# Home Our Team Contact Us

OUR TEAM

We are proud to have one of the largest teams of Senior Security NERC CIP Consultants. Our consultants are based throughout the contiguous United States in Connecticut, Florida, Georgia, Massachusetts, Minnesota, Missouri, Montana, New York, Pennsylvania, Tennessee, Texas, Virginia, Washington, Wisconsin and more.


Adam

Adam Lipson

President & CEO

Pete

Peter Nelson

Director of Client Services

Jesse

Jesse Duvall

Project Manager

Jeff

Jeff Kimmelman

CTO & Principal Security Consultant


Wendy

Wendy Poland

Director of Operations

Kal

Kal Abdalla

Principal Security Consultant

Nick

Nick Lauriat

Principal Security Consultant

Matt S

Matthew Schwartz

Client Services Executive


Roger

Roger Fradenburgh

Principal Security Consultant

Craig

Craig Barlow

Senior Security Consultant

Allen

Allen Gray

Senior Security Consultant

Patti

Patricia Meara

Senior Security Consultant


Mike F

Michael Federico

Senior Security Consultant

Josh

Josh Gold

Senior Security Consultant

Mike G

Mike Gazzillo

Senior Security Consultant

Alex

Alex Rice

Senior Security Consultant


Thomas

Thomas Tierney

Senior Security Consultant

Noel

Noel Moyer

Senior Security Consultant

Scott

Scott Web

Senior Security Consultant

Joe

Joe Turano

Senior Security Consultant


Lisa

Lisa Grumbine

Senior Security Consultant

Ron

Ron Adam

Senior Security Consultant

Phil

Phil Cochran

Senior Security Consultant

Jennifer

Jennifer Deitz

Senior Security Consultant


Matt P

Matthew Preston

Senior Security Consultant

Kim

Kimberly Trejo

Security Consultant

Allen K

Allen Kent

Senior Security Consultant

Leo

Leo Negron

Senior Security Consultant


Justin

Justin Beams

Senior Security Consultant

Suzanne

Suzanne Black

Senior Security Consultant

Dana

Dana Bradshaw

Senior Security Consultant

Dana

Mike Lotz

Senior Security Consultant

Contact Us

We would love to hear from you! Please fill out this form and we will get in touch with you shortly.

Ask us your question and we guarantee you will get a real answer from a real expert within one business day. One Day Answers provided exclusively by N&ST. All inquiries are 100% private.

161 North Middletown Road

Pearl River, NY 10965

845-620-9500

info@netsectech.com

X

Adam Lipson, President & CEO

Adam

Adam Lipson is the co-founder, President and CEO of Network & Security Technologies (N&ST), where he is responsible for defining and implementing a strategy for company growth. Mr. Lipson believes that the core to N&ST’s success is delighting customers by finding practical solutions to difficult problems.

Mr. Lipson brings more than 30 years of field-proven experience building businesses that help clients reduce their enterprise-wide IT security risk.

Prior to starting N&ST, Mr. Lipson served as the Vice President and General Manager of Verizon’s Global Professional Services organization (formerly GTE). At Verizon, he built a high-growth, world-class consulting organization from the ground up. Mr. Lipson assisted numerous global enterprise customers in the development of new security and network strategies, architecture and design of secure e-commerce infrastructures, and the eventual implementation of the recommended capabilities.

Preceding his work at Verizon, Mr. Lipson was the EVP for Client Services at Vigilinx, where he assisted Fortune clients in the identification and evaluation of security risks while improving their overall security posture. By providing practical solutions to complex problems, Mr. Lipson was responsible for the growth of Vigilinx’s Professional Services business revenue by more than 50% each quarter.

Prior to Vigilinx, Mr. Lipson also worked at Digital Equipment Corp (DEC), where he directed network consulting services for both the Mid-Atlantic states and the United States Government (worldwide). While at DEC, Mr. Lipson was responsible for the build-out of their most profitable global consulting business.

Before joining DEC, Mr. Lipson held various positions within AT&T in the United States. Mr. Lipson’s previous appointments include CEO of the Campus Computer Corporation as well as performing network consulting for a variety of Fortune 500 companies.

Mr. Lipson is an honors graduate of the State University of New York at Albany.

X

Wendy Poland, Director of Operations

Wendy

Wendy Poland leads business operations and project management efforts across N&ST.  Ms. Poland is one of N&ST’s leading project managers and has more than 14 years of experience in cyber security and 20+ years of career experience including positions held in consulting, program management, and training.

Since joining N&ST in 2017, Ms. Poland optimizes internal business operations and processes, and ensures N&ST team members have everything required to provide successful project deliveries for N&ST’s clients.

Prior to joining N&ST, Ms. Poland held a management position at Adobe within the Software Security Engineering team, leading efforts for vulnerability response, security assessments, vendor management, and internal security training.  Ms. Poland also held positions in project management and training at Kronos, Symantec and @stake.  She started her career in the Business Consulting division at Arthur Andersen.

Ms. Poland received a Bachelor of Science degree, cum laude, in Information Management and Technology from the School of Information Studies at Syracuse University.

X

Jeff Kimmelman, CTO & Principal Security Consultant

Jeff

Mr. Kimmelman has more than 35 years of professional experience in the fields of security, software development, system design, networking, and advanced control systems. He co-founded Network & Security Technologies (N&ST) to help clients design and deploy information security programs as well as implement solutions for policy and regulatory compliance. He works with organizations including electric power utilities, financial services, manufacturing, telecommunications, insurance, and government.

Since co-founding N&ST in 2003, Mr. Kimmelman has led engagements to define security architecture for critical infrastructure control systems, energy management systems (EMS), and carrier-grade IP networks; develop NERC Critical Infrastructure Protection (CIP) compliance programs for CIP-002 through CIP-011; support regulatory audits; document security policy and procedures; design application software; perform security evaluations and quality assurance; and train programmers and technical personnel in security methodology. His recent projects include audit preparation and support for Responsible Entities, mock audits and readiness reviews, implementation of policy and procedures to maintain documentary evidence of and compliance with the CIP standard requirements, identification of BES Cyber Systems, and mitigation of self-reported and audit team identified violations.

Mr. Kimmelman has authored numerous reports and articles about defining and implementing security within mission-critical and corporate environments. He supported the U.S. Congressional Commission on Cyber Security, which advised the Obama and Bush administrations. He testified to the Federal Energy Regulatory Commission (FERC) on substation security measures. Mr. Kimmelman has participated as an invited speaker in multiple venues including the New York State Cyber Security Conference and the Australian government’s IT Security Expert Advisory Group. He continues to participate in industry and public forums to define practical solutions to address threats to cyber infrastructure.

Prior to founding Network & Security Technologies, Mr. Kimmelman held positions at Vigilinx Digital Security Solutions, Baltimore Technologies, and as Global Director of Security Consulting for GTE Professional Services. He began his career at BBN, an R&D firm where he developed Internet technologies and created software for underwater acoustic data analysis and display.

Mr. Kimmelman earned an MS in Mathematics and a BFA in Physics, Chemistry, and Music from the University of California, San Diego.

X

Peter Nelson, Director of Client Services

Pete

Mr. Nelson has over 25 years of experience in information security and TCP/IP networking, and has assisted a wide variety of Fortune 500 and Government clients with translating business and security requirements into supportable solution architectures. Mr. Nelson has been responsible for a wide range of activities including strategic planning, business practice development, product and service management/definition, and various marketing activities. His previous employers include Baltimore Technologies, GTE CyberTrust, and Internet pioneer BBN Corporation.

