EnergySec offers a growing number of educational courses covering both NERC CIP and general security topics. Below are short abstracts of our courses and intended audiences. For full course information, please click on the course title.
At their first quarter meeting on March 21, 2018, the NERC Compliance and Certification Committee voted to approve EnergySec as a Pre-Qualified Organization. As a Pre-Qualified Organization, EnergySec is authorized to submit Compliance Implementation Guidance for ERO endorsement. This positions us to assist our membership in developing and documenting compliance approaches suitable for “endorsement” by the ERO, reducing uncertainty for complex CIP compliance topics.
EnergySec members receive a 30% discount off the list price of EnergySec courses.
NERC CIP 5-day Bootcamp (40 CPE Credits)
The CIP Bootcamp is our flagship course, now with more than 1500 alumni.This course provides essential foundational knowledge of the NERC CIP ecosystem, as well as in-depth information on every CIP standard and requirement.This is the standard option for professionals seeking a full understanding of the NERC CIP standards. This includes all five days of the Bootcamp as outlined.
Audience: Industry professionals seeking a full knowledge of the NERC CIP standards and associated compliance oversight processes.The full 5-day Bootcamp qualifies for 40 CPE credits.
NERC CIP Bootcamp – Day 1 (8 CPEs)
Day 1 of the Bootcamp provides foundational knowledge of the CIP standards and a deep dive into the Low Impact requirements.Topics include the history and legal basis of the standards, terminology, policy requirements, asset identification, and the four focus areas for the protection of low impact systems
Audience: Anyone with day to day responsibilities that include NERC CIP requirements.Vendors selling products or services to entities subject to the CIP standards.
NERC CIP Bootcamp – Days 1-3 (24 CPEs)
In addition to the day 1 material discussed above, Days 2-3 present a deep dive into standards CIP-004 through CIP-014, covering every requirement in depth with discussions on compliance approaches,.
Audience: Anyone with day to day responsibilities that include NERC CIP requirements at the high or medium impact level.Vendors selling products or services to entities subject to the CIP standards.
NERC CIP Bootcamp – Days 4-5 (16 CPEs)
Days 4-5 of the Bootcamp provide entity personnel with an understanding of compliance oversight practices employed by the ERO.This includes a detailed explanation of the audit process from preparation, to execution, to post-audit negotiations. Attendees will obtain an understanding of the NERC Rules of Procedures (RoP), Compliance Monitoring and Enforcement Program (CMEP), Inherent Risk Assessments (IRA), Internal Controls Evaluation (ICE), and the audit process as documented in the ERO Auditors Handbook. RSAW and evidence preparation and presentation will also be discussed.
Audience: Compliance, regulatory, legal, technical, and security staff that will participate in formal CIP audits, mock audits, or internal compliance reviews. Others desiring an understanding of oversight processes and methods to ensure compliance.
This educational event is designed for early to mid career cybersecurity professionals currently employed at electric utilities in North America. For 2019, we are currently planning three events:
- Charlotte, NC (Apr 29 – May 3, 2019)
- Austin, TX (Jun 3-7, 2019)
- Colorado Springs, CO (TBA – Oct. 2019)
Our Education Week events invite some of the brightest minds in utility security to teach a variety of technical topics relevant to our industry. Topics include Threat Hunting, Network Packet Analysis, Technical Security Assessments, security exercises, and more. We’ve also arrange for facility tours to provide a behind the scenes look at just what we are working to secure.
Education Weeks also include a variety of networking events designed to build relationships within industry and strengthen the community of cybersecurity professionals in our sector.
Attendees of this event will:
- Increase their industry-relevant technical security knowledge
- Increase their understanding of security-relevant operational aspects of the electric power industry.
- Expand their relationships with other security professionals working at utilities throughout North America.