical cyber-systems. For installation of required security
patches to mission critical cyber-systems, I’ve provided proposals for
the design, implementation, and monitoring of security patch management
systems, “Secunia” for tracking, relevant critical cyber asset
patches. ►Incident Response - Provide first-hand knowledge of security concepts, and methods such as
enterprise security strategies, intrusion detection, and incident response
management, I’ve advised internal customers, during development and
implementation phases of BES infrastructure projects, and programs. ►Participating in the planning and implementation of
disaster recovery programs, operating procedures, external and internal
audits, risk assessment processes for industrial infrastructures and
cyber-assets -
Participated in disaster recovery planning, reporting the status of system
recovery processes and procedures, including disaster recovery plans, upward. - Demonstrated
proficiency with internal audits for
enterprise-class organizations, assessing, recommending, that implementation
of remedial measures intended to reduce the risk of potential NERC CIP
non-compliance incidents. Recently, I participated in a 2015 NERC
regulatory compliance audit, providing pre-audit supportive activities as
required. ►Promoted - CIP / Electrical / Automation / Sr. Communications
Engineer
2011 to 2013
►Tucson Electric Power “TEP” – PCAM Group, Tucson, AZ Utility
Certified – “NERC CIP
Compliance-SME” (693, 706) - Participated
as part of the Protection, Communications, Automation, and Metering groups for strategic evaluations of infrastructure
system designs, recommending technologies, information systems, and
application platforms that support long-range corporate goal
attainment. Daily, I participated in strategic evaluation of infrastructure
system designs, selecting appropriate technologies, systems and
applications supporting long-range corporate goals. As part of this dedicated team, I worked
to coordinate and implement medium to
large industrial compliance projects, developing and executing plans to meet deadlines,
incorporating engineering theories, and techniques as well as engineering and
government codes and regulations, and NERC compliance requirements. Responsible
for annual and quarterly review, management of change, technical feasibility exceptions, and critical
vulnerability assessments of NERC CIP V3 impacted facilities. Continuously,
I strived to ensure understanding of NERC compliance requirements,
coordinating special projects, incorporating engineering theories, NERC
standards concepts and techniques as well as engineering and government codes
and regulations. Daily, I operated under pressure responding to
rigid time constraints, conducting, monitoring, reporting CVA status and
coordinating NERC CIP activities. I’ve analyzed data for engineering
projects utilizing specialized utility programs, and vendor-specific
software, developing security test cases and cyber asset, device-class
profiles, needed to implement security strategies. Frequently,
I interacted with business stakeholders, providing presentations to management at all levels, service
providers, network OEM’s, electrical and communication network individuals,
and design teams involved in cyber security quantitative, and quantitative
analysis of production infrastructures, providing technical support to team
members. On a daily bases, I provided technical support to team
members, ensuring that technical performance specifications were clearly
defined and that applications were fully understood. Together we
synthesized complex information ensuring adherence to directives for security
monitoring, infrastructure reliability, and performance management to enhance
an overall cyber security posture. Regularly,
I interacted with management at all levels, wireless service providers, network OEM’s, electrical and
communications network design companies, individuals and teams involved in
cyber security and analysis of production infrastructures. Experience
participating in cross-training activities designed to share lessons
learned with cross-functional teams, providing expertise based on lessons
learned, fostering a culture of continuous improvement. Regularly, I
participated in Cyber Incident Response Team exercises and emergency
response activities, working together with vendors, application developers,
database administrators, corporate IT and other technology groups, towards
potential problem resolutions. To enhancements over-all cyber security
posture, I’ve worked with vendors, application developers, database administrators,
corporate IT, and other technology groups to resolve problems by
synthesizing complex information, to ensure adherence to internal controls
for monitoring organizational reliability and regulatory requirements. EXPERIENCE
& RESPONSIBILITIES ►Monitoring Change in NERC CIP Version 3 regulatory
standards - Attended conferences, NERC webcasts, and WECC
regulatory workshops. ►Managing time efficiently, meet operational needs and
regulatory deadlines - Implementing
organizational objectives set by utility directors
and upper management, interfacing and collaborating with design teams and
project personnel and all levels, participating in the decision making
process, identifying anticipated benefits, consequences, and impacts of
potential alternatives; raising the knowledge and skill level of
engineering team members responsible for compliance with the NERC CIP-Version
3 reliability standards - Coordinated
compliance projects, for production environments, working closely with utility IT, IS Security, T&D, System
Operations and EMS teams to implement project plans, ensuring timely
completion of NERC CIP compliance deliverables. Interfacing and
collaborating with project personnel at all levels, of project milestones for
upper management, participating in the decision-making process to determine
anticipated benefits, contributing to continuous process improvements,
preparing reports of project milestones for upper management. - Proven
ability to handle multiple projects and priorities, prioritizing as necessary to align with current business objectives. - Managing
projects effectively, meeting operational
deadlines, disseminating information internally and across business units, to
help develop and understand organizational compliance objective; coordinating
projects, and working closely with utility teams and individuals from IT,
IS Security, T&D and EMS to ensure CIP compliance and report project
progress to upper management; project management and coordination of
cross-functional teams and technical experts - Participating
in the development and continual review of NERC CIP processes and
procedures, ensuring that the reliability, performance, integrity, and
recoverability of identified Critical Cyber Asset (CCA’s) comply with NERC
CIP version 3 requirements; proper change management documentation for
all hardware and software modifications. - Establishing
and maintaining positive and productive working relationships with team members, various individuals, groups, peers and
cross-departmental groups, enhancing a mind-set for continuous improvement; interacting
with all levels of system support including, design, build,
implementation, configuration, cross-functional coordination, daily
operational maintenance, root-cause-analysis, usage monitoring, testing,
system upgrades, implementation and coordination of resources to meet
requirements needs at the operating expectations. - Participating
in cyber incident response team exercises,
reporting and leading system recovery efforts, including disaster recovery
planning. - Management
of change management and TFE processes for hardware updates and
software configuration changes to industrial infrastructures - Field
experience validating the configuration of industrial systems in EMS, and production environments, that includes cyber-system
hardening, and proactively providing analytical root-cause-analysis of
potentially identified issues related to NERC CIP non-compliance.
