NERC CIP Bootcamp
EnergySec’s team of experts, with years of relevant industry experience in cybersecurity and NERC CIP implementation and audits, have developed this bootcamp to prepare you for success in meeting CIP obligations.
This course is perfect for both seasoned NERC CIP professionals seeking to broaden and update their knowledge and understanding, as well as those new to NERC CIP who wish to jump start the learning process on these important standards.
Attendees will come away from this event prepared to tackle the challenges in the latest version of the standards, including version 6 and possible future versions. In this course we will:
- Explain the nearly two dozen formally defined terms and other important words and phrases that are still undefined
- Describe the nearly 20 categories of assets to which requirements apply
- Explain the bright line criteria and the three tier (High/Medium/Low) approach to asset classification
- Discuss the new standards in version 5 and 6
- Explore changes that in version 6 and likely areas of change in future standards
- Provide references and discussion on the pertinent NERC filings and FERC rulings on these standards
- Deep Dive into the each requirement of each Standard with detailed explanation and discussion of entity obligations and auditor expectations
- Discuss the evidence needed to demonstrate compliance during an audit
Denver, CO – September 20-22, 2016
Columbus, OH – October 11-13, 2016
San Antonio, TX – November 8-10, 2016
Anaheim, CA – December 6-8, 2016
Phoenix, AZ – January 24-26, 2017
Steven Parker, CISA, CISSP, is President of EnergySec, and is a founding director of the organization. He has been engaged in critical infrastructure protection within the electric sector since 2001, including 8 years as a senior security staff member at PacifiCorp. Mr. Parker was also part of the team that established the NERC CIP audit program at the Western Electricity Coordinating Council (WECC). His experience includes a broad range of security disciplines including e-commerce, identity management, intrusion detection, forensics, incident response and investigations, security event monitoring, and NERC CIP compliance.
Wally Magda is a recognized cyber security expert for Industrial Control Systems (ICS) with over 22 years of utility experience. His deep security experience spans military, nuclear missile command and control, intelligence agencies, corporate enterprise and industrial control systems. He is a retired Western Electricity Coordinating Council (WECC) NERC CIP auditor.
Wally currently brings his passion and unique experience into conducting cyber and physical security training courses and assessments specific to ICS and NERC CIP.
He has a Bachelor of Science degree in Management Information Systems (MIS). His professional certifications include ISACA Certified Information Systems Auditor (CISA), ISC2 Certified Information Systems Security Professional (CISSP), ISA Certified Automation Professional (CAP), SANS GIAC Global Industrial Cyber Security Professional (GICSP) & Certified Incident Handler (GCIH), ASIS Physical Security Professional (PSP). He is also a Senior Member of the Information Systems Security Association (ISSA).
Brent most recently served as Manager, CIP Audits and Investigations for the Western Electricity Coordinating Council (WECC), the organization charged with compliance oversight for the Western Interconnection. Brent has more than six years direct experience auditing the CIP standards and helping the industry with compliance.
Leonard Chamberlin is a graduate of Tulane University with a B.S. in Computer Science. He is a Certified Information Systems Security Professional (CISSP) with over 17 years of experience in large-scale digital network engineering, information technology, and industrial control system security. During seven of those years, he was a consultant for Entergy in New Orleans, responsible for design, procurement, configuration, installation, monitoring, maintenance, training, documentation, change management, disaster recovery, and North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) compliance of their IP-based substation communications. Prior to his time at Entergy, Leonard’s consulting work focused primarily on telecommunications clients, including partnering to create his own consulting firm.
Most recently, Leonard completed five years of service as an Energy Industry Analyst focusing on cyber security for the Federal Energy Regulatory Commission (FERC). Leonard worked in the Office of Electric Reliability and in the Office of Energy Infrastructure Security. Leonard was technical lead on audits (both observational and FERC-led), network architecture reviews, investigations, and NERC notice of penalties teams. Leonard was team-lead for office involvement in the development of the National Institute of Standards and Technology (NIST) cybersecurity framework, resulting from Executive Order 13636. He also participated in the NIST Smart Grid Interoperability Panel and Federal Smart Grid Task Force.
Leonard is currently a senior consultant with Archer Energy Solutions, using his unique experiences as both a regulator and as a cybersecurity professional in IT/OT environments to assist clients in improving their security postures and NERC CIP compliance programs. Leonard also recently attained Certified Information Systems Auditor (CISA) certification.
Leonard holds a level four proficiency in Japanese, which has helped ensure successful projects when working with Japanese clients and delegations in the past. Leonard is continuing his Japanese studies and hopes to eventually put those skills to use to facilitate improved collaboration with the Japanese on mutual threat actors and vulnerabilities that our two countries face.
Bryan most recently served as a Senior Auditor for Cyber and Physical Security at WECC for the past four years. Prior to joining WECC, he served as CIP Compliance Program Manager at PacifiCorp, a large investor-owned utility in the northwest U.S. Bryan has a very strong background in generation environments.