Mr. Nelson has managed large projects with customers such as Xerox, the Chase Manhattan Bank, 3Com, Bear Stearns and various agencies of the US Government. Consistent with his product management background, his area of specialty was up-front requirements gathering and analysis. Mr. Nelson frequently led architectural and design teams in the development of areas of inquiry, and managed the team on the ground at customer sites, facilitating group meetings and requirements discovery.

During his tenure with BBN, Mr. Nelson was one of the founding members of a business unit that focused on the Internetworking Consulting and Security market. This business unit helped companies by architecting and designing networks that are responsive to the business requirements of the company. In this capacity, Mr. Nelson helped plan the business, defined offers, and led the project team, which implemented the first offer.

Mr. Nelson received a BA degree in Political Science with a minor in Computer Science from Boston University.

X

Jesse Duvall, Project Manager

Jesse

Jesse Duvall oversees all administrative functions at Network & Security Technologies. Ms. Duvall manages all financial and banking processes including client billing, accounts payable, and payroll.

Since joining N&ST in 2005, Ms. Duvall plays a critical role in streamlining processes, maximizing efficiency, and fostering professional relationships within N&ST and with external organizations. She leads N&ST as team spokesperson, and is committed to excellence, in finding practical solutions, helping others and practicing personal accountability in all that she does.

Ms. Duvall has more than 14 years of experience in the security consulting and real estate industries. Additionally, she has a proven track record of senior-level executive support, management, and training. Her background also includes design, project management, editing and marketing.

Ms. Duvall received a Bachelor of Arts in Political Science and Business from Houghton College.

X

Roger Fradenburgh, Principal Security Consultant

Roger

Mr. Fradenburgh has over 35 years of experience with information security and over 12 years of experience with the electric power industry. Mr. Fradenburgh is an expert in the Critical Infrastructure Protection (CIP) Reliability Standards from the North American Electric Reliability Corporation (NERC), completed NERC auditor training in 2009 and 2012, and has participated in numerous Regional Entity compliance audits  as an entity SME, as a Regional Entity audit team member, and as a NERC Observer.

Mr. Fradenburgh regularly attends  NERC Critical Infrastructure Protection Committee (CIPC) meetings, and he was a contributing member of the NERC Risk Assessment Working Group, which developed Critical Asset and Critical Cyber Asset identification guidelines for  Standard CIP-002, V1-3. Mr. Fradenburgh served as an Observer Participant member of the  first  CIP Version 5 Standard Drafting Team  and also  supported  subsequent  CIP Standards Revisions Drafting Teams.

Since joining N&ST, Mr. Fradenburgh has worked with all types of  NERC Registered Entities to help them achieve and maintain CIP compliance through rigorous program assessment, program development and execution, and audit support.  Specific  CIP compliance task s he has performed  include  Compliance Assessments, Gap Analyses, Gap Remediation, RSAW Development and Audit Preparation, Mock Audits, Cyber Vulnerability Assessments and compliance program management and oversight. His most recent engagements include:

  • Assessment of the security and CIP compliance support capabilities of a new energy management system for a large Midwestern entity
  • Assessment of CIP process effectiveness for an east coast  entity
  • Regional Entity CIP audit preparation support for a small Midwestern  entity
  • CIP compliance gap analysis for a Texas-based entity
  • CIP mock audit for a  Midwestern Reliability Coordinator
  • Multi-week CIP V5 training course for a Canadian-based entity

Mr. Fradenburgh’s previous employers include Greenwich Technology Partners, General Dynamics C4 Systems, RSA Security, and Internet pioneer BBN Corporation.

Mr. Fradenburgh is a graduate of Brown University and is a Certified Information Systems Security Professional (CISSP).

X

Kal Abdalla, Principal Security Consultant

Kal

Mr. Abdalla has more than 20 years of industry experience in compliance, system and network security, and the development of security policy. During that time, he worked for and consulted to Fortune 500 clients deploying, testing, and managing secure infrastructures.

Since joining N&ST in 2004, Mr. Abdalla has focused on security for critical infrastructure. Recently, Mr. Abdalla worked on a project comprised of three N&ST consultants who rewrote the enterprise NERC CIP compliance documentation for one of the largest domestic power companies. In addition to collaborating with the team on CIP-002 through CIP-011 controls, criteria, and enterprise procedure documents, Mr. Abdalla wrote enterprise position papers on gray area topics such as TCA management, virtualization, and how different forms of connectivity apply to ERC and IRA.

Mr. Abdalla has also assisted numerous smaller power companies in developing their NERC CIP compliance programs. This includes building the CIP compliance program from the ground up for two entities who previously had no NERC CIP compliance documentation or expertise. Mr. Abdalla has conducted NERC CIP mock audits across three NERC regions and led NERC CIP vulnerability assessments across all NERC regions.

Mr. Abdalla’s other engagements at N&ST include assisting a large domestic power company’s nuclear assets in achieving compliance to NEI 13-10 and NEI 08-09. Mr. Abdalla was responsible for developing the requirements matrix for the effort, as well as consolidating, managing, and updating data from tens of thousands of asset spreadsheets, both of which were identified to be critical to the success of the engagement.

Additionally, Mr. Abdalla led an effort to conduct security assessments of critical infrastructure on behalf of a foreign national government authority. As part of that engagement, Mr. Abdalla assessed numerous infrastructure companies in oil & gas, power generation and transmission, and water desalination. Previous work engagements have included conducting a business risk assessment for distributing control centers, assisting in securing substation communications, and performing logical, physical, and social penetration testing for clients both inside and outside the energy sector.

Previously Mr. Abdalla was a Program Manager at a large consulting firm. While there, he assisted Fortune 500 companies improve the security of their operations and assets through achieving ISO17799 compliance, internal and external penetration testing, security assessments of strategic operating units, and rewriting their corporate security policies and standards. His work was critical in ensuring secure operations within each organization and the integrity of the clients’ information assets.

Prior to consulting, Mr. Abdalla spent three years with Enron between Enron Corporate and Enron Broadband Services. While at Enron Corporate, Mr. Abdalla managed Enron’s Internet infrastructure worldwide, developed their security policy, and instituted their information security program. While with Enron Broadband Services, Mr. Abdalla hired and managed the Information Systems Security team. This team was responsible for the security of both the corporate network and the customer network, which streamed real time multimedia content for clients.

Mr. Abdalla is a Certified Information Security Manager and has received a Bachelor of Science degree from The University of Texas at Austin. Mr. Abdalla has dual United States and Canadian citizenship.

X

Nick Lauriat, Principal Security Consultant

Nick

Mr. Lauriat has more than 20 years of experience in computer networking and cyber security. This has included project delivery, development of reliable and secure networks, SCADA network security, assessment of cyber assets, creation of cyber security specifications and policy, and redesign of network security measures.

Since joining N&ST in 2003, Mr. Lauriat has lead N&ST’s delivery efforts, ensuring dozens of simultaneous projects are delivered on-time, on-budget and with solutions that delight N&ST’s clients. Today, Mr. Lauriat leads N&ST’s NERC CIP compliance practice, working with N&ST’s consultants and clients to solve challenging NERC CIP compliance problems.

As a consultant, Mr. Lauriat has helped utilities develop sustainable approaches to NERC CIP compliance, especially CIP-002, CIP-005, CIP-007, and CIP-010. His activities have included identification of BES Cyber Assets (and BES Cyber Systems), establishment of Electronic Security Perimeters / Electronic Access Controls, vulnerability assessments, development of remediation plans, execution of remediation activities, RSAW preparation, mock auditing, and audit representation. Recently, Mr. Lauriat has worked with numerous power generation plants – including plants that have Medium Impact BES Cyber Systems – to develop and maintain NERC CIP compliance programs. Mr. Lauriat has also led NERC CIP vulnerability assessments for substations with Medium Impact BES Cyber Systems. These projects have required Mr. Lauriat to create innovative and clever solutions to both improve cyber security and better demonstrate compliance.

