About

Our Mission: Strengthen the cyber security posture of critical energy infrastructures.

The Energy Sector Security Consortium, Inc. (EnergySec) is a United States 501(c)(3) non-profit corporation formed to support energy sector organizations with the security of their critical technology infrastructures. Through our membership program, we support collaborative initiatives and projects that help enhance the cybersecurity resiliency of these organizations.

 

Value Value is sourced from those who have a need. We believe that the industry is best positioned to describe their cyber security needs and we are but a conduit to help achieve its goals. It is with our ability to listen, share and continue to foster open discussions that were able to bring forth the value of our organization.

Innovation Standing still may give us comfort but if we don’t move forward with new ways to address our challenges we may be lost in our own shadow.  It is our desire to promote innovation – give rise to new ways to solve old problems and be nimble enough in our thoughts to overcome new challenges as they come to light. We strive to convert knowledge and ideas into benefits.

Leadership It is inevitable that we will not make everyone happy. It is the very nature of taking responsibility and striving toward the common welfare of a group that this will happen. We take our position in the energy sector as a leader of cyber security enhancement. We do not apologize for going against the grain if that is necessary. We will be decisive, steadfast in our goals and always consider what is good for the many.

People Our people define our company and create our reputation. We enable our people to maximize opportunities for professional development by defining, incenting and recognizing high standards of excellence. We promote the personal welfare of our people by fostering an environment that embraces tolerance, diversity and mutual respect. We uphold our commitment to work/life balance by celebrating the interests our people consider to be important and by encouraging and recognizing their contributions in the community.

Responsibility As we grow in influence and capability, we are bound to actions and outcomes for which our constituents have reasonably formed expectations, or which are inherent to our position in the industry. We take seriously the potential impact of our failures or shortcomings, and apply due diligence to meeting the responsibilities with which we have been charged.

Integrity Integrity forms the foundation of our relationships with each other and with the communities and stakeholders we engage. We do what we say we will do, and we hold ourselves accountable. As individuals, we strive to be worthy of others’ trust, honest in our dealings, and ethical in our conduct.  As an institution, we seek to be transparent in our operations and to be a model of good governance, setting high standards for ourselves as well as our partners.

Teamwork We recognize that cooperation and open communications are essential to fulfilling our mission and purpose. We participate fully as team members when working with colleagues and our partners. We support and empower each other by sharing knowledge and leveraging skills and resources across boundaries.

Fun We don’t yodel but we do have some of the best punsters on earth. Cyber security is serious business – that can not be underscored enough. Yet…we believe humor is an essential ingredient for success.

The EnergySec Board of Directors is currently made up of seven directors. The role of the Board of Directors is to support the EnergySec mission and vision as well as to provide guidance and oversight to the EnergySec executive team.

Steve ParkerSteve Parker – President and Chairman of the Board

Steven Parker, CISA, CISSP, is the President of the Energy Sector Security Consortium (EnergySec). He was part of the grassroots effort that led to the formation of EnergySec, and has served on its board of directors since 2008.

Steven’s experience includes more than a decade of full-time security work at critical infrastructure organizations including the Western Electricity Coordinating Council, PacifiCorp, and US Bank. He has contributed to a broad range of security projects covering areas such as e-commerce, identity management, intrusion detection, forensics, and security event monitoring.

Patrick MillerPatrick Miller – President Emeritus

Patrick Miller is a security executive who has dedicated his career to the protection and defense of the nation’s critical energy infrastructure. He is the founder of EnergySec, and currently its President and CEO. This nonprofit information sharing organization began as a few colleagues meeting for lunch and has grown into a nationwide effort to promote sound security principles in the energy industry.

One of his strengths is the diversity of his professional experience. In Energy, he has held positions with a utility, a regulator, and a private consulting firm. He has also held key positions in the Insurance, Internet and Telecommunications sectors.Among other credentials he holds the CISA, CRISC and CISSP certifications.

Patrick is an active member of several critical infrastructure security working groups and a sought after speaker and industry expert on the subjects of critical infrastructure protection, process control system security, regulatory compliance, audit, and privacy.

