Professional Education

speaker_iconEnergySec offers a growing number of educational courses covering both NERC CIP and general security topics. Below are short abstracts of our courses and intended audiences. For full course information, please click on the course title.

NERC CIP Bootcamp

The CIP Bootcamp is our flagship course, now with more than 1000 alumni. This 3-day course is designed for those new to NERC CIP as well as those wishing to solidify their knowledge of the standards. This course provides essential foundational knowledge of the NERC CIP ecosystem, as well as in-depth information on every CIP standard and requirement.

Audience: Anyone with a with day to day responsibilities that include NERC CIP requirements.

NERC CIP for Low Impact Entities

This one-day course provides the detailed knowledge and understanding attendees need to achieve compliance with the low impact requirements of the NERC CIP standards. The class provides a subset of our CIP Bootcamp material exclusively focused on the low impact requirements and associated compliance and enforcement processes.

Audience: Any individuals with responsibility for CIP compliance at the low impact level only.

NERC CIP Audit Workshop

This 2-day course prepares entity personnel to successfully navigate the audit process from preparation, to execution, to post-audit negotiations. Attendees will obtain an understanding of the NERC Rules of Procedures (RoP), Compliance Monitoring and Enforcement Program (CMEP), Inherent Risk Assessments (IRA), Internal Controls Evaluation (ICE), and the audit process as documented in the ERO Auditors Handbook.

Audience: Compliance, regulatory, legal, technical, and security staff that will participate in formal CIP audits, mock audits, or internal compliance reviews.

Cybersecurity Frameworks

This 2-day class uses two common security frameworks (NIST and C2M2) alongside custom material to provide students with the necessary cybersecurity, framework, and communication theory required to make practical improvements to their cybersecurity environments.

Audience: Executives, security leaders, technology practitioners, architects, policymakers, lawyers, and others for whom cybersecurity is relevant to their duties. No technical experience or security expertise is assumed and each class will be tailored to the experience levels of those in attendance wherever possible.

Partnered Course: Supply Chain Security

EnergySec is partnering with the Utilities Telecom Council to offer a course focused on supply chain security. More details on this course will be coming soon.