Mr. Lauriat first started working in the electric power industry in 2001, leading a project to separate a production SCADA network from a business network without interrupting real-time activities. Ever since, Mr. Lauriat has been enamored with the electric power industry – becoming a teach for N&ST’s team of consultants, while still being a student, excited to learn the secrets, nuances and history of the industry.

Mr. Lauriat began his professional career with GTE Internetworking (BBN) in 1998. While at BBN, Mr. Lauriat developed expertise in TCP/IP based networks and applications as well as security technologies. Major clients at BBN included a nationwide communications company, a large financial services institution and several international telephone companies. During this time, Mr. Lauriat performed numerous evaluations of client networks and lead efforts to address findings from those evaluations to help clients build dependable and secure networks. Following his tenure at BBN, Mr. Lauriat worked for two different small professional services firms. At those firms, he led several strategic consulting programs delivering security expertise in a way that exceeded customer expectations for quality, schedule and price.

Mr. Lauriat received a Bachelor of Arts degree, cum laude, from Middlebury College in Middlebury, Vermont. While at Middlebury College, he majored in Computer Science, and earned a degree with departmental honors. Mr. Lauriat has also held certifications from Cisco and Check Point in computer networking and network security.

X

Craig Barlow, Senior Security Consultant

Craig

Mr. Barlow has 30 years of experience in network architecture, network architecture gap identification and remediation, assessment of financially sensitive information, and information security consulting.   Since joining N&ST in 2009, Mr. Barlow has participated in a variety of CIP engagements, including performing gap analyses, mock audits, Cyber Vulnerability Assessments (CVAs), and development of needed policies, programs, procedures, and forms, including for low impact facilities.  In his role as a trainer, Mr. Barlow co-developed and regularly delivers a soft-skill training class to prepare SMEs for the rigors of an actual on-site audit.  Mr. Barlow has also spent time in Abu Dhabi, assessing and protecting critical infrastructure for a key government agency.  Mr. Barlow has served as a member of a Regional Entity NERC CIP Audit team that assessed compliance of entities as well as representing NERC as an observer on other audits.  Mr. Barlow has assisted a large utility in managing the Cyber Security Policy for its multi-faceted Smart Grid deployment, worked to track adherence to its Policy, and developed reports for inclusion in quarterly reporting to the DoE. 

Prior to N&ST, Mr. Barlow worked for a succession of companies that were acquired by Verizon Business. Mr. Barlow specialized in assessing organizations in various industries for compliance with the ISO 17799 / 27001 standard.  He also assessed adherence to the criteria articulated by the card associations, called the Payment Card Industry Data Security Standard (PCI DSS).  In 2006, Mr. Barlow conducted the first assessment, developed by BITS, for determining the state of security at partners trusted with sensitive information from financial institutions. As a specialist, he not only continued to perform similar assessments, but was also an active member of a committee for two years that worked to further expand the assessment methodology. 

Prior to Verizon, Mr. Barlow worked for Bolt, Beranek, and Newman (BBN) / GTE Cybertrust / Baltimore Technologies in a network architecture group performing both gap analyses and remediation activities. In this role, Mr. Barlow worked with both ISPs and international organizations seeking to provide data services in areas where local telecommunications monopolies were being dismantled, traveling globally. 

Starting in the mid-1980s, Mr. Barlow worked for ten years in the insurance industry, implementing and supporting data networks, including the installation of the company’s first local area network. 

Mr. Barlow has a Bachelor of Arts degree from Tufts University and a Masters of Business Administration from Clark University. He is a Certified Information Systems Security Professional (CISSP).

X

Allen Gray, Senior Security Consultant

Allen

Mr. Gray has more than 20 years of public and private internetworking, cyber security, and software architecture experience applied in the financial services sector with market data providers and brokers-dealers, multi-national data businesses, and utilities.

Most recently focusing on NERC CIP compliance, Mr. Gray assists entities in the electrical utility space get the most out of their legacy and modern environments through security subdomains including penetration testing, vulnerability assessments, and operational assessments.

He is proficient with a broad array of system and network security solutions as a very ‘hands on’ guru with routers, switches, firewalls, application servers, and intrusion detection and prevention across multivendor environments.

Since joining N&ST in 2011, Mr. Gray has worked on designing, deploying, and extending scalable next-generation control center and substation networks including private transport to displace carrier services and achieve NERC CIP compliance while training staff to monitor and maintain these multi-organizational complex environments. Leveraging the same tools that NERC CIP auditors use, Mr. Gray has assisted entities to prepare for audit and remediate findings from NERC CIP audits. He has actively participated in forensic go-teams to diagnose ongoing distributed Internet-based attacks to diagnose and remediate impact to critical infrastructure and systems.

Prior to joining Network & Security Technologies, Mr. Gray was Chief Technologist at 10kInfo in Bellevue, WA bringing to market products focused on corporate accountability and compliance with Sarbanes-Oxley.

Before 10kInfo, Mr. Gray co-founded and led a consulting practice to strong levels of success. This effort was focused on multinational Internet Service Providers and long haul transport networking for incumbent carriers in the United States, Canada, the Caribbean, and South America.

Mr. Gray learned about carrier networks while working at BBN Technologies. While with BBN, Mr. Gray provided consulting services to evaluate and deploy security technologies on global networks, strategized architecture and policy, performed network and operational assessments for international ILECs throughout the Americas.

Earlier, before BBN Technologies, Mr. Gray worked at Fidelity Investments.

Mr. Gray attended Northeastern University, Electrical Engineering / Computer Science.

X

Patricia Meara, Senior Security Consultant

Pattie

Ms. Meara has worked in information technology for over 30 years, specializing in cyber security at electric utilities for the past 14. Ms. Meara’s skills include solutions development and deployment, project management, requirements gathering, system architecture and design, technical training, auditing, and audit preparation.

Since joining N&ST in 2004, Ms. Meara has worked with clients to improve their cyber security by implementing the appropriate mix of technological, procedural and cultural cyber security solutions. Ms. Meara is well versed in evaluating an organization’s security posture against industry standard best practices (ISO/IEC 27002, NIST SP800-53, and industry regulations such as NERC CIP) and using risk-based assessments to decide on mitigation measures. Ms. Meara has helped large and small energy companies to achieve success in spot checks and audits of their compliance with the CIP Standards. She has conducted training classes, prepared program and procedure documents, gathered evidence, prepared Technical Feasibility Exception (TFE) submissions, performed gap analyses and mock audits, assisted in audit preparation and SME interviews, and worked with clients to effectively integrate CIP compliance tasks into day-to-day operations.

Prior to N&ST, Ms. Meara spent 8 years as a Senior Consultant with Bolt, Beranek & Newman (BBN) and subsequent owners of BBN’s Internetwork Consulting group (i.e., GTE Global Professional Services, Baltimore Technologies, and Betrusted.) Ms. Meara delivered project management, training, and systems integration services to customers in the US, Brazil, Hong Kong, and Europe. Solution areas included Public Key Infrastructure, Certificate Management Systems, and Virtual Private Networks.

