Josh Axelrod | Cybersecurity Practice Leader for the Power and Utilities Sector at EY

Biography of Josh Axelrod
Cybersecurity Practice Leader for the Power and Utilities Sector at EY

Focusing on the needs of the business, security and operations, Mr. Axelrod aids the Power and Utilities Sector to structure its policies, processes, procedures, operational technology, informational technology as well as physical security infrastructure and programs. His efforts enhance business efficiency, regulatory compliance, situational awareness, and overall security in the dynamic environment facing the sector.

Mr. Axelrod is a retired United States Naval Submarine Officer with over seventeen years of operational experience in nuclear power generation, electrical distribution, mechanical systems, as well as the industrial control systems associated with operation, supervision and security. Joshua possesses extensive operational experience with respect to generation, transmission, and distribution operations and the security of its supporting infrastructure. This experience is steeped in deep knowledge of nuclear engineering, reactor operations, steam plant operations, transmission and distribution planning, and cybersecurity principles.

Mr. Axelrod has previously served as a Senior Transmission Engineer at PacifiCorp and as the Cybersecurity Audits and Investigations Leader at the Western Electricity Coordinating Council (WECC).

Engagement experience

  • Advised Executive Management teams regarding security infrastructure investments and expansions to increase operational efficiency, compliance readiness consistent with NIST SP800 and ISO 27000 series standards
  • Assisted with the design and implementation of the control environment for NERC CIP Version 3, 4, 5 and 6 compliance and security for several large vertically integrated electric utility spanning 6 NERC regions aligned to NIST SP800-53
  • Advised clients in regards to Industrial Control System (ICS) security aligned to NEI 08-09 (U.S. CFR 10.73.54), NIST SP800-82 and SP800-53 and the DOE Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) for Electric, Water Sector, and Media and Entertainment Sectors
  • Assessed performance of Nuclear Plant Interface requirements and executed audits of U.S. Nuclear Regulatory Commission practices for Pressurized Water Reactors (PWRs) and Boiling Water Reactors (BWRs)
  • Assessed Smart Grid security and performance for multiple Electric Sector clients providing enhancement recommendations
  • Helped design the implementation of IAM and GRC solutions
  • Assisted in the assessment of compliance with all five versions of the NERC Cyber Security Standards (NERC CIP) for over 60 Electric Utility clients spanning generation, transmission and distribution facilities