EnergySec offers a growing number of educational courses covering both NERC CIP and general security topics. Below are short abstracts of our courses and intended audiences. For full course information, please click on the course title.
The CIP Bootcamp is our flagship course, now with more than 1000 alumni. This 3-day course is designed for those new to NERC CIP as well as those wishing to solidify their knowledge of the standards. This course provides essential foundational knowledge of the NERC CIP ecosystem, as well as in-depth information on every CIP standard and requirement.
Audience: Anyone with a with day to day responsibilities that include NERC CIP requirements.
This one-day course provides the detailed knowledge and understanding attendees need to achieve compliance with the low impact requirements of the NERC CIP standards. The class provides a subset of our CIP Bootcamp material exclusively focused on the low impact requirements and associated compliance and enforcement processes.
Audience: Any individuals with responsibility for CIP compliance at the low impact level only.
This 2-day course prepares entity personnel to successfully navigate the audit process from preparation, to execution, to post-audit negotiations. Attendees will obtain an understanding of the NERC Rules of Procedures (RoP), Compliance Monitoring and Enforcement Program (CMEP), Inherent Risk Assessments (IRA), Internal Controls Evaluation (ICE), and the audit process as documented in the ERO Auditors Handbook.
Audience: Compliance, regulatory, legal, technical, and security staff that will participate in formal CIP audits, mock audits, or internal compliance reviews.
This 2-day course is designed to provide participants with the cybersecurity, framework, and communication theory required to get a grip on cyber security risk management and reduction. Rather than walk you through the same tired old risk management principles, this class will decompose the causes, sources, and nature of the problem and teach approaches and techniques which can be, together, applied to this difficult (and still poorly understood) problem. While utilizing existing tools and models, the class will go far beyond them and focus on fundamentally missing or underrepresented topics.
Audience: Executives, security leaders, technology practitioners, architects, policymakers, lawyers, and others for whom cybersecurity is relevant to their duties. No technical experience or security expertise is assumed and each class will be tailored to the experience levels of those in attendance wherever possible.
Partnered Course: Supply Chain Security
EnergySec is partnering with the Utilities Telecom Council to offer a course focused on supply chain security. More details on this course will be coming soon.