Ms. Meara began her career as a software engineer in Australia and was selected as one of 30 Australian engineers to work with Plessey in the UK to develop a secure communications network for the Australian DoD. Upon return to Sydney, Ms. Meara was Engineering Manager responsible for database networking products at the Australian Centre for Unisys Software. During 6 years at Unisys, she chaired the ISO Remote Database Access committee, consulted on the design of an ISO RDA prototype at Nihon Unisys Ltd in Tokyo, and was a member of NIST’s OSI Implementers Workshop 1989 thru 1990. In 1995, Ms. Meara relocated to Massachusetts as Senior Engineering Manager for Digital Equipment Corporation. She managed groups responsible for software development, product release, and support of Digital’s networking software products.

Ms. Meara holds a Bachelor of Science in Computer Science and Mathematics from the University of Queensland, Brisbane, Australia.

X

Michael Federico, Senior Security Consultant

Mike F

Mr. Federico has more than ten years of experience in solving complex technical problems for financial companies, pharmaceutical companies, and electrical utilities, addressing cyber security threats and compliance with industry IT and cyber security standards.

Since joining Network and Security Technologies in 2011, Mr. Federico has participated in and led dozens of electric power industry projects, including NERC CIP Compliance Assessments, technical remediation, including technical documentation, Cyber Security Policy Development, NERC CIP Cyber Vulnerability Assessments and Cyber Security testing, including security audits and penetration tests.  Mr. Federico has performed firewall, router, and switch configuration analysis and review, has participated in the development, testing, and deployment of redesigned networks for utilities needing long-term LAN/WAN solutions, Access Control Development and documentation including NERC CIP and NIST standards of compliance.

Prior to Network and Security Technologies, Mr. Federico began his career as a Desktop Support Technician, responsible for hardware break/fix for Merrill Lynch. Mr. Federico moved on to become a Software Administrator, supporting multiple Merrill Lynch sites in New York, New York.

Mr. Federico moved on from Merrill Lynch to  Boehringer  Inghheim  Pharmaceuticals in Ridgefield, Connecticut. Mr. Federico helped an international Pharmaceutical Company address cyber security threats and comply with industry IT and cyber security standards. Mr. Federico also learned about securing confidential and proprietary information, and how to implement effective cyber security solutions.

Mr. Federico graduated Valedictorian with a Bachelor of Science degree in Information System Security from Westwood College.elopment, product release, and support of Digital’s networking software products.

X

Joshua Gold, Senior Security Consultant

Josh

Mr. Gold has 18 years of experience as an Information Technology professional. During his time as a consultant, Mr. Gold has supported utility, healthcare, law, education, entertainment, broadcast, and retail clients.

Since joining N&ST in 2013, Mr. Gold has worked with clients implementing secure communications with substations in compliance with the NERC CIP Standards, assisting clients with their transition from v3 to v5 of the NERC CIP Standards, and worked with clients on completing Gap Analyses and Mock Audits encompassing CIP-002 through CIP-011 (both versions 3 and 5 of the standards), Cyber Vulnerability Assessments, and Penetration Tests. Currently, Mr. Gold is working with a client as a full-time member of their Cybersecurity Team.

Prior to working with Network & Security Technologies, Mr. Gold worked for Microsoft as a Senior Consultant where he lead the integration of two newly acquired business units into the Microsoft IT infrastructure. This involved a complete network overhaul, server migration, and security review. Mr. Gold also led the development and implementation of new access control procedures for all Microsoft employees at the site.

Prior to Microsoft, Mr. Gold worked as a Senior Consultant for DeepTech, Inc., a managed services provider for small to mid-sized businesses in New York City. During his tenure with DeepTech, Mr. Gold assisted clients with PCI-DSS and HIPAA compliance, as well as leading security reviews utilizing the NIST SP 800 standards. He lead a team of eight consultants in providing technical support for clients, including network design, point-to-point wireless installation, web development, system administration, system backups, and disaster recovery planning. All backups and recovery plans were successfully activated during, and following, Hurricane Sandy in 2012.

Mr. Gold has received a Master of Science degree, summa cum laude, in Cybersecurity from the University of Maryland Global Campus. He also received a Bachelor of Science degree, cum laude, in Cybersecurity, with a minor in Homeland Security, from the same institution. He possesses a number of industry certifications, including Anti-Sabotage Certified, Certified in Disaster Preparedness, Sensitive Security Information Certified, and Certified in Homeland Security (Levels 1-4).

X

Mike Gazzillo, Senior Security Consultant

Mike

Mr. Gazzillo has 20+ years of experience in operations infrastructure architecture, network management, and administration of IT systems. In addition to his work with electric utilities and regulatory compliance, Mr. Gazzillo has led projects to design complex networks, deploy backup and data archival solutions, implement application rationalization, as well as relocate, roll out new and update existing IT infrastructure.

Since joining N&ST in 2014, Mr. Gazzillo has spent much of his time working in both large and small utilities to develop sustainable CIP programs, by solving many of their more challenging process issues, specifically around CIP-004, CIP-005, CIP-007, CIP-008, CIP-009 and CIP-010.

Mr. Gazzillo has led the following engagement types for N&ST:

  • NERC CIP Compliance Procedure Development and Program Oversight for:
    • Transmission Control Centers
    • Substations
    • Generation Plants
  • NERC CIP Gap Analysis and Compliance Readiness Assessments
  • Vulnerability Assessments for Medium and High Impact facilities
  • Compliance Audit Preparation Activities:
    • RSAW Review and Development
    • Audit Evidence Preparation
    • SME Training
    • Mock Audits for entities in NPCC, MRO, SERC, RF, TRE and SPP footprint
    • Direct Entity Audit Support for entities in NPCC, RF, TRE and SERC footprint
  • Incident Response Plan implementation and testing

Prior to joining N&ST in 2014, Mr. Gazzillo worked as a consultant for SAIC for nine years, providing assistance to a CIP program for a major utility and worked to bring the company into compliance across different teams in multiple states. During his tenure, Mr. Gazzillo was brought in to create a long-term solution to manage the company’s CIP-007 and CIP-009 programs and served as the SME in these areas in the company’s 2012 audit. Previous non-CIP related engagements include the implementation of ITIL processes at Johns Hopkins and PMO Scheduling and Application Migration lead at Pfizer, where he led an effort to consolidate CFR part 11 regulated systems to cut the company’s multibillion-dollar budget. Prior to his consulting career, Mr. Gazzillo worked as an Associate IT Director at Daticom LLC where he stabilized their network and helped bring the company to a state of readiness for acquisition, and as the Systems Integration Manager at Time Warner Cable, where he served in many capacities solving issues and helped planning efforts to roll out many of the first cable modems deployed in the US.

Mr. Gazzillo has a BS in Computer Science from Rutgers University and is ITIL v3 certified.

X

Alex Rice, Senior Security Consultant

Alex

Alex Rice is a senior consultant with over 15 years of experience in Information Technology, seven years of which have focused on the software and cyber security industry. His experience includes extensive work in architectural risk assessment, application vulnerability assessment, static analysis, and network penetration testing as well as supplier risk management. Since joining Network & Security Technologies in 2017, Mr. Rice as participated in numerous NERC CIP Cyber Vulnerability Assessments including as a project lead for several such engagements. He has also participated in NERC CIP Mock Audits.

Mr. Rice has over five years of experience in Information Technology specializing in software and cyber security. He has a broad range of experience in IT risk management, including architecture analysis, secure code review, vendor risk management, and vulnerability assessment.

Prior to joining N&ST, Mr. Rice was a security consultant with a leading software security firm. In his previous role, he applied his expertise in architectural risk assessment and application vulnerability assessment in the service of several large financial institutions. Mr. Rice has assisted his clients in growing and maturing security initiatives focused on software development lifecycle and organizational security posture. He also developed skills in cloud security assessment, wireless network analysis, and is adept in PHP and other coding/scripting languages.

