Profiles search
David Mangum
Cybersecurity Engineer III
Tacoma, WA, United States
Details
Experience:
2022 : Present
Tacoma Public Utilities
Cybersecurity Engineer III
- Completed temporary assignment as acting Interim Supervisor for the Compliance team.
-Responsible for performing internal audits, spot-checks, and risk assessments of the CIP cybersecurity compliance requirements.
- Investigate potential issues related to cybersecurity and the compliance program.
- Audit preparations related to WECC audit.
2016 : 2022
Tacoma Power
CIP Internal Auditor
• Responsible for ensuring ATC’s ability to remain compliant with NERC CIP cybersecurity standards, working with functional area teams to ensure that they have the necessary information to ensure compliance.
• Lead project for Role based training with functional areas to develop content in support for CIP requirements.
• Support the development and roll out of Core CIP training requirements.
• Worked on project for self-certification for CIP requirements related to Vulnerability Assessments.
• Co-Lead on 2014 RSAW documentation effort.
• Investigate corrective actions related to Condition report regarding a CIP self-logging issues.
• Member of Security Awareness team.
• Lead effort on document migration to SharePoint repository.
2014 : 2015
American Transmission Co.
NERC CIP Compliance Consultant
• Responsible for ensuring OUC’s ability to remain compliant with NERC Critical Infrastructure Protection (CIP) cybersecurity standards, as well as address regulatory issues dictated by the Department of Homeland Security as it relates to Critical Infrastructure/Key Resources.
• Responsible for reviewing, evaluating, and correcting all documentation used to perform or support compliance with these requirements, evaluating and interpreting current and proposed new industry cyber security requirements, supporting OUC interests in development of new industry cyber security standards, and protecting OUC interests under a CIP regulated environment.
• Operationally implement the CIP portion of OUC’s Internal Compliance Program and serve as principal advisor on all matters, technical and otherwise, involving the CIP program.
• Interpret the requirements’ of NERC CIP standards.
• Assess NERC compliance application notices, interpretation requests, and ballots relating to CIP.
• Read, understand, and interpret FERC orders and rule makings.
• Periodically review access control lists on access points to Electronic Security Perimeters (ESPs)
• Periodically review both physical and cyber access control logs.
• Draft and prepare OUC documents (processes, procedures, policies, etc.) supporting CIP compliance.
• Review and evaluate OUC’s existing processes to meet CIP standard requirements.
• Recommend changes to existing processes to better meet CIP standard requirements.
• Maintain and manage various programs as Project Manager to ensure compliance to CIP standards.
• Research and evaluate new Information Security technologies.
2011 : 2014
Orlando Utilities Commission (OUC - The Reliable One)
Critical Infrastructure Protection Coordinator
• Lead security investigations
• Project leader for Actiance (Formerly FaceTime) web filter implementation
• Update, approve, and perform changes to firewall policies; Checkpoint firewalls R70 – R71
• Day to day management of web filters (iPrism, Actiance), firewalls (Checkpoint), & 2 factor authentication systems (BlackShield)
• Assisting and mentoring junior security members
• Planning and strategy development for the security environment
• Perform upgrades to appliances for various security tools
• Provide guidance on NERC CIP & PCI standards to organization
2010 : 2011
Colorado Springs Utilities
Senior Information Security Analyst
Tacoma Public Utilities
Cybersecurity Engineer III
- Completed temporary assignment as acting Interim Supervisor for the Compliance team.
-Responsible for performing internal audits, spot-checks, and risk assessments of the CIP cybersecurity compliance requirements.
- Investigate potential issues related to cybersecurity and the compliance program.
- Audit preparations related to WECC audit.
2016 : 2022
Tacoma Power
CIP Internal Auditor
• Responsible for ensuring ATC’s ability to remain compliant with NERC CIP cybersecurity standards, working with functional area teams to ensure that they have the necessary information to ensure compliance.
• Lead project for Role based training with functional areas to develop content in support for CIP requirements.
• Support the development and roll out of Core CIP training requirements.
• Worked on project for self-certification for CIP requirements related to Vulnerability Assessments.
• Co-Lead on 2014 RSAW documentation effort.
• Investigate corrective actions related to Condition report regarding a CIP self-logging issues.
• Member of Security Awareness team.
• Lead effort on document migration to SharePoint repository.
2014 : 2015
American Transmission Co.
NERC CIP Compliance Consultant
• Responsible for ensuring OUC’s ability to remain compliant with NERC Critical Infrastructure Protection (CIP) cybersecurity standards, as well as address regulatory issues dictated by the Department of Homeland Security as it relates to Critical Infrastructure/Key Resources.
• Responsible for reviewing, evaluating, and correcting all documentation used to perform or support compliance with these requirements, evaluating and interpreting current and proposed new industry cyber security requirements, supporting OUC interests in development of new industry cyber security standards, and protecting OUC interests under a CIP regulated environment.
• Operationally implement the CIP portion of OUC’s Internal Compliance Program and serve as principal advisor on all matters, technical and otherwise, involving the CIP program.
• Interpret the requirements’ of NERC CIP standards.
• Assess NERC compliance application notices, interpretation requests, and ballots relating to CIP.
• Read, understand, and interpret FERC orders and rule makings.
• Periodically review access control lists on access points to Electronic Security Perimeters (ESPs)
• Periodically review both physical and cyber access control logs.
• Draft and prepare OUC documents (processes, procedures, policies, etc.) supporting CIP compliance.
• Review and evaluate OUC’s existing processes to meet CIP standard requirements.
• Recommend changes to existing processes to better meet CIP standard requirements.
• Maintain and manage various programs as Project Manager to ensure compliance to CIP standards.
• Research and evaluate new Information Security technologies.
2011 : 2014
Orlando Utilities Commission (OUC - The Reliable One)
Critical Infrastructure Protection Coordinator
• Lead security investigations
• Project leader for Actiance (Formerly FaceTime) web filter implementation
• Update, approve, and perform changes to firewall policies; Checkpoint firewalls R70 – R71
• Day to day management of web filters (iPrism, Actiance), firewalls (Checkpoint), & 2 factor authentication systems (BlackShield)
• Assisting and mentoring junior security members
• Planning and strategy development for the security environment
• Perform upgrades to appliances for various security tools
• Provide guidance on NERC CIP & PCI standards to organization
2010 : 2011
Colorado Springs Utilities
Senior Information Security Analyst
Company:
Tacoma Public Utilities
About
Degrees and Certifications include: Bachelor of Science in Business (MIS) degree from the University of Colorado in Colorado Springs, Certified Information System Security Professional (CISSP), and Certified Ethical Hacker (CEH).
Prior to becoming an Information Security Professional my work in the Electric Utility field, began with 6 years in the Naval Nuclear Power program, followed by 4 years in Coal, Gas, and Hydro power production.
Profile Photo