For assigned projects managed estimation of timelines, milestones, and course
corrective actions if need to achieve company objectives. Expertise
and specific technical knowledge of cyber-security tools, intrusion
detection and prevention systems, antivirus, log analysis "Splunk",
packet capture (Net Decoder), and vulnerability management
applications. - Compliance
teams, SMEs and I worked to prioritize deliverables in a manner that meets projected milestones, coordinating project
compliance related activities across various business lines and area
departments. Participating in cross-functional teams, I’ve
worked to build and maintain strong, dynamic partnerships across
organizational lines, engaging with technical experts, developing awareness
of operational issues, enhancing my knowledge, and each team member involved
to the extent possible, for compliance related to NERC CIP-Version 3
reliability standards. Operational maintenance teams and I utilized
root-cause-analysis, automated tests, potential system upgrade
implementation, and coordination of resources, to meet compliance and
business requirements consistently. ►Strategically planning activities, related to
regulatory compliance data collection, and preparation - Provided
a holistic understanding of enterprise cyber and physical security status for
projects deployed in production environments, analyzing
industrial control system architectures, and security processes, utilizing a
systems development life-cycle approach. Serving as a NERC CIP
compliance technical subject matter expert "SME", proactively
working to identify or anticipate benefits, or consequences, and potential
impacts of alternatives, driving the concept of continual process
improvements to specialized teams involved and upper management. - Proficient
using independent judgment to coordinate, support, management of internal
groups implementing information security procedures
designed to ensure compliance with regulatory requirements, making timely
recommendations to upper management in a clear and informative manner. Regularly
assessed industrial production, cyber assets, utilizing network sniffers
and scripts, performing system log statistical analysis using “Splunk,”
disseminating information internally across business units, promoting
transparency, and understand of organizational compliance objectives. - Participated
in user acceptance testing,
potentially identifying risks and mitigations, providing updates to
stakeholders, and regularly interacting with all levels of EMS, and
production support personnel, including design, implementation, configuration
and cross-functional teams, who worked to ensure coordination between all
internal customers. ►Annual and quarterly reviews of
various documents, configuration management processes, tracking Change
Management documentation for all appropriate hardware and software
modifications; Technical Feasibility Exceptions Functioning
as a subject matter expert, I've served in
cross-functional teams demonstrating cross-group collaboration while
implementing change management processes for hardware and software upgrades,
directly participating in system updates and software configuration changes
for industrial cyber-assets, reviewing project or process designs, milestones
and TFE creation or review. - Responsible
for T&D Change Management processes, monitoring
configuration changes, hardware and software updates to critical cyber
assets. Maintained cyber-asset database for NERC impacted
facilities, working directly with engineers, business stakeholders, and
technical project management teams to understand the scope of ongoing
projects, effectively managing interactions to ensuring timely completion of
compliance, and operational requirements. - Responsible
for initiation of change management requests, managing Change Management process documentation, evidence collection
for projects involving the addition, modification, or decommissioning of
critical cyber assets in production environments. Utilized the “Service
Now” database for evidence assessment, categorization, and tracking of
project milestones, developing new or enhanced test plans, test cases,
or evidence collection strategies. ►Collaborated - Vulnerability Assessments as required by “V3 NERC CIP
Reliability Standards” ►Managing/Conducting Vulnerability Assessments - Extensive experience with NERC CIP V3 impacted facility Critical
Vulnerability Assessments - Supervising
compliance validation of industrial IT and
production infrastructure networks, providing analytical root-cause-analysis
of issues identified related to potential NERC CIP non-compliance; planning
and maintaining activities pertaining to regulatory compliance such as,
data collection and root-cause-analysis techniques, reporting and preparing
evidence in preparation for audits. - Identification
of information security control
frameworks, resolving issues for industrial networks; identifying gaps
in operating effectiveness, and opportunities for more efficient,
effective controls; proactively identify compliance issues and
creation of mitigation plans to support regulatory requirements. - Testing
and validating security configuration of
integrated systems and/or physical and logical communications networks,
driving initiatives, to develop and execute appropriate action plans to
resolve system security and BES reliability issues identified as part of a
vulnerability assessment(s); performing data analysis activities
requested by management staff responsible for compliance programs; creation
and tracking of mitigation plans, validation and remediation of VA
findings. Hands-on experience configuring, deploying, and
managing mission critical network appliances associated with industrial IT
architecture systems, revising or modifying systems to enhance security
within substation network environments; maintaining proficiency in the
use of tools and applications utilized to automate data collection processes,
analyzing, and reporting findings of real-time mission-critical data needed
to maintain compliance documentation for current NERC Reliability Standards; reviewing
and managing user access to PSP(s), ESP(s), confidential information, and
maintenance of critical cyber asset databases - Annually,
in conjunction with external vendors, I managed/performed technical audits of
mission-critical infrastructures coordinating, reviewing and
validating vulnerability assessments of mission critical infrastructures, and
communications systems, assessing systems from a compliance and security
perspective, looking for potential industrial cyber-security gaps. As part of Critical Vulnerability Assessments, I've
reviewed cyber-asset configuration, validated cyber-asset list within
ESP/PSP, reviewed network and Electronic Security Perimeter "ESP"
diagrams, reviewed cyber-asset ports and services, patching and password
policies for SCADA and Physical Security systems, switches and firewalls
within NERC impacted facilities. - Randomly,
or as part of the change management process,
I’ve performed vulnerability assessments "Pen Testing" and related
security measures, for critical cyber assets, testing over-arching security
defenses, intended to identify opportunities for process improvements,
providing proposals to upper management. - Hands-on
knowledge of business methodologies, tools, resource management practices, and change management techniques, quickly adapting to the demands
inherent in managing multiple projects simultaneously. As part of
ongoing T&D infrastructure projects, utilizing automated and manual
methods, I provided detailed testing, diagnosis, and analytical results,
regularly reviewing system configurations, assessing mission critical network
appliances associated with industrial production systems within substation
environments, identifying opportunities for process improvements, informing
business stakeholders and upper management of the results. - Proactively,
