John B.
Details
- Serve as an expert advisor to senior management in the development, implementation and maintenance of an organisation-wide ICS/OT information security infrastructure;
- Identify, propose, and review key ICS/OT information security program priorities, initiatives, plans, practices and tools;
- Conduct Detailed Risk Assessments of all industrial and operational control systems;
- Coordinate business requirements to determine risks and risk management (remediation objectives);
- Acquire the optimal security technologies to remediate security and compliance gaps;
- Plan, design, engineer and implement the ICS/OT technology environments to comply with security frameworks;
- Compile, draft and present regular reports on ICS/OT security to senior management, boards and committees;
- Work with Legal, Audit, and others to develop support for security initiatives that meets governance requirements;
- Oversee the management of Internal Controls and Audit response;
- Develop full set of policies and procedures to populate a Cyber Security Management System (CSMS) to address both OT and IT security programs;
- Manage and oversee all internal complex procurement processes to obtain the necessary network, infrastructure and application tools to remediate security deficiencies;
- Align resources to the critical priorities and key business priorities and programs;
- Work within budgets provided for ICS/OT security including all finance and allocation approval processes;
- Utilise complex technical skills to address critical decision making and management advisories;
- Serve as Lead for all the above : complete program responsibility from organisation leadership.
2019 : Present
Major U.S. Transport Infrastructure Authority
ICS/OT Information Security Lead
2020 :
Ithaca Cybersecurity Certificate Program
Cybersecurity Program Advisory Board Member at Ithaca College
Board Member for the Cybersecurity Certificate Program at Rutgers University. The Program is designed to train and develop professionals to manage cybersecurity issues within an organization. My commitment is to guide and advise faculty and leadership to build an energetic and collaborative learning environment to set the Rutgers Cybersecurity Certificate Program apart from other academic institutions.
2018 : 2022
Rutgers University Continuing Education
Cybersecurity Advisory Board Member
Provide Industrial Control System cybersecurity risk management services. Projects include basic cyber capability maturity assessments, cyber risk vulnerability analysis, business continuity and incident response planning and disaster recovery. Capabilities include Operations Technology and SCADA design and architecture, cyber risk procurement and supply chain management, regulatory compliance with cyber and technical requirements.
SPECIFIC RESPONSIBILITIES INCLUDE :
Administrative/Management :
• Conform cyber risk program to comply with GDPR and NISD-based regulations for critical industries
• Conduct asset identification and classification of characterized risks for an Asset Inventory Database
• Design continuous risk assessment process that incorporates cyber and physical security
• Review system security designs, including complex industrial control environments
• Design active monitoring system to include device-level network/host monitoring, data integrity and threat analysis section.
• Design and stand-up Security Operations Centers
• Create supply chain management /procurement systems for EU based enterprises
• Report to management and Board on monthly (or more) basis
• Create and conduct client's Law Department Incident Response Plans and cyber-legal mitigation reviews
Operational/Technical :
• Architect and engineer secure network security zones, concentrating on DMZs, VLANs and Subnets
• Implement both network and host security capabilities to include patch and vulnerability management for both field and office environments
• Select and install security devices, including Intrusion Detection, Security Audit Logging, Security Incident and Event Monitoring
• Conduct annual table top drills and bi-annual live action drills of the Incident Response Plans and Disaster Recovery Plans in coordination with the Business Continuity Team
• Coordinate threat assessments with US CERT and ICS CERT and equivalent EU organizations (ENISA)
2017 : 2020
Arup
Senior Information Security Consultant
Developed global market strategies for expanding and growing MRO and Control Systems products and services for industrial and aero-derivative turbines.
2015 : 2016
HPI, LLC
SVP Global Market Development
About
Executive Operations Technology Security Professional: organisational program Lead featuring ICS /OT information and operations risk management. Strong building blocks include:
* GRC compliance-Framework Benchmarking for NIST CSF, EU NIS Directive and IEC 62443;
* Serve as an expert advisor to senior management in the development, implementation and maintenance of an organisation-wide ICS/OT information security infrastructure;
* Identify, propose, and review key ICS/OT information security program priorities, initiatives, plans, practices and tools;
* Plan, design, engineer and implement the ICS/OT technology environments to comply with security frameworks;
* Compile, draft and present regular reports on ICS/OT security to senior management, boards and committees;
* Work with Legal, Audit, and others to develop support for security initiatives that meets governance requirements;
* Oversee the management of Internal Controls and Audit response;
* Develop full set of policies and procedures to populate a Cyber Security Management System (CSMS) to address both OT and IT security programs;
* Align resources to the critical priorities and key business priorities and programs;
* Work within budgets provided for ICS/OT security including all finance and allocation approval processes;
* Utilise complex technical skills to address critical decision making and management advisories;
* Serve as fully engaged Lead for all the above: executed complete program responsibility from organisation leadership.
Profile Photo
