Nic ZiccardiSenior Security Consultant
Mr. Ziccardi has 20 years of Risk Management and Information Security experience. Mr. Ziccardi is well versed in a number of risk assessment and risk management practices, and uses this expertise to help clients achieve their governance, risk and compliance goals.
Since joining N&ST in 2008, Mr. Ziccardi has led and supported a variety of activities including compliance gap analyses, mock audits, cyber vulnerability assessments, penetration tests, and phishing exercises. Mr. Ziccardi completed NERC’s auditor training in 2009 and subsequent refresher training. Mr. Ziccardi has supported numerous regional-entity NERC CIP audits. Mr. Ziccardi has helped clients of all sizes leverage existing practices and programs to not only satisfy the objectives of NERC CIP, but to incorporate these practices in regular management and operational activities. Mr. Ziccardi maintains strong relationships with a number of utility clients and Regional Entity auditors that allow him to keep his clients up to date with current thinking and practices within the industry. With Mr. Ziccardi’s assistance, his clients have experienced success during NERC CIP spot checks and audits, as well as through NERC’s Technical Feasibility Exceptions (TFE) process.
Prior to joining N&ST, Mr. Ziccardi held a variety of positions with Cardinal Health. While there, he helped develop the foundations of Cardinal’s Risk Management and Compliance team. He improved its security by providing risk assessments to enterprise IT projects. Mr. Ziccardi also served as Cardinal’s Risk Management Strategy Consultant where he helped executives formulate and communicate the concepts of risk as they applied to Cardinal Health and its shared services organizations. Mr. Ziccardi concluded his tenure at Cardinal Health as the Manager of Proactive and Preventative Maintenance. His team assessed the stability of business critical applications and operated Cardinal’s root cause analysis process. The efforts of his team provided insights that lead to improved technology refresh prioritization, a manageable application retirement strategy, and the formation of a formal incident response management team.
Mr. Ziccardi’s previous experience includes four years with American Electric Power (AEP). While at AEP, Mr. Ziccardi served as an Information Security Analyst where he developed and implemented AEP’s vulnerability management program. Mr. Ziccardi also planned and lead vulnerability and security assessments at a number of assets including power plants, control centers, and natural gas pipelines. Mr. Ziccardi wrapped up his tenure with AEP as a Senior Compliance Analyst focusing on compliance with Sarbanes-Oxley, NERC Urgent Action SAR 1200, and the Maritime Transportation Security Act (MTSA) of 2002. Mr. Ziccardi also served on AEP’s drafting team for NERC CIP 002 through CIP 009.
Mr. Ziccardi earned a BA from The Ohio State University, MBA from the University of Phoenix, and has held certifications from Microsoft (MCSE), Novell (CNA), Hewlett-Packard, Compaq Computer Corporation, and IBM.