I’ve participated in the review of NERC CIP V3 processes and procedures, performing system integrity and recoverability assessments of
identified Critical Cyber-assets (CCA’s), confirming compliance with NERC CIP
V3 Regulatory requirements. Responsible for
annual assessments of site-specific drawings, ensuring the accurate
depiction of inter-connectivity between different mission critical cyber
systems, including maintenance of critical cyber asset databases, and
management of user electronic access to critical cyber assets within
ESPs. Serving as an SME for site specific hardware, software and
architectures upgrades, I’ve supported network infrastructure activities
intending to identify, potential intrusion or system breach, utilizing third
party tools, providing detailed analytics diagnosing test results using
automated and or manual processes. ►Experience
participating in compliance activities for industrial IT, IP, and fiber
production infrastructure networks - Hands-on
experience configuring, deploying and managing
mission-critical cyber assets associated with industrial production
architectures, revising or modifying systems within NERC impacted network
environments, utilizing specialty tools, scripts, and applications to
automate the data collection processes, analyzing, and reporting findings of
real-time, mission-critical systems data, needed to maintain compliance with
NERC reliability standards. Routinely, I've conducted spot
checks of compliance, for ongoing projects, as required by NERC
standards. ►Evaluated ESP/PSP compliance, based on system designs,
and NERC standards, focusing on detection, prevention - Annually,
I’ve reviewed and assessed SCADA networks and Electronic Security Perimeters
“ESP” site and topology diagrams/drawings to
ensure the accurate depiction of systems and connectivity, minimizing the
risk of unintentional data transfer between networks or different trust
levels. - Interacted
with managers and SMEs to develop NERC CIP
V3 project plans, specification documents, diagrams, and flowcharts. Serving
as an SME, I’ve provided recommendations concerning potential changes in
mission-critical, cyber-security measures, due to technology or
regulatory change, or because of expansion, upgrade, or modification. ►Tracking and logging of mission critical cyber
assets - Responsible
for quarterly security monitoring, interpreting
logs from a wide selection of cyber-assets classes and models, looking
for potential production environment breaches, correlating
rules, translating potential threats into action alerts. Proactively,
I assessed mission-critical infrastructures, and cyber-assets, taking
steps to mitigate potentially identified gaps, minimizing possible
Attack-Vectors and associated Cyber-Risk. - On a quarterly basis, or more, I’ve conducted log reviews of failed or
successful login attempts to critical cyber assets utilizing “Splunk” for log reviews. First-hand
knowledge and field experience with various security technologies used
for secure ID log analysis, such as "Splunk" for log reviews,
performing additional analysis of firewall rules, and system configuration
files. - Maintained
proficiency in the use of tools and applications utilized to automate data collection processes, analyzing and
reporting on potential findings of real-time mission-critical data needed to
maintain compliance documentation for NERC reliability standards, informing
stakeholders and upper management of the results. ►Participated disaster recovery efforts, and exercises,
supporting SMEs ensuring alignment with corporate and regulatory requirements - Participated
in restoration and disaster recovery readiness activities, I reported on testing of system recovery processes, including
disaster recovery planning, implementing, testing; supporting backup and
restoration efforts for mission-critical production systems. - Partnered
closely with external vendors, assessing
security and or system test results with NERC CIP and facility specialists,
collaborating with vendors to enhance relationships, gaining strategic
insight, ensuring that any potential solutions deployed are in alignment with
project specifications, and NERC standards. - Participated
in compliance validation exercises for
industrial IP, serial and fiber production infrastructures, analyzing and
reporting on potential gaps of real-time mission-critical infrastructures,
potentially requiring updates to comply with NERC reliability standards,
reporting and communicating status to upper management. ►Password Management”: Responsible for password change processes for critical cyber assets,
using multiple means, including manual, or semi-automated approaches, and an
automated method utilizing "Crossbow". ►Patch Management: Enhanced
knowledge of physical or cyber-security within production
environments - Utilizing
industrial cyber-security and networking principles, I affected change,
evaluating cyber-security configurations, verification, or update of security
patch versions for production critical cyber assets. Configured
cyber-devices, assessing security settings, utilizing "Secunia"
for assessment of industrial cyber-assets security patches, evaluating the
status of applicable cyber-asset security related firmware, or patch
upgrades, factoring in NERC standards, and the potential risk to the
infrastructure and the company. ►Incident Response: Participated
in cyber incident exercises that include, security incident response
training, investigations, and annual program reviews. ►Electrical Instrumentation Unlimited of California -
Bakersfield, CA
2009 to 2011 ►Electrical Engineer Daily, I interacted with customers,
vendors and Occidental, Vintage Petroleum top management, providing project
reports, communicating status about potential security weaknesses and threats
to industrial infrastructures, about instrumentation, automation, and
industrial serial, Ethernet, and Gigabit fiber communication systems. Utilizing,
ever evolving analytical and technical skills to understand complex
problems, conducted in-depth system analysis, and prototyping, I defined
solutions to address potential critical issues. Directed short circuit analysis and Load Flow Studies of low, medium and high voltage substation and power-line electrical
equipment using engineering analysis software such as ETAP, analyzing
primary/secondary power distribution systems for hazardous area
installations; performing electrical field surveillance and power quality
analysis, to facilitate reliable electrical equipment operations of
motors, transformers, switchgear and substations, providing daily field
operations support for electrical equipment deployment, investigation of
problems or failures recommending engineered solutions; performing
Arc Flash and Hazard Analysis Studies of production electrical
infrastructures utilizing ETAP and creation of Arc Flash PPE Labeling; providing
technical review of project specifications, electrical one-lines, circuit
drawings, and wiring diagrams; conducting acceptance testing and field
commissioning of commercial and industrial electrical systems. Hands on
experience with HAN, WHAN, WAN/LAN, WWAN / WLAN, network architect and
security design for a global company. I have significant experience
with RF planning, signal propagation, site surveying, RF & wireless
network engineering tools, wireless device security applications, Arc Flash
Safety Standards and Google Earth mapping of Oxy Oil fields
infrastructures. EXPERIENCE & RESPONSIBILITIES ►Project Management of “Arc Flash” analysis of primary
and secondary power distribution systems - Progressive
project management experience, with
capital projects, for mission critical primary and secondary distribution
systems - Utilizing
ETAP to perform Arc Flash and Hazard Analysis studies of (12.5kV, 46kV, 138kV, 345kV) infrastructure systems, performing
electrical field surveillance, load studies, and power quality analysis,
facilitating reliable electrical equipment operations of motors, transformers,