Mr. Rice has been working with technology from a young age and has been writing code since he was in high school. His interest in technology began to focus on security as he worked to secure his own software and assess the efficacy his own security controls.

Mr. Rice has a Bachelor of Science in Microbiology from Salisbury University.

X

Thomas Tierney, Senior Security Consultant

Tom

Mr. Tierney has over 20 years of experience in software development and architecture, information security, and IT risk management.

Mr. Tierney joined N&ST in 2017.

Previously, Mr. Tierney spent over six years with the Midwest Reliability Organization (MRO), initially as a CIP Audit Specialist and later as the Vice President of Compliance and the Vice President of Enforcement. While at MRO, Mr. Tierney managed a team of nine auditors and support staff responsible for Reliability Standards related to both Operations and Planning and Critical Infrastructure Protection. Mr. Tierney initiated and led efforts to improve processes and procedures for CMEP-related activities, both within MRO and across the Electric Reliability Organization, ranging from consideration of registered entities’ inherent risk and evaluation of internal controls to codified audit steps and standardized data requests.

Prior to his time at MRO, Mr. Tierney spent over 15 years in software development and consulting organizations. Mr. Tierney spent four years with Forward Hindsight as the IT Regulatory Compliance Practice Manager. Additionally, Mr. Tierney has worked for a number of smaller software and consulting companies focused on the Energy industry, emphasizing natural gas trading systems; pipeline scheduling; and environmental, health, and safety performance and risk management. Mr. Tierney spent two years with Paydirt, LLC, providing sustainability consulting services to various corporate clients.

Mr. Tierney received a Bachelor of Science degree in Aeronautics & Astronautics from the Massachusetts Institute of Technology and holds the Certified Information Systems Security Professional (CISSP), Certified Information System Auditor (CISA), and Certified in Risk and Information Systems Control (CRISC) certifications.

X

Noel Moyer, Senior Security Consultant

Noel

Mr. Moyer has over 15 years of experience in the Cyber Security arena as applied to Electric Utilities. His experience covers both Operational (OT) and Information Technology (IT) systems, assets, and procedures. He has provided clear vision and direction for cyber security protection and regulatory compliance for several electric utilities in the Reliability First (RF), NPCC, and SERC footprints. Mr. Moyer has provided educational platforms for both technical and non-technical personnel on systems and procedural information, as well as guided and mentored team members, while remaining responsive to his team’s needs.

Mr. Moyer is a collaborative, service-focused consultant who uses technical approaches and teams to solve security issues and is an expert at identifying root causes of operational technology problems; responding with clear, concise, and actionable steps. He has a breadth of experience with NERC CIP compliance program development, evidence collection, and related documentation.

Since joining N&ST, Mr. Moyer has provided on-site consulting services for a number of entities in the RF, NPCC, and SERC regions. He has been involved in multiple generation site SCADA, ICS/OT cyber system and physical security evaluations, generation facility on-site BCS low and medium impact program evaluations, as well as Cyber Security Incident Response and Cyber Asset Recovery testing.

As a consultant, Mr. Moyer has helped utilities develop sustainable approaches to NERC CIP compliance, especially CIP-005, CIP-007, CIP-009, CIP-010, and CIP-011. His activities have included CIP program assessments, document and evidence reviews, RSAW preparation, and mock auditing.

Over the last two years Mr. Moyer has worked with a number of utilities – including plants and control centers with Low and Medium Impact BES Cyber Systems – to develp and maintain NERC CIP compliance programs providing on-site support for a number of large entities within the SERC region performing program assessments, document and evidence reviews, preparing SMEs for audits, and performing mock audits. He most recently led a team of consultants on-site at a large utility preparing the entity’s generation compliance team for audits in multiple regions.

Prior to joining N&ST, Mr. Moyer worked for Talen Energy (formerly PPL) as a Sr. Engineer – Critical Infrastructure Protection responsible for network and cyber asset protection and monitoring strategies, direct hands-on system and network administration, Version 3, 4, and 5 compliance projects, including V5 network segmentation projects. He also developed network and cyber asset protection and monitoring plans for the entire Talen fleet of NERC CIP generation facilities with Low Impact BES Cyber Systems (BCS) located in various regions across the country. Mr. Moyer also provided direct support for Version 3 and 5 compliance program development, implementation, and maintenance.

Mr. Moyer began his career as an Electrical Controls Engineer in the steel industry supporting hot-strip mill controls, migrated to the power industry as an instrumentation and controls engineer supporting control system replacements for coal, oil fired, and hydro-driven power plants. He moved on to provide network design, installation, and support for new gas fired simple-cycle and combined-cycle combustion turbine projects, before finally entering the NERC CIP Compliance, network and cyber asset security world.

Mr. Moyer holds a Bachelor of Science degree in Electrical Engineering with concentrations in controls and computers from Widener University.

X

Scott Web, Senior Security Consultant

Scott

Mr. Webb has over ten years of experience in Project Management, Risk Management and Compliance Support. For the past five years he has worked to design and develop NERC CIP Compliance Programs for a number of Electric Utilities in multiple NERC regions. His experience includes support of both Operational Technology (OT) and Information Technology (IT) NERC CIP Compliance Teams.

Mr. Webb has supported a variety of NERC CIP activities including compliance gap analyses, mock audits, project coordination/management and CIP Program Management Model documentation. Mr. Webb is a Certified Project Management Professional with an extensive breadth of experience and expertise in the area of NERC CIP Compliance:

  • NERC CIP Lead for Operational Technology SCADA Engineering and CIP Engineering team
  • NERC CIP lead engineer for Business Units in transition to CIP Version 5
  • BES Cyber System Categorization and CIP-002 assessment and development
  • Patch Management procedures and development
  • Change Management – assessed and developed documents for CIP compliance and procedural operational effectiveness
  • CIP Version 3 to Version 5 gap analysis, mapping and upgrades

Previously, Mr. Webb worked in the Financial Lending Industry in various positions of Operational and Sales Management. Mr. Webb established programs for documentation and tracking compliance activities at the Lender, State and Federal levels. Additionally, Mr. Webb earned his PMP Certification in 2014. Mr. Webb worked as an Instructor of Project Management, Risk Management, Economics and Business courses as well as a variety of other General Education material for seven years at multiple Colleges in the Kansas City area. Mr. Webb earned a BSBA in Finance/Economics and Management as well as a MBA from Rockhurst University in Kansas City.

X

Joe Turano, Ph.D., Senior Security Consultant

Joe

Mr. Turano has over 20 years of information technology experience in Bulk Electric Systems including transmission, distribution, and generation, as well as travel services, space satellite networks, insurance, and manufacturing. His experience includes field service hardware break/fix, SpaceNet satellite support, desktop support, disaster recovery and business continuity, network architecture and administration, Windows, Linux, and AIX server administration.

Since joining N&ST in 2017, Mr. Turano has led and participated in NERC CIP compliance assessments, Mock Audits, RSAW reviews, Cyber Vulnerability Assessments (CIP-005 and CIP-007), NERC CIP Compliance procedure development, program oversight, and Compliance audit preparation.

Mr. Turano has been actively involved with the management and rollout of the NERC Reliability Standards both in operations and planning (O&P) and CIP across four large T&D companies. He has successfully managed and led numerous CIP and O&P audits that resulted in no findings and few if any recommendations and suggestions. He was also heavily involved with the NERC Events Analysis development and served on the Compliance Committee for the Northeast Power Coordinating Council’s region. He was a featured speaker at the 2013 Managing Regulatory Compliance Conference in Atlanta.