Paul FeldmanPaul Feldman – Director

Paul J. Feldman is an experienced executive in the technology, telecommunications, and energy industries.

Mr. Feldman is a Current Director and past chairman of the Midcontinent ISO (MISO) – the largest RTO in the country. At MISO, he chairs the Markets Committee and serves on the Information Technology and Governance Committees. U.S. Energy Secretary Ernest Moniz appointed Mr. Feldman to serve on the NCC and advise on matters related to electricity and especially transmission systems. He also serves as a member of the National Renewable Energy Laboratory in Golden on the Energy Systems Integration Technical Review Panel. He is a Director of EnergySec – an organization devoted to energy cybersecurity. In addition, he serves on several energy company advisory boards, and Boeing Corporation.

Mr. Feldman was a Board Director of the Western Interconnection (WECC) Board before leaving in 2013 to pursue market alternatives for the west. At WECC he helped lead the bifurcation of the company as Chairman of the Governance Committee – and successfully separated the NERC functions from the grid operations (Peak Reliability) in the Western Interconnect – each with Independent Boards. He was also Chairman of the NERC Compliance Committee of the Board at WECC.

Mr. Feldman began his career with AT&T and Bell Labs where he remained for 20 years in positions of increasing responsibility until leaving as vice president of Consumer Products.  While at AT&T he held senior positions in marketing, sales, R&D, and manufacturing.  After leaving AT&T, he served as chief executive or vice president at Novell, Inc., Geo-Utilities, Inc., Columbia Energy, UtiliCorp United, AES, and AT&T/Lucent Technologies.

His educational background includes theology, a Bachelor of Arts in mathematics and a Masters in Economics, with advanced work toward a PhD in Econometrics.  Additionally, Mr. Feldman was also an Associate Professor at Cleveland State University.  He has also achieved the Professional Director certification and is a Board Leadership Fellow at the National Association of Corporate Directors.

Stacy Bresler

Stacy Bresler – Director

Stacy Bresler is a former bank cyber security consultant, former electric utility employee, former Corporate Information Security Officer (PacifiCorp) and served as a NERC Critical Information Protection (CIP) Compliance Auditor. He was one of the first CIP auditors hired by the Western Electricity Coordinating Council (WECC). As a Senior Compliance Engineer, he was a key participant in the development of security regulations related to the electrical grid. He is a NERC-certified lead auditor for both NERC Operations and Planning (693) and the CIP reliability standards. He has led and/or participated in more than 60 NERC Audits and has been a trusted security consultant for over 25 years to many different industries.

Mr. Bresler, as a Principal Investigator, was instrumental in helping lead EnergySec toward sustainability as part of the Department of Energy (DOE) collaborative agreement to build a national electric sector cyber security organization. In addition to his NERC auditor certifications, Stacy currently is a Certified Information System Auditor and Certified Information Systems Manager and has previously been a Certified Information System Security Professional (CISSP), held a SANS GIAC Security Essentials Certification (GSEC), been a Microsoft Certified Professional (MCP) and been a Microsoft Certified Solutions Expert (MCSE). He is currently a board member of EnergySec, the Vice-President of Outreach at EnergySec and a Managing Partner of Archer Security Group.

Samara Moore

Samara Moore – Director

As a Senior Manager within Exelon Corporate Information Security Services, Samara Moore focuses on partnering across the enterprise to manage cyber security risks to Exelon’s critical infrastructure functions. Mrs. Moore leads the Industrial Control Systems SCADA Cyber Security Program and is a key manager supporting the NERC CIP compliance program. Mrs. Moore joined Exelon after 10 years in the federal government, where as a member of the White House National Security Council Staff, she served as the Director for Cybersecurity Critical Infrastructure Protection coordinating across the government and private sector on efforts to strengthen cybersecurity for critical infrastructure, such as: developing the NIST Cyber Security Framework, threat information sharing, and executive engagement. At the Department of Energy (DOE), Samara Moore was responsible for leading cyber policy and oversight of internal programs, and leading programs to support security and resilience for the Energy sector. While at DOE, Mrs. Moore led the development of the Electricity Sector Cybersecurity Capability Maturity Model which is being used both domestically and internationally. Prior to her government service, she worked as an enterprise risk and security consultant. Mrs. Moore is a graduate of Virginia Tech with a B.S. in Accounting & Information Systems, and a graduate of George Washington University with a M.S. in Engineering Management.