switchgear and substations, and creation and deployment of Arc Flash PPE
Labeling. - Responsible
for overseeing daily field operations support services for electrical equipment deployment, investigations
of potential problems or failures recommending engineered solutions. What
I brought to the table, was a solid understanding of many Oil and Gas
communication and control systems. - Experience
evaluating security weaknesses and threats to industrial infrastructures, as well as knowledge of industry standards & codes including
NIST, NFPA 70 and 70E, NEC®, NFPA, IEC, NEMA, IEEE, OSHA safety standards,
network security, and Sarbanes-Oxley 404 "SOX". ►Project management and implementation, configuration,
and technical support of industrial Electrical and Communications Systems - Successfully,
I've coordinated hundreds of design and construction projects, implementing communications and power conversion systems for
electrical, digital and analog controls, SCADA, industrial IT, power
electronics, and circuit protection. Carried out site surveys, network
engineering, implementation management, commissioning, and field acceptance
testing of commercial and industrial electrical power systems. Responsible
for integration of wired and Wireless networks, providing for technical
design review of project specification, electrical one-lines, circuit
drawings, and wiring diagrams, including physical and cyber-security of
mission critical systems. - Extensive
knowledge of industrial communication systems, industrial instrumentation,
SCADA, automation, PLC ladder logic programming, DCS, calibration,
barcode scanners, vision systems, hydraulics, and pneumatics. ►Conducted acceptance testing and field commissioning of
commercial and industrial electrical systems - Industrial
Network Planning, System design, and deployment experience, System Optimization, RF/ Wireless Networks, Ethernet Microwave, Data
Acquisition Systems, Modbus, RS232, RS485, root-cause-analysis, RF planning,
signal propagation, and RF & Wireless network engineering. - Responsible
for deployment activities related to
installation, configuration, and commissioning of PLC and proprietary
control systems, PC’s and SCADA system communications, testing automation,
remote telemetry, instrumentation, and motor control, and other assigned
mission critical cyber-systems. - Provided
timely technical review of projects,
conducting acceptance testing, and field commissioning, of commercial and
industrial electrical power systems. - Participated
in user acceptance testing for identifying
potential risks and mitigations, regularly provided updates to stakeholders
and upper management. - Industrial
Network Planning, system optimization, broadband system design and
deployment, RF/ Wireless Networks, Ethernet Microwave, Data
Acquisition Systems, Modbus, RS232, RS485, root-cause-analysis. ►Promoted - Senior Industrial Automation &
Communications
Specialist
2007 to
2009
►LDL Services Inc. of California - Bakersfield, CA Co-managed licensed and license free wired/wireless, LAN / WAN
networks, systems management of PTP, PMP, Repeaters, Mesh
networks, GPS timing and synchronization across TDM and IP networks.
Communications infrastructures include a wide variety of communication modes
comprised of licensed serial and spread spectrum, microwave radios, and
wireless Ethernet and Gigabit fiber. Progressive
project management responsibility for planning, analyzing, and implementation of microwave and
wireless Ethernet, WLAN / WWAN networks, and backhaul infrastructure designs
that include a wireless communication backbone which supported several
thousand remote nodes. Designs consisting of licensed and
license-free wireless networks included a variety of communication modes
from licensed serial and spread spectrum and microwave radios, to wireless
Ethernet, Gigabit fiber, PTP, PMP, repeaters, and mesh network communications
systems, utilizing GPS timing and synchronization across TDM and IP
networks. Microwave Data Systems (MDS) expert,
experienced using RF propagation tools, performing detailed RF measurements
using vector signal analysis, network analyzers, spectrum analyzers and power
meters to name a few, analyzing signal propagation in extremely rough
terrain. Skillfully, I monitored, tuned, and maintained a multitude of
wired and wireless network components and systems utilizing security
monitoring tools, and performance analysis software and hardware to
troubleshoot and isolate problems, gauge network performance, and cyber
devise solutions to moderately complex operational problems within the
capacity and operational limitations of installed equipment. Directly
accountable for completion of assigned projects at or below budget
cost for labor, material, hardware and inventory control. Real world
experience, project oversight, deploying, supporting and introducing new
technology, based on business needs. EXPERIENCE & RESPONSIBILITIES ►Conceptualized design, construction, systems
implementation, and integration testing of hardware, software and industrial
networks - Supervised
roll out of SCADA and data acquisition systems, using specialized tools to
lead technical efforts to get a new facility connected to power, Radio, RF/Microwave, wireless Ethernet, broadband
communication systems. Successful planning, coordination and
implementation of interior and exterior electrical and wireless Communication
projects, ensuring high quality and ongoing production, backed by strong
recommendations and a proven history of high-quality project completions,
delivering engineering solutions for communications networks for a global
company. Experience with design and turnaround planning for capital project
work. Proven ability to manage multiple projects and
priorities and align them with current business objectives. - Oversaw
construction utilizing, ever-evolving analytical, and technical skills, to
understand complex problems, define
potential solutions - Conducted
in-depth technical system analyses, and prototyping to assess proposed
solutions to technical a problem, participating in the design, development,
implementation, and optimization, of infrastructure systems that enable
business, and engineering, operational access to data acquisition systems
need for critical control systems. Exercised independent judgment
in obtaining results, working on issues where analysis requires an evaluation
of intangibles, supervising electrical contractors installing components for
critical systems. - Project
management responsibility, overseeing evaluations,
job walks, design, documentation, installation, configuration,
implementation, system startup, testing, and commissioning of critical
systems . Construction management of electrical and communication
infrastructure construction projects, provided project status, about
security weaknesses and threats to industrial infrastructures, pertaining to
instrumentation, automation, and industrial serial, Ethernet, and gigabit
fiber communication systems. - Evaluated
project status, produced reports during each operational phase, for critical infrastructure systems including switches, hubs,
routers, bridges, gateways, DCS, and SCADA systems, developing project
schedules, facilitated construction site progress meetings, and adjusted
statements of work, timelines, workflow plans. Participated in user
acceptance testing for identification of potential risks, and
mitigations, regularly provided updates to stakeholders and upper management. - Significant
first-hand experience with local area network “LAN” hardware and software
testing equipment such as sniffers, scanners, cable
testers, and Cabling systems - Responsible
for overseeing/performing field surveys, RF coverage, and spectrum analysis, system and cabinet level design, technical documentation, including
drawings, test plans, network management, including the assignment of IP and
RTU addresses, as well as configuration documentation for large-scale
