1. What was your career journey that led you to joining DeNexus?
I began my career in a startup over 20 years ago at Matrikon (now part of Honeywell) and within months of being hired, I was configuring domain controllers and networking that would go into a petrochemical facility. I am one of the few pioneers who has been in industrial cybersecurity since year 2000.
I now have 17 years of applied onsite experience at over a hundred industrial facilities performing audits, assessments, design, installation, configuration, and troubleshooting of OT infrastructure on live control systems. This included extensive advisory consulting in the Electric sector helping entities develop their entire NERC CIP program from the ground-up. I understand the real challenges our customers face and what it’s like onsite in industries like oil & gas, petrochemicals, pipelines, gas & electric transmission, power generation, and more. To reduce my travel miles each year and have a bigger influence on Honeywell’s industrial cybersecurity offerings, I’ve spent the last 5 years in product management, marketing, and sales enablement involved in all parts the Honeywell ICS/OT cybersecurity portfolio (e.g., products, cybersecurity consulting services, managed security services). I am grateful for 23 years of experience I’ve gained at Honeywell.
I’m very passionate about making a different in OT cybersecurity so I volunteer my time to speak at conferences & universities as well as support industry standards and government advisory committees. I’ve been vice-chair of the CISA ICSJWG for the last 6 years, as well as almost 4 years with Public Safety Canada ICS Security Symposium. I’ve supported the ISA-99/62443 Committee in various capacities the last 20 years, with some of my greatest contributions going into the TR62443-2-3:2015 standard on IACS patch management.
2. Where will you be based?
I will continue to be based out of Edmonton, Alberta, Canada. Alberta is known for its Rocky Mountains including Jasper and Banff to the west. Alberta is also known for its year-round blue skies (whether its 30 Celsius above or 30 below). If you want to visit Alberta, I recommend June through August.
3. What is an average day in the life of a Director of OT Cybersecurity?
After the first weeks, I’m still learning the terminology, acronyms, and catching up on several projects underway. I’ve already found my footing and have started to contribute my knowledge of 62443, NIST CSF, NERC CIP and other standards that will be integrated into the future versions of DeNexus’ DeRISK Platform, analysis, and reports. As Director of OT Cybersecurity, the team will rely on my subject matter expertise (SME) in OT cybersecurity across different control systems vendors, different cybersecurity vendor products, different industry verticals, and standards such as 62443, CSF, CIP, etc. I’ve had the fortune to assess, design, and integrate many of the same cybersecurity designs and solutions at industrial facilities, as well as deliver cybersecurity risk assessments to my former customers. Decades ago, I would perform my cybersecurity risk analysis’ using Excel and other manual methods, I’m excited to help lead efforts to standardize and automate cyber risk assessments in the DeRISK Platform!
4. How does your role fit into DeNexus’ mission to become the global standard of industrial cyber risk quantification for agencies, shareholders, investors, boards and risk transfer market?
My experience across multiple verticals, control systems, cybersecurity, and industry standards will be used to improve evidence-based cybersecurity data collection from OT systems, improve data collection on vulnerabilities & safeguards, and help improve the cyber risk quantification and visualization in the platform. I will be working alongside Product Management, Marketing, Sales, and the Development teams.
Find out more about Second generation risk platform DeRISK here.