Our Mission: Strengthen the cyber security posture of critical energy infrastructures.
The Energy Sector Security Consortium, Inc. (EnergySec) is a United States 501(c)(3) non-profit corporation formed to support energy sector organizations with the security of their critical technology infrastructures. Through our membership program, we support collaborative initiatives and projects that help enhance the cybersecurity resiliency of these organizations.
Value Value is sourced from those who have a need. We believe that the industry is best positioned to describe their cyber security needs and we are but a conduit to help achieve its goals. It is with our ability to listen, share and continue to foster open discussions that were able to bring forth the value of our organization.
Innovation Standing still may give us comfort but if we don’t move forward with new ways to address our challenges we may be lost in our own shadow. It is our desire to promote innovation – give rise to new ways to solve old problems and be nimble enough in our thoughts to overcome new challenges as they come to light. We strive to convert knowledge and ideas into benefits.
Leadership It is inevitable that we will not make everyone happy. It is the very nature of taking responsibility and striving toward the common welfare of a group that this will happen. We take our position in the energy sector as a leader of cyber security enhancement. We do not apologize for going against the grain if that is necessary. We will be decisive, steadfast in our goals and always consider what is good for the many.
People Our people define our company and create our reputation. We enable our people to maximize opportunities for professional development by defining, incenting and recognizing high standards of excellence. We promote the personal welfare of our people by fostering an environment that embraces tolerance, diversity and mutual respect. We uphold our commitment to work/life balance by celebrating the interests our people consider to be important and by encouraging and recognizing their contributions in the community.
Responsibility As we grow in influence and capability, we are bound to actions and outcomes for which our constituents have reasonably formed expectations, or which are inherent to our position in the industry. We take seriously the potential impact of our failures or shortcomings, and apply due diligence to meeting the responsibilities with which we have been charged.
Integrity Integrity forms the foundation of our relationships with each other and with the communities and stakeholders we engage. We do what we say we will do, and we hold ourselves accountable. As individuals, we strive to be worthy of others’ trust, honest in our dealings, and ethical in our conduct. As an institution, we seek to be transparent in our operations and to be a model of good governance, setting high standards for ourselves as well as our partners.
Teamwork We recognize that cooperation and open communications are essential to fulfilling our mission and purpose. We participate fully as team members when working with colleagues and our partners. We support and empower each other by sharing knowledge and leveraging skills and resources across boundaries.
Fun We don’t yodel but we do have some of the best punsters on earth. Cyber security is serious business – that can not be underscored enough. Yet…we believe humor is an essential ingredient for success.
The EnergySec Board of Directors is currently made up of seven directors. The role of the Board of Directors is to support the EnergySec mission and vision as well as to provide guidance and oversight to the EnergySec executive team.
Steven Parker, CISA, CISSP, is the President of the Energy Sector Security Consortium (EnergySec). He was part of the grassroots effort that led to the formation of EnergySec, and has served on its board of directors since 2008.
Steven’s experience includes more than a decade of full-time security work at critical infrastructure organizations including the Western Electricity Coordinating Council, PacifiCorp, and US Bank. He has contributed to a broad range of security projects covering areas such as e-commerce, identity management, intrusion detection, forensics, and security event monitoring.
Patrick Miller is a security executive who has dedicated his career to the protection and defense of the nation’s critical energy infrastructure. He is the founder of EnergySec, and currently its President Emeritus. This nonprofit information sharing organization began as a few colleagues meeting for lunch and has grown into a nationwide effort to promote sound security principles in the energy industry.
One of his strengths is the diversity of his professional experience. In Energy, he has held positions with a utility, a regulator, and a private consulting firm. He has also held key positions in the Insurance, Internet and Telecommunications sectors.Among other credentials he holds the CISA, CRISC and CISSP certifications.
Patrick is an active member of several critical infrastructure security working groups and a sought after speaker and industry expert on the subjects of critical infrastructure protection, process control system security, regulatory compliance, audit, and privacy.
Paul J. Feldman is an experienced executive in the technology, telecommunications, and energy industries.
Mr. Feldman is a Current Director and past chairman of the Midcontinent ISO (MISO) – the largest RTO in the country. At MISO, he chairs the Markets Committee and serves on the Information Technology and Governance Committees. U.S. Energy Secretary Ernest Moniz appointed Mr. Feldman to serve on the NCC and advise on matters related to electricity and especially transmission systems. He also serves as a member of the National Renewable Energy Laboratory in Golden on the Energy Systems Integration Technical Review Panel. He is a Director of EnergySec – an organization devoted to energy cybersecurity. In addition, he serves on several energy company advisory boards, and Boeing Corporation.
Mr. Feldman was a Board Director of the Western Interconnection (WECC) Board before leaving in 2013 to pursue market alternatives for the west. At WECC he helped lead the bifurcation of the company as Chairman of the Governance Committee – and successfully separated the NERC functions from the grid operations (Peak Reliability) in the Western Interconnect – each with Independent Boards. He was also Chairman of the NERC Compliance Committee of the Board at WECC.
Mr. Feldman began his career with AT&T and Bell Labs where he remained for 20 years in positions of increasing responsibility until leaving as vice president of Consumer Products. While at AT&T he held senior positions in marketing, sales, R&D, and manufacturing. After leaving AT&T, he served as chief executive or vice president at Novell, Inc., Geo-Utilities, Inc., Columbia Energy, UtiliCorp United, AES, and AT&T/Lucent Technologies.