communications projects. Established daily personal project
performance objectives, maintaining licensed and license-free wireless
LAN / WAN networks, consisting of Point-to-Point and Point to Multipoint data
systems, repeaters, mesh networks, including a wide variety of communication
modes comprised of licensed serial and spread spectrum and microwave radios,
and wireless Ethernet and Gigabit fiber, including GPS timing and
synchronization across TDM and IP networks. - Extensive
knowledge of RF (radio frequency) communications, including wireless LAN technologies, communications system issues,
including requirements documentation preparation, detailed system design
drawings, and test plans. Daily, I performed network troubleshooting
isolating and diagnosed complex network problems in a large-scale industrial
environment. - Motorola
Wireless infrastructure expert,
extensive installation experience with wireless communication devices such as
access points, GPS timing, and remotes. Extensive knowledge of
wireless communication systems, hardware and software upgrades, testing,
device operation and automation for highly diverse “Oil and Gas” systems,
deploying Motorola wireless Canopy, Orthogon, and (OFDM) communications
systems - Exceptional
knowledge and skill when calculating Link Budgets using specialized programs such as TAP, PathLoss or Ellipse, utilized
knowledge of GPS coordinates, and proprietary system tools. Delivered
exceptional customer consulting services, responsive to the needs of internal
and external customers, vendors. Developed outstanding,
customer-focused relationships, promoting understanding of Utility or Oil
and Gas type communications and control systems - Responsible
for design of network segments and implementation of wireless communication
backbone segments, which supported several thousands of remote
nodes, supporting SCADA related systems. ►Promoted - Industrial Instrumentation &
Automation / Communications
Specialist
2004 to
2007
►EIU - Electrical Instrumentation Unlimited of California -
Bakersfield, CA Years of experience
implementing projects to meet operational deadlines saving the high cost of extra labor, due to incorrect installation or
misuse of equipment. Co-managed licensed and license free
wired/wireless, LAN / WAN networks, systems management of PTP, PMP, Repeaters,
Mesh networks, GPS timing and synchronization across TDM and IP
networks. California licensed senior industrial communications /
electrical specialist participated in operational planning, coordinating and
efficient implementation of new or retrofit interior and exterior electrical,
SCADA, and wireless communication projects. Supervised roll out of SCADA, data, and communications mission
critical cyber-systems using specialized
tools. Lead the implementation of Radio, RF/Microwave, Wireless Ethernet,
Broadband systems, including fiber, LANs, radio, digital cross connect,
access control, public address, communication system testing, AC/DC Circuit
design, commissioning of new systems. Interacted daily with Occidental top management, customers, and
vendors providing project status updates and anticipated time to project
delivery. Regularly, I interfaced with operators, mechanics, vendors,
contractors and other groups to meet the business plan. Responded to
incidents, emergency outages (e.g., weather related or system failure),
problem resolution and work order documentation. Participated 24/7 on-call,
in support of emergency preparedness, and maintenance, understanding and
adhering to company policies NEC, IEEE, NEMA, and OSHA codes and processes
(e.g., network security, Sarbanes-Oxley 404) that apply while performing
system changes and repairs. EXPERIENCE
& RESPONSIBILITIES - Provided
oversight for activities related to Industrial Controls Systems (ICS), PLC Proprietary Control Systems, Supervisory Control and Data
Acquisition (SCADA) systems, Distributed Control Systems (DCS), Process
Controls, Remote Telemetry, for industrial network environments,
instrumentation, automation and motor controls. Diagnosed
"root-cause of failure" for electrical, instrumentation,
automation, and communications systems, during emergency outages related to
construction, or maintenance of SCADA and data acquisition systems,
microcontrollers, processors, instrumentation, automation and electrical
distribution systems. - Under
minimal supervision, responsible for evaluation, job walks, design,
documentation, installation, configuration, implementation, punch lists,
system startup, and commissioning of critical systems, including physical
media, switches, hubs, routers, bridges, gateways, telecommunications
transport facilities. - Directly
responsible for the evaluation of system design, developing PTP, PMP,
Mesh/WLAN, WWAN network architectures, backhaul
communication systems, including system performance, availability, recoverability,
maintaining best practice process related to written communication in support
of implementation and commissioning processes. Responsibility for
activities related to installation and configuration of communication systems
that support SCADA, and DATA communications, technical knowledge of Client
server systems. - Participated
in user acceptance testing to identify
potential cyber risks, and mitigations, regularly provided updates to
stakeholders and upper management. - Licensed California senior industrial communications/electrical specialist
participated in planning, coordinating and efficient implementation of the
new or retrofit interior, and exterior electrical SCADA, instrumentation, and
wireless communication projects. Proven ability to lead, prioritize
and efficiently multitask while thriving in a fast-paced, dynamic
environment. Specializing in Lufkin - SAM, Automation
Electronics, ABB – Total Flow, Schlumberger - electrical submersible pump,
Centrilift - electrical submersible pump controllers to name a few, with
instrumentation and automation deployment, including RTU configuration,
protection, and control panel configuration. Technically, interfaced
with field instrumentation, Fieldbus, HART and analog loops, Temperature,
and Pressure transmitters, to name a few. ►Electrical / Communication
Specialist
2003 to 2004 ►Electrical Instrumentation Unlimited of California - Memphis, TN Contracted by Technicolor, I
participated in construction projects working in conjunction with Tech
Conveyor, to install package processing and distribution equipment. I
was responsible for telecommunications wiring installation and project
inventory control. Field electrical capabilities include, but are not
limited to the interpretation of blueprints, and electrical schematics for
systems installation, underground conduit and installation of wire lighting,
and grounding of industrial systems and panels common to utility substations,
Oil & Gas and Green Energy electrical distribution systems. ►Project management of design, integration, testing and
engineering methodologies - Coordinating
and participating in the implementation of interior and exterior
industrial electrical, SCADA, data, and voice communication project
deliverables - Directly
responsible for the installation of critical systems and
root-cause-analysis of issues related to complex network wireless
environments. - Coordinating
the efficient implementation of
telecommunications infrastructure construction, I was directly responsible
for the overall inventory control. - Installation
of 12VDC, 24VDC, 120VAC, 240VAC, 480VAC, and 13.8KVAC commercial electrical
circuits for conveyors, sorters, tilt trays and PLC systems. - Designing
fiber optic based network infrastructure for a twenty-story high-rise, using
Nortel equipment for EIU client. ►Network Support Team
Member
2001 to
2003; 1996 to 1999 ►Information Technical Networks - The University of Louisiana at
Lafayette – Lafayette LA ►Computer Support and Manufacturing Research Team
Liaison
1999 to
2001
►Apparel
Computer Integrated Manufacturing - Lafayette, LA As Dr.
