Mandatory Utility Supply Chain Compliance - NERC CIP 013 & BES Executive Order

September 10, 2020


AGENDA

Thursday, September 10, 2020  - Central Time

8:45 – 9:00 a.m. :: Log In

9:00 a.m. – 4:00 p.m. :: Course Timing

12:15 – 1:00 p.m. :: Break for Lunch


A Comprehensive Understanding of the new Utility Supply Chain and 3rd Party Vendor Compliance Frameworks in Development, at Deadline and Expected into the Future

Assess and prioritize supply chain risk, develop required acquisition policies and procedures, and help implement focused supplier and logistics security measures


Technical Presentation on the Process of Compliance


A Legal Perspective on the New BES Standards


Vendor Perspective on CIP Compliance

This presentation is from one of the top vendors to the BES and developing the new digital utility revolution.   The vendor necessarily had to review their entire supply chain and is tasked with gaining detailed information on cybersecurity and the ability to prove and demonstrate to regulators their responsible process for such certification.  


Questions & Answers with the Instructors and a Discussion Among Attendees


INSTRUCTORS

Scott Crider, Manager, Cybersecurity and Supply Chain, West Monroe Partners

Mr. Crider is a program manager and operational excellence leader with more than 12 years of experience in the field as a cybersecurity practitioner that evaluates critical infrastructure and business development needs, and who demonstrates secure & safe principles and techniques within the Oil & Gas, Nuclear, Bulk Power, Water and Hygiene, Transportation, Clinical Information Systems, and Pharmaceutical/Biotechnology industries.

With a focused understanding of strategic cybersecurity, cyber resilience, and critical infrastructure, he is a results-oriented business professional with proven abilities in strategic planning, managing projects, improving efficiency of operations, team building, and detailing project information to determine effective processes for operations.

Possess extensive knowledge having served 15 different Energy & Utility companies in the Industry; recognized as a leader in capacities of program management, regulatory compliance, cybersecurity, nuclear regulatory commission (NRC) audit inspections, NERC CIP audit readiness, and cyber resilience functions. Positioned as an industry leader who aims to focus his talents on strategizing and implementing industry leading security frameworks and standards (i.e., ANSI/ISA, API, C2M2, CIS 20CSC, ISO, NEI, NERC, NIST, NRC) to advise clients on “right sized” security target operating models, improving security maturities, and postures. 


Roger Yang, Senior Manager, West Monroe Partners

Closely aligned with the Supply Chain practice, Roger has a deep background in turnaround and restructuring. Additionally, his experience as a manager of portfolio companies gives him a unique perspective. He has delivered projects across a wide range of industries, including automotive, aerospace, and consumer electronics industries, as well as healthcare, consumer packaged goods, and banking. Roger’s projects have predominantly focused on strategic sourcing, footprint optimization, and supply chain transformation.


Tony Turner, VP Security Solutions, Fortress Information Security

Tony leads the VSOC managed services team at Fortress helping customers with asset and vulnerability management and threat advisory services and designs many of the technical security solutions at Fortress. He has helped hundreds of companies with strategic and tactical approaches to solving their information security challenges. Tony most recently worked at a network security and vulnerability management vendor, where he led a transformational effort for the Professional Services organization and supported pre-sales activities for all of the Americas.

He has a wealth of experience in helping customers solve challenges around vulnerability management and prioritization, network assurance, and other security and compliance objectives.  He has been the global head of application security at Arrow Electronics and senior security executive for multiple organizations such as GuidePoint Security, Darden Restaurants and Orlando International Airport (MCO).

With over 20 years of consulting and operations experience, he brings a diverse skill set that includes Security Program Development, Business Continuity, Compliance, Incident Response, Penetration Testing and Vulnerability Management, Security Architecture and Network and Application Security.

Tony is a frequent speaker at industry conferences such as SANS, B-Sides, DerbyCon, ISSA, ISACA and others, and is a mainstay of the FL information security community, having founded several security groups and conferences. He holds a Bachelor’s degree from Hodges University in Naples, FL and over 20 security certifications such as CISSP, CISA, GCIH, GCIA, GPEN, GSSP-Java and many others.


Nick Noll, Director, Fortress Security 

Nick Noll is Director of Marketing and Business Development for Fortress Information Security.   Coming to Fortress in June of 2019 Mr. Noll has extensive security experience, physical and cyber.   His background with Symantec Security and in the water industry has led to positions of increasing responsibility in Data Management, Cloud Development and now Cybersecurity.   A graduate of Oral Roberts University, he leads Fortress’ outreach to the bulk electric system from both a Utility perspective and for .  He also is a co-founder of the Asset 2 Vendor Network, a collaborative to comply with NERC 013 Standards.


Keith Bradley, Partner, Squire Patton Boggs, LLP

Keith Bradley represents companies before US federal and state agencies across a spectrum of regulatory regimes and litigates challenges to administrative and regulatory decisions. As a senior advisor to the General Counsel of the U.S. Department of Energy (DOE), Keith organized the defense of significant regulatory challenges and advised on important department regulatory reforms, such as those in energy conservation and nuclear export controls. He advised on complex DOE transactions, such as decommissioning contracts funded in part by barter arrangements, federal participation in transmission line projects, and more.

Before joining DOE, he was counsel in the Legal Division of the Consumer Financial Protection Bureau, where he helped draft significant regulations, counseled senior agency executives on administrative and constitutional law, and worked with enforcement teams on some of the bureau’s most significant matters. Since leaving DOE, he has served as senior counsel for a corporation in Denver, where he built and ran the compliance management system and helped introduce regulators to the company’s novel business model.


Russ Walsh, Principal Regulatory Compliance Advisor, GE Digital (Invited)

Mr. Walsh has a history of providing advisory services to many large global companies, including Facebook, Hitachi, Cisco, IBM, EY, Yahoo, Apple, Google, SAP, and Salesforce along with countless startups such as Kaiam, Chirpify, Opsware, and Inflexxion.  Specializing in cyber security risk and compliance leadership and he is currently helping GE to build the world's largest Industrial Internet of Things (IIoT) platform. 

Leading a team of experienced cyber security professionals as GE builds the world's largest industrial cloud-based computing platform to service the Industrial Internet of Things (IIoT). In this role, I am also responsible for all aspects of Risk and Compliance functions, along with Mergers and Acquisition (M&A) integration.

My Risk Management functions cover full end-to-end processes for risk intake, risk evaluation, risk agreement of facts meetings (AoF), remediation, exception management, validation, and closure. Our compliance frameworks are based on NIST 800-53 to optimize our annual compliance for ISO 27001, 27017, 27018, 9001, along with SOC2, FDA, and FedRAMP.


ONLINE DELIVERY

We will be using Microsoft Teams to facilitate your participation in the upcoming event. You do not need to have an existing Teams account in order to participate in the broadcast – the course will play in your browser and you will have the option of using a microphone to speak with the room and ask questions, or type any questions in via the chat window and our on-site representative will relay your question to the instructor.