His educational background includes theology, a Bachelor of Arts in mathematics and a Masters in Economics, with advanced work toward a PhD in Econometrics. Additionally, Mr. Feldman was also an Associate Professor at Cleveland State University. He has also achieved the Professional Director certification and is a Board Leadership Fellow at the National Association of Corporate Directors.
Stacy Bresler – Director
Stacy Bresler is a former bank cyber security consultant, former electric utility employee, former Corporate Information Security Officer (PacifiCorp) and served as a NERC Critical Information Protection (CIP) Compliance Auditor. He was one of the first CIP auditors hired by the Western Electricity Coordinating Council (WECC). As a Senior Compliance Engineer, he was a key participant in the development of security regulations related to the electrical grid. He is a NERC-certified lead auditor for both NERC Operations and Planning (693) and the CIP reliability standards. He has led and/or participated in more than 60 NERC Audits and has been a trusted security consultant for over 25 years to many different industries.
Mr. Bresler, as a Principal Investigator, was instrumental in helping lead EnergySec toward sustainability as part of the Department of Energy (DOE) collaborative agreement to build a national electric sector cyber security organization. In addition to his NERC auditor certifications, Stacy currently is a Certified Information System Auditor and Certified Information Systems Manager and has previously been a Certified Information System Security Professional (CISSP), held a SANS GIAC Security Essentials Certification (GSEC), been a Microsoft Certified Professional (MCP) and been a Microsoft Certified Solutions Expert (MCSE). He is currently a board member of EnergySec, the Vice-President of Outreach at EnergySec and a Managing Partner of Archer Security Group.
Samara Moore – Director
As a Senior Manager within Exelon Corporate Information Security Services, Samara Moore focuses on partnering across the enterprise to manage cyber security risks to Exelon’s critical infrastructure functions. Mrs. Moore leads the Industrial Control Systems SCADA Cyber Security Program and is a key manager supporting the NERC CIP compliance program. Mrs. Moore joined Exelon after 10 years in the federal government, where as a member of the White House National Security Council Staff, she served as the Director for Cybersecurity Critical Infrastructure Protection coordinating across the government and private sector on efforts to strengthen cybersecurity for critical infrastructure, such as: developing the NIST Cyber Security Framework, threat information sharing, and executive engagement. At the Department of Energy (DOE), Samara Moore was responsible for leading cyber policy and oversight of internal programs, and leading programs to support security and resilience for the Energy sector. While at DOE, Mrs. Moore led the development of the Electricity Sector Cybersecurity Capability Maturity Model which is being used both domestically and internationally. Prior to her government service, she worked as an enterprise risk and security consultant. Mrs. Moore is a graduate of Virginia Tech with a B.S. in Accounting & Information Systems, and a graduate of George Washington University with a M.S. in Engineering Management.
The foundation of EnergySec was established over a decade ago as relationships formed between a group of information security, physical security, disaster recovery and business continuity professionals from energy organizations in the Pacific Northwest. Initially, a small group met for lunch to discuss the security challenges they were all facing. The idea was simple, share common security practices for the purpose of learning from each other. As news spread about the lunch meetings, more people wanted to join and it quickly outgrew the informal setting. EnergySec Northwest, better known as E-Sec NW, was formed in early 2004. An online forum and quarterly meetings were established to give security professionals more time together and better ways to share information with each other.
In 2005, E-Sec NW hosted its first annual summit. The two-day event was a success from the beginning. There was no other meeting of its kind being held at the time. The summit promoted open and honest dialog, creative ideas, and collaborative solutions designed to benefit as many as possible. The summit especially appealed to the “boots on the ground” security practitioners who, prior to this time, had found themselves isolated at their respective organizations.
Over the next several years, E-SEC NW built an independent and trusted model for sharing information about security in the energy sector. It grew organically through word-of-mouth like many grass roots organizations. Along the way, ESEC-NW was receiving broad praise for the quality of its programs. It was nationally recognized by the SANS Institute, who bestowed the prestigious National Cyber Security Leadership award on the organization in 2007. This award honors persons who significantly improve the effectiveness of the nation’s cyber security. It is the most prestigious of all SANS cyber security awards because it recognizes transformational changes that have a sweeping impact on a range of public and private sector entities.
As interest continued to grow across North America the “northwest” was dropped from the name to embrace the burgeoning role as a national information sharing organization for the energy sector. Attendance at the annual summit continued to grow every year and new relationships developed with product and service vendors, government agencies and academic institutions. EnergySec formed a corporation in 2008 and received its non-profit 501(c)(3) designation in 2009.
EnergySec was uniquely positioned to answer the call when the U.S. Department of Energy announced a funding opportunity in early 2010 to build the National Electric Sector Cybersecurity Organization (NESCO). NESCO was meant to be a public-private partnership focused on security related information sharing in the electric sector. EnergySec was awarded partial funding over three years and work began in earnest in October of 2010.
Today, EnergySec is approaching the 1,500-member mark with over 470 organizations participating in EnergySec programs. The development of the EnergySec information sharing efforts and workforce development remain a key focus areas of EnergySec as it continues to develop programs and other efforts to meet the needs of the energy sector into the future.