Kolluru’s personal research assistant, I have
the distinction of being one of the few, if not the only undergraduate
student to ever have held a position typically reserved for graduate and
Ph.D. students. Functioning as a liaison between administration
and research, I compiled data and reported findings on project status to
management and research team members. Daily, I collaborated on various
research and software design projects and was responsible for network,
intranet and web server administration for the ACIM Center. Regularly,
I monitored internal network security and responsible for internal network
connectivity issues, PC hardware, and peripheral device installation and
configuration. Programming knowledge utilizing SGI, and UNIX platforms
(Solaris, AIX) operating systems. In addition to other duties, I wrote
DOS based scripts, using network tools to perform daily backups of all
applications and developmental data for a multi-OS-platform network. ►Accomplishment: - IEEE - Complete Publication: ►Technical Publications: Published in the IEEE Journal - Co-authored:
“Design and Development of Autonomous Intelligent Smart Sensors" Qualifications Summary, Training, Skills, Keywords,
Computer Skills (software programs, hardware, operating systems) ►Internet Browsers: Firefox,
Chrome, Microsoft IE, Netscape Communicator and Navigator ►Web Design: Microsoft Publisher 97, Microsoft Front Page 98, Dream Weaver
4.0, Visual Page, Corel Web Designer, CSE HTML Validator, Exploit Submission
Wizard V.4 ►Servers: Experience with web servers such as: (Tomcat, Apache, Weblogic,
etc.) ►Desktop skills including: § MS Office 365, Lotus Notes, Lotus SmartSuite,
MS Works, MS Office XP, 97, 2000 Small Business, 2000 Professional, Windows
and MS Office, Excel, Word, PowerPoint, MS Project, Visio and MS Visio 2000
Professional, Excel, PowerPoint, Word, Word Perfect, Word Perfect, WP Office
2000, MS Office 2010 / 2013 ►Office Skills and Network Security related Applications: Strong, hands-on working technical knowledge of Industrial
Networks, Server and Workstation operating systems, including Windows
2003/2008 Server, Windows XP, and Windows 7 § Familiarity with Multi-OS-platforms, Microsoft
Windows Servers, IIS, Windows Server OS, Linux Platforms, PC hardware and
peripheral device installation ►Anti-Virus: Specific technical knowledge of
security tools including (Trend Micro, Symantec, Norton Antivirus and McAfee
Virus Scan or equivalent), disk encryption, and Data Loss Prevention
applications § Specific technical knowledge of network
infrastructure threats or virus, intrusion containment, and mitigation
technique § Utilized various wireless security tools,
monitoring platforms, antivirus/malware detection and prevention, encryption
and other relevant application technologies ►Networking: § Technical knowledge and experience with RF and
IP based Network planning pertaining to, WAN, WWAN, LAN, WLAN, HAN, WHAN, and
SAN networks § Specific knowledge utilizing Link Budgets and
programs such as TAP, Path-Loss or Ellipse, GPS coordinate system tools,
etc.… § Hands on experience engineering network
solutions using network troubleshooting tools such as protocol and spectrum
analyzers § Specific technical knowledge utilizing LAN
hardware and software testing equipment, such as SNIFFERS LAN Analyzers,
Cable Testers/scanners, and infrastructure cabling systems, “Power Meters”,
“Vector Signal Analyzers”, “Network Analyzers”, “Spectrum analyzers” and
“Signal Propagation” concepts in rough terrain. § Specialist with recent experience using RF
propagation tools § Recent experience with diagnostic software,
such as Net-Decoder, Wire-Shark, Ethereal and what’s-Up § First-Hand Knowledge of custom communication
cabling construction, utilizing cable and connectors such as: (e.g., UTP
level 5, IBM Type 1, coaxial, multi-mode, and single mode fiber, Cat5, Cat6,
serial RS-232, RS-485, etc.) § Testing equipment, such as SNIFFERS LAN
Analyzers, Cable Testers/scanners, and infrastructure cabling systems ►Infrastructure Security: Ports and Services, Strong Passwords, Patch Management,
Intrusion Detection, Network Recover Efforts, Patch Management, Baselines,
Hardened Infrastructure, Vulnerability Assessments, Mitigation and
Remediation Plans, Transient Cyber-assets, Secunia ►Cad Software: AutoCAD R12, R14, 2000, TurboCad for Windows, AllyCad 3.4 ►Experience performing: Electrical Load studies of Primary and Secondary Electrical systems
utilizing ETAP ►Programming: Training and technical knowledge of PLC, ladder logic
programming and instrumentation calibration §
Knowledge of and experience with: DOS, HTTP, HTTPS, HTML, DHTML,
XML, XSL, CSS, Boolean logic, batch files, PowerShell scripting § Other: Zip7, Win ZIP and FTP packages, MAT LAB,
Simulink and Express PCB, L-View Pro, Microsoft Photo Editor, Adobe Photo
Shop 5.5 Deluxe, Paint Shop Pro_5, Corel Draw 8.0, I Photo Plus, HP Photo
Smart, Microsoft Image Composer 1.5, Microsoft Picture It, Ritz Photo Manager
1.1 and Microsoft Picture, Animation Software including GIF Construction
Set_32 and Microsoft GIF Animator, various graphics and multimedia
applications ►Designed Google Earth Maps: identifying strategic locations for
Strategic Oil and Gas infrastructure locations ►Change Management: Change Management activities using
Maximo, Service Now, BMC Remedy, SharePoint, Maintaining Critical Cyber-asset
List Assessments ►Database Skills: Microsoft Access, Maximo, Service Now, BMC Remedy § Specialized training with software specific to
utility (Gas & Oil) Industry such as “Case Lowis Suite", "Win
CCU, & Win CPC” and "Maximo" work-order tracking system ►QA/QC Processes / Penetration Testing / Experience with
the following tools and technologies: Experience exploiting vulnerabilities utilizing wired and
wireless penetration testing activities, utilizing manual and automated
testing techniques, scripts, commercial and open source tools §
Specific technical knowledge, performing identification of
network infrastructure threats or virus, intrusion containment, and
mitigation techniques §
Expert technical knowledge of cyber-security tools, intrusion
detection and prevention systems, antivirus, log analysis, packet capture,
and vulnerability management systems § Utilized various security technologies for log
analysis such as Tripwire, (Splunk), vulnerability scanning IDS/IPS,
data leakage prevention (DLP), web proxy, firewalls, logging and monitoring
platforms, antivirus/malware detection and prevention, encryption, and other