Steve Parker – President

Steven Parker, CISA, CISSP, is the President of the Energy Sector Security Consortium (EnergySec). He was part of the grassroots effort that led to the formation of EnergySec, and has served on its board of directors since 2008.

Steven’s experience includes more than a decade of full-time security work at critical infrastructure organizations including the Western Electricity Coordinating Council, PacifiCorp, and US Bank. He has contributed to a broad range of security projects covering areas such as e-commerce, identity management, intrusion detection, forensics, and security event monitoring.

Stacy Bresler – Vice President, Outreach and Operations

Stacy Bresler is a former bank cyber security consultant, former electric utility employee, former Corporate Information Security Officer (PacifiCorp) and served as a NERC Critical Information Protection (CIP) Compliance Auditor. He was one of the first CIP auditors hired by the Western Electricity Coordinating Council (WECC). As a Senior Compliance Engineer, he was a key participant in the development of security regulations related to the electrical grid. He is a NERC-certified lead auditor for both NERC Operations and Planning (693) and the CIP reliability standards. He has led and/or participated in more than 60 NERC Audits and has been a trusted security consultant for over 25 years to many different industries.

Mr. Bresler, as a Principal Investigator, was instrumental in helping lead EnergySec toward sustainability as part of the Department of Energy (DOE) collaborative agreement to build a national electric sector cyber security organization. In addition to his NERC auditor certifications, Stacy currently is a Certified Information System Auditor and Certified Information Systems Manager and has previously been a Certified Information System Security Professional (CISSP), held a SANS GIAC Security Essentials Certification (GSEC), been a Microsoft Certified Professional (MCP) and been a Microsoft Certified Solutions Expert (MCSE). He is currently a board member of EnergySec, the Vice-President of Outreach at EnergySec and a Managing Partner of Archer Security Group.

Twila Denham – Managing Director, Operations and Workforce

Twila Denham has over two decades of experience in education in both teaching and administrative roles. As an administrator, she oversaw the development of new curriculum and standards for K-12 students, directed career counseling for high school students, and participated in high school course development. Twila worked with the faculty to develop and deliver continuing education units to staff members. She also planned and participated in educational fairs to promote quality education. As part of her role, she initiated and directed individual educational plans used in the classroom for students who were academically challenged or advanced.

In her role with EnergySec over the past year, she has actively established relationships within the college and industry sectors, established contacts with state and federal apprenticeship agencies, and completed foundational research and planning for our proposed workforce programs. Twila is currently a member of two working committees as part of the National Initiative for Cybersecurity Education (NICE), one working on K-12 curriculum, and another mapping KSAs to specific industry sectors. Twila is married and has 3 grown daughters.

Sean Maloney – Security Architect

Sean Maloney leads and supports all of our technology efforts, including our online community, automated information sharing, and our private chat server. He is an expert in security logging, and a top notch software developer and integrator.

Jack Whitsitt – Security Strategist

Jack Whitsitt brings a breadth of cyber security knowledge and thought leadership to any discussion. His early efforts, which have been cited in IEEE papers, thesis research, and other works included leading an open source development group in creating novel tools to respond to attacks, creating created new methods of correlating and visualizing large scale security information, and supporting large US government and civilian incident response teams looking at traditional IT networks.

More recently, Whitsitt has been working in the areas of control systems (SCADA) security and national level risk management, partnership, and information sharing. In 2009 and 2010, he worked for Idaho National Lab as an early member of DHS’s national ICS-CERT team as a part of the DHS NCCIC responding to critical infrastructure incidents of national consequence.

Mr. Whitsitt worked as a federal employee supporting TSA in its capacity as the Sector Specific Agency (SSA) for transportation (including pipeline) security. In this role, he has been facilitating a national initiative for transportation implementing a reasoning framework for guiding strategic national cyber security policy within the sector and to provide organizations with national-level insights into their own individual risk management efforts.