Previously, in addition to Mr. Turano’s IT and NERC experience, he also has over 12 years of teaching experience at the community college level. He has taught computer science classes as well as business classes and developed an entire 2- year Associate degree program working with other nearby business schools for integration into their Bachelors program.

Mr. Turano earned a Ph.D. in Information Technology with a specialization of Information Assurance and Security from Capella University. His focus of study was the relationship of organizational cultures and violations to NERC standards.

X

Lisa Grumbine, Senior Security Consultant

Lisa

Ms. Grumbine has over 20 years of experience in the electric utility industry in the areas of EMS/Scada application development and cyber security.  She has combined this operational experience and expertise to address the compliance commitments in this industry, including NERC CIP and Sarbanes-Oxley. 

Since joining N&ST in 2018, Ms. Grumbine has participated in NERC CIP compliance assessments, as well as CIP Version 5 policy and procedure development.

Ms. Grumbine has worked in the NERC compliance beginning with CIP Version 3.  She has extensive operational and implementation experience with NERC CIP (V5) standards, working with utilities to build their compliance programs from the ground up for Low, Medium and High Impact systems.

She has a unique perspective of how to distill cyber security and compliance needs into concrete steps that a utility can use to maintain system security, collect compliance evidence while maintaining system security and reliability.  She is skilled in taking abstract requirements and turning them into concrete and understandable procedures and processes to produce consistent compliance evidence.

Ms. Grumbine is CISSP certified with an extensive breadth of expertise in NERC CIP compliance, including:

  • NERC CIP Standards (V3 and up)
  • Compliance Programs
  • Control Center Operations, EMS and SCADA
  • Vulnerability Assessments
  • Risk Mitigation
  • Baseline Management
  • Policy, Procedure and Operations documents: development and updating
  • Evidence collection and audit preparation

Previously, Ms. Grumbine worked at a Private Liberal Arts College as Associate Director of Administrative Computing. During her tenure there, she was System Administrator, Application Developer and Database Administrator; responsible for keeping the business IT system of the College operational and secure.

Ms. Grumbine received a Bachelor of Science degree in Computer Science from Indiana University of Pennsylvania and holds the Certified Information Systems Security Professional (CISSP) certification.

X

Ron Adam, Senior Security Consultant

Ron

Mr. Adam has over 25 years of information technology experience with over Eighteen of those years in the power industry. That experience includes managing the development and implementation of the North American Reliability Corporation (NERC) Program at TransCanada’s energy operations locations throughout North America and leading the team through four successful NERC Critical Infrastructure Protection Compliance Audits and 16 NERC 693 Regulatory Audits and Spotchecks. Experience included working with NERC, Regional Entities, United States Independent System Operators, and Canadian Provincial Electricity System Operators requirements for both NERC CIP and NERC 693 Reliability Standards. He was involved in rolling out NERC CIP at medium rated assets in the Northeast. He also served on the NPCC TFIST Workgroup.

Since joining N&ST, Mr. Adam has supported NERC CIP activities including compliance gap analysis, mock audits, RSAW reviews, Cyber Vulnerability Assessments (CVAs), Information Technology (IT) security posture assessments, Operational Technology (OT) security posture assessments, creating NERC CIP Compliance Program documentation, SME audit preparation, and Onsite Audit Support.

Prior to working in NERC CIP Compliance, Ron worked in a variety of technology related positions including Help Desk Analyst, Desktop Support, Network Administrator, and as a Senior Systems Engineer for a Microsoft Solutions Provider. He is also retired from the United States Military, having served over 20 years including a year in support of the antiterrorism effort for the United States Air Force after September 11th.

Mr. Adam earned an Associate of Science Degree in Engineering from Quinsigamond Community College, a Bachelor of Science Degree in Computer Science from Worcester State College, and Master of Science Degree in the Management of Operations and Information Technology from Worcester Polytechnic Institute.

X

Phil Cochran, Senior Security Consultant

Phil

Mr. Cochran has more than seven years of experience in the cyber security industry, specializing in computer forensics, vulnerability management, and penetration testing. Utilizing his deep experience with analyzing network intrusions, Mr. Cochran has directed that experience into securing networks against malicious activity.

Prior to joining N&ST, Phil worked with the University of Wisconsin in Milwaukee (UWM) in the Information Security Office. Phil served as the primary incident responder for the university as well as running vulnerability assessments and pen tests for various schools and departments. During a major IT restructuring at UWM, Phil shared his vision for a more organized and efficient ways to perform and manage incident response in an enterprise environment.

Phil has served in computer forensics and incident response for the past seven years, with the majority of his experience working at a private forensics firm. Phil’s greatest joy in the industry is educating his clients and helping them move toward a better security posture.

Phil received his B.S. in Network Security & Administration from Champlain College. In addition to his degree, Phil is a GIAC Certified Pen Tester (GPEN).

X

Jennifer Deitz, Senior Security Consultant

Jennifer

Jennifer Deitz has been working in the utility industry since 2011, providing NERC Compliance support for utilities in the Generation and Transmission environment. Ms. Deitz has specialized in overall Program Compliance approaches, including the development and revisions of compliance documentation and training modules, assistance with self-certifications, participation in NERC CIP and 693 audits, mitigation planning, and supporting spot checks for compliance.

Since joining N&ST in 2018, Ms. Deitz has assisted clients with Mock Audits, documentation revisions and creation in preparation for CIP-003-7/8, and overall compliance program assessments and gap analysis.

Ms. Deitz’s career began in the pharmaceutical industry, working at four of the top ten pharmaceutical companies in the world. She has held positions in Vaccine Sales and Support, Compliance and Inspections, and Manufacturing Supervisor, focusing on quality control and compliance documentation.

Ms. Deitz began working in the utility industry in 2011 as a Compliance Specialist, supporting Generation and Transmission with NERC CIP Compliance, later becoming a lead on the Protection and Control Standards, particularly PRC-005. Ms. Deitz was responsible for compliance documentation creation and revisions, compiling, checking, and storing compliance evidence, RSAW creation, quarterly submissions to Regional Entities for PRC data, and maintaining the asset inventory database for Generation, and ensuring proper reporting of CIP-002 reports.

Ms. Deitz has been actively involved in NERC CIP and 693 audits, preparing data requests, SME audit preparation training, and creating mitigation plans as needed.

Most recently, Ms. Deitz was contracted at a medium size utility, creating IT documentation in support of the CIS Top 20 Cyber Security Controls. In this position, Ms. Deitz worked with IT SMEs to create processes and document them in the appropriate format. Highlights include creating a corporate policy for the IT documentation framework. This policy outlines the different type of documents (Policy, Procedure, Work Instructions, etc.) and when to use them. Along with this policy, is a work instruction on how to create good documentation and the steps for review/approval and storing documentation. Ms. Deitz also wrote the IT Risk Management program documents in support of the utility’s risk management process, which includes steps on identifying, assessing, and mitigating/remediating technology risks.

Ms. Deitz has a Bachelor of Science degree in General Science from Pennsylvania State University, with a focus on Computer Science and Statistics classes. Ms. Deitz completed the Project Management Boot Camp in July 2017 sponsored by PM Learning Solutions and has training in Six Sigma.

X

Matthew Preston, Senior Security Consultant

Matt P

Mr. Preston has over thirteen years of direct experience in the networking and information security industries, specializing in the architecture, design, and implementation of enterprise systems. Applying his deep experience with architecting complex networks, Mr. Preston has directed that experience into analyzing and securing networks from cyber vulnerabilities.