relevant, related application technologies ►Experience with various wireless security scanner tools: § Penetration Testing: BackTrack 4/5, Nessus, OpenVAS
traceroute, nMap, (e.g. Qualys), Foundstone Tools, Nipper, TCP dump,
SET Toolkit, War Dialing, Kali Linux, VOIP testing, SQL Injection, Web
Application Testing, Onapsis, Metasploit, Wireless scanning tools, Nexpose,
Metasploit, NetDecoder, Wireshark, Mydoom Scanner, Kismet ►NERC CIP Compliance § NERC CIP-V3 & V5
Regulatory Standards Compliance; NERC CIP-V3 & V5 Change Management
Responsibilities; NERC CIP-V5 Program Management; Active member BES Working
Groups; BES Cyber-asset Identification Methodology; BES Cyber-system
Identification Methodology; NERC CIP V5 Organizational Readiness Exercises;
Project Management; People Management; Strategic Relationships; Creative
Problem Solver; Enterprise Technological Infrastructure; Planning and
Organization of Industrial Systems; Process Improvement; Cyber-security Mgt
Best Practices; KPI, Physical, Analytical, and Technical, Security Event
Monitoring; Information Risk Management; Hardened Infrastructure; Production
Infrastructure; Technological architectures, Cost Effective Solutions;
Tracking, Implementation, maintenance and commissioning; Cyber-security
Architectural Models; Cybersecurity Protections, Security Mgt Best Practices;
Critical Vulnerability Assessments; Mitigation and Remediation Strategies;
Risk Assessments, Risk Management; QA/QC Processes, Internal Audits, and
Internal Controls; Disaster Recovery, Patch Management; Big Data Analytics;
Cybersecurity Event, Logging and Monitoring ► Keywords and Phrases: §
Leadership and decision making; Overall accountability; Impeccable attention
to detail; Fosters strong working relationships; Strong relationship-building
skills; demonstrate excellent judgment; Team Builder; Collaborative team
player; Motivator; Managing; Management; Analytical; Work Independently; Team
Player; Ability to think strategically; Organization; Decision maker;
Decision Making; Sensitivity towards company business issues;
Results-oriented leadership; Facilitation capabilities; Strategic Projects;
Strong project management skills; Communicate Status; Management
presentation; Natural leadership ability; Applicable Laws; Presentations;
Vendor Management; Management; Vendor Relationships; Accountability;
Passionate; Articulate; Scalability; Leadership; Develops; Maintains;
Approves; Implementation of cross-group synergies; Proven Track Record;
Motivate; Partnership; Interface; Cooperation; Dedication; Professionalism;
Motivational and influencing skills; Strong Interpersonal Skills;
Understanding; Strong quantitative; and qualitative analytical skills;
Flexibility; Adaptable; Strong attention to detail; Organization skills;
maintain effective relationships; Mentor; Strong work ethic; Planning &
organizational skills; Project scope; Ensures project quality; Employee
adoption; Partner Engagements; Cross-group collaboration; Cross-group
synergies; Communicate effectively; Conflict resolution; Strong level
of judgement; Negotiation and problem solving skills; Issue Management;
Sensitive; Creativity; Problem-solving; Strong problem solver; Negotiating; Scheduling;
Initiating; Planning; Estimating; Forecasting; Coordinating; Controlling;
Delivering; Sets and meets deadlines; Prioritization; Meeting Deadlines;
Schedule and cost objectives; Project initiatives; Disciplined
self-starter; Multitasks and Prioritizes; Reliable with strong follow-through
abilities; Customer obsession; Patience; Humor; Get it done attitude; Resourceful
and positive attitude; Project liaison; Client organizations; Influencing;
Facilitation; Strong perspective; Special Projects; Migration; Strategic
Planning; Strong Technical Knowledge; Innovative strong multi-tasking
ability; Regulatory Compliance; WECC, NERC; FERC; Federal Energy
Regulatory Commission; NOPRs; NERC CIP; NERC compliance;
NERC CIP V5 Program Development; NERC-CIP V5 Program Management;
Cyber-security standard; NERC CIP Standards; NERC CIP V5 Standards
Compliance; NERC CIP V3 Standards Compliance; NERC CIP version 3, CIP v3;
NERC CIP version 5, CIP v5; NERC CIP version 6, CIP v6; NERC CIP internal and
external reviews; NERC Compliance experience; Critical Infrastructure
Protection; SOX; NIST 800-53, NIST 800-82; NIST 800 Series; Compliance
Audits / Analytical Process; KPIs; Internal Compliance Procedures;
Internal Compliance Audits / Reviews; Internal Audit; Dynamic Environments;
Compliance verification techniques; Auditing principles; Data Protection
& Privacy; Analytical skills; gap analysis; Analytics; Analyze Data;
Performance Metrics; Compliance documentation development; Information
Security; Standard processes; Project analysis; Deliver on risk management
objectives; Infrastructure and Identity Management; Risk management
concepts; Conduct risk assessments and internal consulting; Program
Management; Audit Support and Compliance Advisory; Bulk electric system;
Critical infrastructure protection; Regulatory security requirements;
Electronic security perimeter compliance assessment; Monitoring &
Alerting; Security Awareness; Account Management; System Configuration Issue
Management; Situational Awareness; Strong analytic skills; Incident
Response / Security Event Analysis; Security Incident Response; Security
Monitoring; Security Incident Event Monitoring; Intrusion detection;
Intrusion prevention systems; Vulnerability management; Incident Response;
Insider Threat Monitoring; Disaster Recovery; System Recovery Plans;
Recovery Plans; Data recovery; Patch
Management; Patches; System Patch Management; Management of Change; Change
Management RFCs and CRQs; Industrial Cyber-security ; Security
Mgt Best Practices; Develop Best Practices; Cyber-Security Protections;
Cyber-Security Event; Cyber-security compliance; Secure SCADA network; Information
Security; Digital Investigations; Hardened Infrastructure; Industrial
Network Implementation; Encryption; Wireless security; IPP; Secure data
Storage; Endpoint Security; Control network architecture; CVA;
Critical Vulnerability Assessments; Data security; Mitigation Plans;
Remediation Plans; Disaster Recovery; Critical cyber-asset protection;
Critical cyber-asset identification; Computer network penetration testing and
techniques; Communication protocols; Log collection and correlation; Mitigation
/ Remediation; Root-Cause-Analysis; Risk Assessments; Risk Management; Authorized
System Access; Identification and Authentication schemes; Security
Information and Event Management; Threat Assessment Management and
Monitoring; Computer intrusion analysis; Intrusion detection; Multi-Factor