Brandon Workentin – Cybersecurity Analyst II

Brandon Workentin joined EnergySec after spending several years teaching English and mathematics at the high school and middle school levels. Brandon began at EnergySec as an intern in Spring 2014, when he began writing the EnergySec Weekly Update newsletter. Since then, Brandon has focused on the creation Information Sharing and Analysis Organizations (ISAOs) and other information-sharing efforts, as well as the minutiae of NERC CIP compliance. Brandon has a Bachelors of Arts in Mathematics and English Education from Northwest Nazarene University and an Associates of Science in Cybersecurity and Networking from Mt. Hood Community College.

Kim Zimmerman – NERC CIP Specialist

Kim is coordinating NERC CIP research efforts at EnergySec, writing EnergySec’s NERC CIP Newsletter, and other activities related to NERC CIP.

Andrew Zambrano – Cybersecurity Specialist I

Andrew creates and administers all of our customer and industry surveys. He is also a part of the development team for the EnergySec online community which offers various resources to our utility and vendor members. In addition, he assists our team in the automation of information sharing, industry research, and monitoring of security logs.

Vicky Maloney – Executive Assistant

Vicky assists EnergySec Executives and team members with the Annual Security & Compliance Summit coordination and registration. Vicky sets up the yearly EnergySec Training Events, logistics and registration and recently has added membership duties.

Marianne Schroeder – Financial Administrator

Marianne keeps the financial wheels turning by handling all aspects of our accounts receivable and payables. She also performs most of our bookkeeping, time tracking, benefits oversight, and financial reporting duties.

Mary Parker – Volunteer Coordinator

Mary Parker is responsible for coordinating volunteer activities for EnergySec and appreciates all those who give so generously of their time.

The foundation of EnergySec was established over a decade ago as relationships formed between a group of information security, physical security, disaster recovery and business continuity professionals from energy organizations in the Pacific Northwest. Initially, a small group met for lunch to discuss the security challenges they were all facing. The idea was simple, share common security practices for the purpose of learning from each other. As news spread about the lunch meetings, more people wanted to join and it quickly outgrew the informal setting. EnergySec Northwest, better known as E-Sec NW, was formed in early 2004. An online forum and quarterly meetings were established to give security professionals more time together and better ways to share information with each other.

In 2005, E-Sec NW hosted its first annual summit. The two-day event was a success from the beginning. There was no other meeting of its kind being held at the time. The summit promoted open and honest dialog, creative ideas, and collaborative solutions designed to benefit as many as possible. The summit especially appealed to the “boots on the ground” security practitioners who, prior to this time, had found themselves isolated at their respective organizations.

Over the next several years, E-SEC NW built an independent and trusted model for sharing information about security in the energy sector. It grew organically through word-of-mouth like many grass roots organizations. Along the way, ESEC-NW was receiving broad praise for the quality of its programs. It was nationally recognized by the SANS Institute, who bestowed the prestigious National Cyber Security Leadership award on the organization in 2007. This award honors persons who significantly improve the effectiveness of the nation’s cyber security. It is the most prestigious of all SANS cyber security awards because it recognizes transformational changes that have a sweeping impact on a range of public and private sector entities.

As interest continued to grow across North America the “northwest” was dropped from the name to embrace the burgeoning role as a national information sharing organization for the energy sector. Attendance at the annual summit continued to grow every year and new relationships developed with product and service vendors, government agencies and academic institutions. EnergySec formed a corporation in 2008 and received its non-profit 501(c)(3) designation in 2009.

EnergySec was uniquely positioned to answer the call when the U.S. Department of Energy announced a funding opportunity in early 2010 to build the National Electric Sector Cybersecurity Organization (NESCO). NESCO was meant to be a public-private partnership focused on security related information sharing in the electric sector. EnergySec was awarded partial funding over three years and work began in earnest in October of 2010.

Today, EnergySec is approaching the 1,500-member mark with over 470 organizations participating in EnergySec programs. The development of the EnergySec information sharing efforts and workforce development remain a key focus areas of EnergySec as it continues to develop programs and other efforts to meet the needs of the energy sector into the future.