Prior to joining N&ST, Matthew worked for more than eleven years with the University of Wisconsin – Milwaukee (UWM), as the Associate Director of Networking & Data Center Infrastructure. In this high visibility role, he served as the campus liaison for all network related services, including the architecture and application of information security infrastructures. During a major information security overhaul at UWM, Matthew shared his vision for re-architecting and implementing tools designed to better secure the enterprise environment. Before specializing in network roles, Matthew worked several years as a systems administrator in Unix/Linux environments, meeting intricate server technology needs.  Matthew’s greatest joy in the industry is working with clients to solve complex issues, and to find creative and helpful solutions to implement their strategic visions for a better secured environment.

Matthew received his M.S. in Information Technology Management from the University of Wisconsin – Milwaukee and his B.S. in Business Administration from the University of Wisconsin – Platteville. In addition to his degrees, Matthew has also held several technical certifications from Microsoft, Red Hat, and Juniper.

X

Matthew Schwartz, Client Services Executive

Matt S

Matthew Schwartz joined NST after spending six years developing a consultative approach to the high-net worth estate and financial planning services market at the boutique wealth management firm, International Planning Alliance (IPA). His work with the executive management at IPA in consultation with CPAs, lawyers, and investment advisors led to the expansion and development of proprietary financial modeling techniques for managing shareholder risk in closely held corporations and family businesses.

Matthew brings with him the experience of continuously managing ongoing changes in the internal and external environment of his client’s lives, by controlling exposure to public equities risks, navigating insurance markets, and maintaining compliance with changing tax, legal, and regulatory frameworks. As a seasoned sales executive, he continues to provide this same high-touch approach in his work in the cybersecurity and technology industry.

Matthew received his BA from the School of Liberal Arts at SUNY Purchase.

X

Kimberly Trejo, Security Consultant

Kim

Ms. Trejo has worked in the Information Security industry for over two years. Her areas of expertise include vulnerability management assessments, risk mitigation planning, incident response, SIEM management, and malware analysis.

Prior to joining N&ST, Ms. Trejo was a Cyber Security Specialist with a New York bank. While there, she utilized her expertise to investigate and analyze potential malicious cyber activity to counter network attacks, insider threats or comprised accounts. As part of her responsibilities, Ms. Trejo reviewed security vulnerability scans generated by Rapid7 Nexpose, IBM Security AppScan, and Imperva software to verify whether the bank’s systems and internal applications continue to report discovered vulnerabilities. During her review process, Ms. Trejo played a key role ensuring effective Risk Management developed by the Information Technology department were thoroughly vetted, documented, and accounted for by the designated operational team implementing the fix.

In addition, Ms. Trejo gained direct experience working with SIEM management and malware analysis. Ms. Trejo utilized FireEye software to detect and examine email-based fraudulent attacks such as malicious attachments and phishing sites in order to mitigate harmful malware from affecting employee’s workstations. Ms. Trejo’s role also included investigating and analyzing the root cause of potential anomalous cyber activity using Log Rhythm and Carbon Black to counter network attacks, insider threats, or comprised accounts.

Ms. Trejo joined N&ST in July 2019.

Ms. Trejo attended John Jay College of Criminal Justice where she had received her Bachelor of Science in Security Management.

Internship Experience

While earning her degree, Ms. Trejo held a position as a Cyber Security Liaison Intern with the U.S Coast Guard Auxiliary University Program at John Jay College of Criminal Justice. She developed and provided briefings on cyber threats that could adversely affect the Coast Guard vessel’s navigation, communications, cargo tracking, security monitoring, and the safety of their assets.

Also, Ms. Trejo advanced her studies by joining the Citizens Crime Commission of New York City where she conducted extensive research on social engineering, cognitive thinking, and Internet security. Through this research, Ms. Trejo expanded her breath of experience of various roles under the information security umbrella which solidified her passion to progress her proficiency within the industry.

Ms. Trejo gained valuable intern experience critiquing and evaluating the origins and current security postures within corporations, non-profit organizations, and the government. She had also learned the varying concepts of crime prevention, rational choice theories, business continuity, physical security, and emergency management.

X

Allen Kent, Senior Security Consultant

Allen K

Allen Kent started learning BASIC programming in 1981 and has over 30 years of diverse work experience that includes supporting, managing, and continual professional development in information technology, specifically in cyber security. In his role at Network & Security Technologies (N&ST) he leads compliance consulting engagements for clients that range from the performance of mock audits and audit preparation, gap analysis and remediation tasks, CIP Cyber Vulnerability Assessments for both medium and high impact BES facilities, RSAW development and staff augmentation for long-term program maintenance and development.

Prior to starting with Network & Security Technologies, Mr. Kent worked at NAES Corporation as a Senior NERC CIP Specialist. In that role, he supported Responsible Entities, primarily Generator Owners and Operators, in their NERC Critical Infrastructure Protection (CIP) compliance including monitoring development of related Reliability and CIP standards, conducting procedure and documentation reviews, auditing/reviewing cyber security implementations against the standard requirements, completing gap analysis or mock audits and writing reports of findings and providing other cyber and/or physical security recommendations in accordance with industry best practices.

Before working at NAES, Mr. Kent worked for Montana’s largest electricity producer as a Senior Compliance Professional and Manager of NERC Compliance from 2011-2017. In that role, he maintained compliance oversight on all applicable NERC Reliability and Critical Infrastructure Protection (CIP) cyber security standards. Prior to that, he worked in the banking industry as a Technical Support Manager and Senior Security Analyst for five years, taught information technology courses at the college-level for seven years and served four years as an Infantry Officer in the U.S. Army.

He has earned several IT certifications including: CISSP, CISA, MCSE: Security, VCP and others. Mr. Kent has a B.S. in Accounting and M.S. in Human Resource Management.

X

Leo Negron, Senior Security Consultant

Leo

Mr. Negron is a seasoned network and security consultant with more than 20 years’ experience with Information Technology, including five years in the electrical utility industry. Mr. Negron specializes in network design, including design, architecture, development, implementation, and troubleshooting.

Mr. Negron has experience investigating communication problems including routing issues, firewall configurations, and QinQ configurations on several devices including Cisco, Transition Networks, Brocade, Juniper, and Ubiquiti. Also, Mr. Negron has experience with NetFlow, Wireshark, Tripwire, and SolarWinds.

Mr. Negron has more than eight years’ experience as a liaison between Operations and Engineering, providing documentation and training support and troubleshooting assets covered under the NERC CIP standards. Mr. Negron participated in a large project that converted a backbone network from frame relay to MPLS; this work included:

  • Routing design and implementation,
  • Distribution level access points to the backbone network consistent with NERC CIP Standards and best networking practices, and
  • Tools including design for jump servers, configuration management, and network management.

Mr. Negron deployed fiber solutions and performed link diagnosis on carrier level equipment to pick up several power substations. Mr. Negron also re-configured firewalls on access router locations and identified and reconciled assets within ESPs and PSPs.

Mr. Negron served in the US ARMY in the 4th Infantry Division HQ at Fort Hood, TX. While there, he worked in application support and on the backbone network that served the FBCB2 platforms for United States armed forces. During that time, Mr. Negron worked in many diverse technologies including server management, ATM switching, line of sight communications configurations, firewall audits, VOIP, and several routing protocols. Mr. Negron worked for the Georgia National Guard at Fort Stewart, GA as the primary Director of Information Technology, where he supported critical network assets.

Mr. Negron received his degree in Advanced Networking from Phoenix University. Also, he holds a Cisco Certified Network Associate certification.

X

Justin Beams, Senior Security Consultant

Justin

Mr. Beams has more than nine years of experience in the cyber security industry, specializing in Security Information and Event Management (SIEM), firewall management, policy development, compliance efforts, and audit response.