Authentication; Penetration Testing; Industrial Cyber-security
best practices; Design and conduct system security tests; Protocols;
Vulnerability scanning; Evaluations of infrastructure systems; Industrial
Cyber-Security Architecture Models; BackTrack; nMap; Nessus; Qualys;
Cyber-security tools, Passwords; Secure Passwords; Ports &
Services; Firewall rules; Switching; Baseline Configuration;
Information Security; Computer Network Operations; Network Security;
Collecting data and analyzing compliance and security metrics; Analyze and
organize; Measure performance of infrastructure assets; Monitor; Diagnose;
Controls; Mitigate; Mitigation; Computer evidence seizure; Computer forensic
analysis; Network protocols; Programmable cyber-assets; Network devices,
Multiple operating systems; Secure architectures; Optimize internal
processes; System Protection; Cyber-Security Framework; System
Security policy; Cybersecurity; Cyber-Security Technology;
Technological architecture; Industrial Cyber-Security; Packet capture; Log
analysis; Splunk; IPS/IDS sensors; Computer network
surveillance/monitoring; Anti-Virus; Antivirus; Antivirus Management;
Malware; Spyware; QA/QC – Quality Assurance / Quality Control; Tech
Quality Assurance; QA/QC Processes and Controls; Process Controls; Root
Cause Analysis; Technical application platforms; Substations /
Oil and Gas / SCADA; Substations; Utility Transmission and Distribution; Best
practice for security process; Cost Effective Solutions; Project Management;
Process Improvements; Facilities & Maintenance; General Management;
Management Skills; Maintenance & Repair; Production infrastructures;
Engineering & Architecture; Production infrastructures; Technological
Architecture; Technical Design; Commissioning and troubleshooting efforts;
Process Controls; Hardware and software procurement Control Systems; Design
and document solutions and processes; Automation; Automation Testing; Technical
Support; Configuration; System startup; Tech Management; Control systems;
Results oriented; high energy; self-motivated; Industrial communication
system design; SCADA communications; Remote communications; Industrial
Communications System Design; Substation data communications security;
Security Monitoring; Industrial network systems deployment; troubleshooting;
Site surveys; Data communication topologies; Topography Diagramming;
Plan, design, and implement; Network management systems; Industrial Communications;
Common cyber-security control frameworks; Physical Security; Security
Management Practices; Industrial Physical Security Implementation; Industrial
Controls Systems (ICS); ICS/SCADA Security; ICS, Industrial Control System;
Distributed Control Systems (DCS); DCS Systems; DCS Implementation and
Maintenance; Supervisory Control and Data Acquisition (SCADA); SCADA data;
Computer Hardware; Industrial System Integration; SCADA and Data acquisition
systems; Data mining; AC/DC power; Solar-powered industrial systems; Oil, Gas
& Utilities; DNP3; Power Distribution; Instrumentation; Industrial SCADA
Controls; Telecommunications; Telecommunications Engineer; Operating
Systems / Terms; Experience with Window, Linux, UNIX; Ubuntu; System
commands; ITIL; Bitlocker; Internet; Cisco; Web-filtering; Webservers;
Web-Methods; email; Data at Rest, In Motion; Data Loss Prevention; SONET;
Voice and Data; Token Ring; Telnet; SSH; DNS/DHCP/WINS; SNMP;
IMAP/POP3; HTTP; HTTPS; BOOTP; FDDI; PDH; SDH; Gigabit fiber; T1; IEEE; Terms;
VOIP; Wi-MAX; WiFi; WI-FI Systems; ARP; DHCP; FTP; TFTP; IIS; Multicasting;
Wireless Network Security; Networking; Networking Principles, Tuning;
broadband technologies; industry standards; Wireless Communication; Link
budget calculations; Ethernet; Wireless Ethernet; TCP/IP; UDP; Wireless;
Bluetooth; WEP; WPA; WPA2; DNS; DHCP; 802.11x; IM; 100BaseT; Gigabit
Ethernet; L2/L3 switching; Wired Networking; Radius server principles;
Ethernet; System Design; System Deployment; System Optimization; Data
Acquisition Systems; Modbus; RS232; RS485; Wireless Networking; Wireless
and wired network technology; Broadband Industrial Network Planning;
Operations; Background in Communication Theory; Digital/Wireless
Communication Systems; Internet web servers; databases; RSA remote desktop
and VPN connectivity; Messaging; Web Security; Network architecture design
experience; 802.11x wireless network protocols; Diagnostic software; Net-Decoder;
WireShark; Ethereal and what’s-Up; Splunk; Microwave Data Systems;
Microwave; (MDS) based networks; (MDS)-Microwave Data Systems; (MDS)
INET; (MDS) INET II; (MDS) GateNets; Transnet access points; and remotes; License
free wireless LAN & WAN design; RF/ Wireless Networks; Microwave;
Point-to-point; Point-to-multipoint; Mesh wireless network technologies;
Licensed and license free 900meg spread spectrum radio networks;
900mhz radios; RF Communications; Simplex and duplex data transfer;
Modbus communications; Wireless Ethernet communication; T1/E1
Multiplexer; BAM; AES; GPS Timing; MESH network technologies; TCP/IP
networking (routing; switching; firewalling), Cable terminations UTP level 5;
IBM Type 1; Coaxial; Multi-mode; Single mode fiber; Cat5; Cat6; Serial
RS-232; RS-485; Spread spectrum communications; RF optimization; RF measurements
using “Vector Signal Analyzers”; Network Analyzers; “Spectrum
analyzers”; and “Power Meters” to analyze “Signal Propagation”; RF (radio
frequency); RF signal propagation; fundamentals and Antenna theory; Modbus;
PKMv2; CCM-Mode AES key-wrap with 128-bit key; EAP / TLS (with x.509
Certificates); IKE/IPsec; Extranets; IDS/IPS; VPN’s; Proxies; Microsoft; IP
Networking; L2-L4; RF engineering; Motorola; Microwave Backhauls;
Motorola Canopy IP Based Radios; Motorola wireless Canopy Clusters; Motorola
Canopy timing control modules; Motorola Canopy subscribers 5.2GHZ; Canopy 60;
180; 360 degree access points; Cyclone Omni-directional access points;
5.7GHZ; Orthogonal and (OFDM) communication systems repeaters; 2.4; 5.2; 5.4;
5.7; 5.8GHz communications systems; Backhaul communication systems; Network
Implementation; P2P; Encryption; Technical maintenance; PTP; PMP; WWAN
network architecture; WWAN implementation; Mesh/WLAN; Wireless Topologies;
Wireless technologies; Wireless Communication network design; LAN; WAN; HAN;
WHAN; WAN/LAN; WWAN / WLAN; Wireless LAN; WAN; Access Controls; Switches;
Hubs; Routers; Bridges; Gateways; ·
·
►Professional Development
Gregory.LaBauve 1 |
|
|
||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Languages: |
Languages |
Proficiency Level |
|
English |
Fluent |
|
|
|