Mr. Beams has worked in both the planning and implementation aspects of the security measures that protect the network and computer assets of various clients. His work has included a consistent emphasis upon Standards Compliance, including:

  • Review and development of Information Security Policy,
  • Response to Audit Requests from Auditors,
  • Propagating High level policy to lower level organizational policy/procedure, and
  • Providing Subject Matter Expertise on various network technologies.

Mr. Beams has worked with a variety of technical tools and devices, including:

  • Implementation and Support of tools and scanners,
  • Configuration and installation of Routers and Switches, Firewalls, Proxies, Wireless networks and equipment,
  • Assessing the risk of various network devices, and
  • Research of current InfoSec threats and providing recommendations and planning for next steps.

Prior to joining N&ST, Mr. Beams worked for more than five years with the University of Wisconsin – Milwaukee (UWM) as an Information Security Analyst. Mr. Beams served as a liaison between the technical staff and leadership for the Information Security Office and oversaw day-to-day operations. He assisted with the development of standards-based Information Security Policies and Programs for the University of Wisconsin System. Additionally, Mr. Beams lead an initiative to bring UW-Milwaukee into compliance with the newly developed program and responded to audit requests by the Wisconsin Legislative Audit Bureau. Mr. Beams also served as an active member and contributor to the Research & Education Networks Information Sharing & Analysis Center (REN-ISAC).

Before specializing in Information Security roles, Mr. Beams spent time as a systems engineer deploying security solutions and hardware for enterprise clients. Mr. Beams’ passion in the industry is assisting clients in developing standards-based, comprehensive, scalable and repeatable solutions to improve overall Information Security posture and compliance.

Mr. Beams received his Bachelor of Science in Information Technology Management from the University of Wisconsin – Milwaukee and his Bachelor of Science in Biology from the University of Wisconsin – La Crosse. In addition to his degrees, he holds technical certifications from Juniper, Palo Alto, ADTRAN, and SANS Institute.

X

Suzanne Black, Senior Security Consultant

Suzanne

Ms. Black has been working in the utility industry since 2003, providing strategic and innovative approaches to compliance programs and business solutions in the Distribution, Transmission and Generation environments. She has extensive experience and knowledge in developing and implementing effective, efficient and sustainable NERC CIP compliance programs by maximizing organizational resources, documenting and streamlining business processes and workflows, and establishing internal controls and monitoring activities. She has delivered practical compliance solutions tailored to meet the needs of the organizations she has served.

Since 2012, Ms. Black has led and participated in NERC CIP Compliance procedure development, program oversight, and compliance audit preparation, NERC CIP compliance assessments, mock audits, RSAW development, and corrective action planning. Ms. Black has also facilitated and participated in numerous highly successful NERC CIP and NERC 693 on-site audits in the Transmission and Generation environments. Additionally she has overseen the administration and execution of all aspects of the NERC CIP compliance program for registered entities that represented large and medium BA, RC, TO, TOP, GO, and GOP industry segments.

Recent CIP experience includes:

  • Oversight of NERC CIP operational compliance activities associated with asset identification, SME training, access management, recovery plan tabletops, baseline configuration monitoring and CIP baseline change management
  • Development and revisions of process workflows and internal controls documentation
  • Performance of compliance monitoring and enforcement activities: self-assessments, gap-analysis, non-compliance investigations, mitigation & corrective action planning, self-report submissions, settlement negotiations, and on-site and off-site audit preparations
  • Development, execution, and monitoring on compliance implementation plans for new or modified NERC CIP Standards.

Ms. Black has worked with a variety of tools and applications including:

  • Governance, Risk, and Compliance (GRC) tools
  • Identity and Access Management applications
  • IT change management systems and workflow management systems
  • CIP baseline configuration tracking and reporting tools

Ms. Black actively participates in NERC and industry committees, working groups, and task forces including:

  • Active member of the NERC Security Working Group (SWG)
  • Active member of the NERC Supply Chain Working Group (SCWG)
  • Member of NPCC Task Force for Infrastructure Security & Technology (TFIST)

She was also a former voting member of the NERC CIP Committee (CIPC) from 2018-2020 and member of North American Transmission Forum (NATF) from 2012-2021.

Previous to Ms. Black’s NERC compliance roles, she held positions in emergency action planning, distributed resource interconnections, and work management business analysis.

In these roles, she developed risk assessments and mitigation plans, project plans, performance reports, and streamlined business processes.

Ms. Black earned a Bachelor of Arts degree in Organizational Leadership from the University of Hartford. She also holds an Associate of Arts degree in Arts, Letters, and Sciences from Pennsylvania State University. Ms. Black has obtained a Project Management Certificate sponsored by Boston University, Lean Six Sigma Green Belt from Purdue University, and ICS-100, IS-200.b, and IS-700.a certifications from FEMA Emergency Management Institute.

X

Dana Bradshaw, Senior Security Consultant

Dana

Ms. Bradshaw has been working in the NERC CIP Compliance and BES Cyber Security industry since 2012. She has led or supported numerous assessments, audits, and program development efforts for numerous electric utilities across the United States. Ms. Bradshaw is a strong technical writer, with a passion for the development of sustainable methods for achieving compliance.

Ms. Bradshaw joined N&ST in 2021 and has been primarily focused on the development of processes and program documentation for CIP-002 through CIP-013 at a “greenfield” high impact Control Center. In addition to collaborating with client SMEs to create, document, and implement new processes, Dana has been responsible for developing a document management program to ensure the proper generation, collection, and storage of evidence artifacts demonstrating compliance with each of the CIP Standards.

Ms. Bradshaw began her career with a consulting firm in the Midwest. While there, she helped many utilities improve their NERC CIP compliance programs by providing best in-class customer service both remotely and onsite. In addition, she led the publication efforts of a compliance guide and e-learning portal and courses. In 2015, she accepted a contract role with a large Texas utility to update its NERC CIP Version 3 program to align with Version 5 of the Standards. Upon project completion, the contract was renewed, and her focus shifted to more operational tasks.

Throughout her nearly 10 years in the industry, Ms. Bradshaw has gained a breadth of knowledge and expertise in NERC CIP Compliance:

  • NERC CIP Compliance Program development and maintenance
  • Mock Audit / Gap Analysis
  • Project Management
  • Evidence and Documentation Management
  • RSAW Creation
  • Audit Preparation
  • Quality Assurance

Ms. Bradshaw graduated from the University of Missouri-Kansas City with a Bachelor’s in Business Administration and earned her Master’s in Business Administration from Indiana Wesleyan University.

X

Mike Lotz, Senior Security Consultant

Mike

Mr. Lotz has more than 20 years of experience in the fields of critical infrastructure, standards compliance, and cyber security. His work includes NERC Critical Infrastructure Protection (CIP) program implementation, program integration, audit support, and execution of delegated Senior Manager responsibilities. Mr. Lotz also served as the vice chair of Southwest Power Pool’s (SPP) CIP Working Group.

His recent successes include:

  • Integrated two, large CIP compliance programs into a single, post-merger organization,
  • Established CIP compliance processes for a new, combined EMS implementation,
  • Led the transformation from the CIP version 3 compliance program to the version 5 Standards, and
  • Prepared for multiple CIP audits, including RSAW creation, procedure document creation, and mock audits.

Mr. Lotz worked for a large, national bank where he developed and supported cyber security measures to safeguard operations. This included implementation of procedures to ensure the organization’s compliance with financial services regulations.

Prior to beginning his career, Mr. Lotz received a Bachelor of Arts degree in Psychology from William Jewell College. He also holds the CISA, CEH, and Security+ certifications.