PROFESSIONAL SUMMARY - Results-focused Senior Telecommunications Engineer, provides proven management experience, thirteen years having been in the energy sector, and over 6 years of experience working with the NERC CIP Cyber Security Standards, brings to the table for your organization, specialization in Program Management, GRC, NERC, NIST Regulatory Compliance, Cyber and Physical Security, Information Protection, Implementation, Optimization, and System Hardening of industrial systems which are typically unique to Electric Utilities and Oil & Gas industries. Experience managing, collaborating with, or leveraging diverse distributed project teams, through complex system design and deployment efforts for industrial communications, control, and electrical power systems projects; I am a diverse professional, experienced with special projects that require the incorporation of engineering theories, NERC standards, concepts, and techniques as well as engineering, industrial, government codes, and regulations. Experience with enterprise-level information-security plans, policies, standards, guidelines, methods, best practices, tools and techniques based on current industry standards; in particular pertinent federal, state and local laws, codes, and regulations that affect confidential information cyber and physical security for special projects, and the Bulk Electric Systems Critical Infrastructure. My diverse skill-set and successes include self-employment, research associated with governmental projects, project management of capital projects consisting of real-world, enterprise-class Industrial Control System “ICS”, Distributed Control Systems “DCS”, Supervisory Control and Data Acquisition “SCADA” systems; including supportive network infrastructures, typical of mission-critical systems for a globally known fortune 500 company.

AREAS OF EXCELLENCE

NERC Compliance

oBES NERC V3 to V5 Transitional activities

oNERC CIP-V3 & V5 Regulatory Standards Compliance

oBES Working Groups, BES Cyber-Asset Identification

oDevelopment or enhancement of BES programs, processes, and policies procedures, required by NERC Regulatory Standards

oBES NERC CIP V5 Compliance Program Management

oManagement of Compliance cross-functional teams

oMonitoring change in NERC Regulatory Standards

oAdvising Stakeholders of Projected Regulatory Change

Cyber Security

oCritical Vulnerability Assessments

oSecure Configurations

oHardened Production Infrastructures

oBES Cyber-System Identification Methodology

oBES Cyber-Security Program Assessment/Development

oDevelopment of BES Cyber-Security Methodologies

BES Cyber-Security Protections, BES Cyber & Physical Security Mgt Best Practices, Cyber-Security Architectural Models

oBES Cyber Asset Baseline Assessment & Development Activities

oSystem Protection, Threat and Vulnerability Management (TVM)

oCyber Asset Security Event Logging and Monitoring

oProduction Infrastructure Security Event Monitoring

oRemediation Planning, Implementation, and Tracking

oMitigation and Remediation Strategies

Information Security & Process Assessment

Disaster Recovery & Patch Management

oVendor & Patch Management Supportive Services

oDisaster Recover Programs & Exercises

oPatch Management of Cyber Assets

oPatch Management Program / Processes / Assessments

Risk Assessments

oTechnological Architecture Assessments

oTechnological Root-Cause-of-Failure

oRisk Analysis, Risk Mitigation/Remediation, Risk Management

Big Data Analytics & Impact Analysis

oTechnical Analytical Problem Solving and Research

oSituational Awareness, Planning, Implementation, and Tracking, Infrastructure Analysis

oKPI, Physical, Analytical

oAssessing compliance with NERC (CIP) Reliability

oDeveloping / Assessing Workflow Processes

oLink Analytics

QA/QC Processes, Internal Audits and Controls

oInternal Audits and Controls Process

oGap Analysis Processes

oAnnual / Quarterly Review of Compliance Evidence

oAnalyzing Corporate Policies, Programs, Procedures, Processes

oMitigation of potentially Identified Compliance Gaps

oProcess Improvements, Cost Effective Solutions

oEnterprise Technological Infrastructure Assessments

Audit Readiness

oNERC CIP Compliance Organizational Readiness Exercises

oAnnual Regulatory Audit Preparation Activities

oMock Audits, and Evidence Reviews

oInternal and Regulatory Compliance Processes

oIdentifying, Collecting, and Analyzing Evidence for Audits

oInternal Spot Checks, External Data Requests

NERC Program / Project Management

oManagement of Allocated Resources & Critical Process

oCoordination of Assignments, meeting/exceeding project deadlines

oMaintaining and Commissioning Industrial Systems

oProgram Management, Project Management

oPeople Management, Strategic Relationships, Creative Problem Resolution

oAssessment of periodic reports from regional entities

oProviding Timely Opinions upward to senior management

T&D Production Change Management

oDevelopment of T&D Change Management Program

oBES Cyber Asset Tracking and Management Process

oTechnical Analysis, Assessment of Potential Vulnerabilities

oIndustrial Production Infrastructure Assessment and Support

oApplying knowledge of Vulnerabilities to Current Issue

oInternal Compliance Support for Transmission and Distribution, Information Technologies

oAssessing, Testing and Commissioning Evidence

oBuilding high-performing, results-oriented quality into projects

oDeveloping Stakeholder Buy-In

oCreation / Assessment of Electronic Security Perimeter - ESP diagrams depicting inter-connectivity between Cyber-Assets

oCreation/Review of accepted Technical Feasibility Exceptions

Physical Security

oAccess Management Processes

oIndustrial Infrastructure Physical Security Assessments

Cyber, Physical & Compliance Related Training Activities

What’s been brought to the table is real-world experience, strategizing with Organizational Units “OU’s” and Subject Matter Experts “SME’s” regarding the development of best practice processes designed to validate an energy entity's industrial cyber-security posture, NERC compliance status, and NERC CIP compliance program initiatives. Functioning as the T&D NERC CIP V5 Compliance Program Manager for the (T&D) Reliability Standards Compliance group “RSC” dedicated teams, and I worked to understand and reduce potential operational challenges to compliance with NERC CIP (Version 3) requirements, while assessing the potential risks and impacts of NERC CIP V5.

Functioning as RSC’s program manager for the Reliability Standards Compliance Unit, I have provided cyber-security and NERC CIP reliability standards compliance to internal personnel, and teams, "SME’s" with insight of regulatory standards, delivering proactive insights on continual developments in NERC environments, incorporating engineering theories, industry standards, codes, and regulations into day-to-day activities. Managing or implementing, recurring regulatory compliance program elements, interacting with cross-functional teams, performing quarterly and annual quality assurance reviews; overseeing formal project planning, and tracking potentially identified shortcomings. Assessing processes for cyber-security compliance, compliance programs, policies, procedures, controls, and “Change Management” for NERC CIP V3, V5/6 activities, that further insures alignment of internal NERC CIP V5/6 program components with NERC Standards.

Oversaw, or participated in the review and or development of project plans, program specific milestones, or value added processes, working with Organizational Unit “OU” SME's to anticipate and develop strategies that achieve project deliverables, evaluating performance of ongoing projects with NERC CIP Standards, to ensure alignment with internal NERC V5/6 programs, corporate goals, and directives.

NERC Regulatory Compliance Professional incorporates a technological perspective when analyzing capital projects, performing risk assessments, of potential physical and cyber-security vulnerabilities.

Self-motivated, diverse professional possesses a strong sense of self-worth, an ethical responsibility, and a strong compulsion to trust, but verifies and do things right the first time.

Energy industry experience, providing knowledge of FERC, NERC, WECC, NIST37v3/53r4/82r2/94/800-14/CSC, ISMS, ISO27001/2/31000, ISA/IEC 62443, OSHA, NEC, IEEE, ANSI, NEMA, and Serbians-Oxley concepts

Significant role in development of NERC CIP V5 Regulatory Compliance programs, processes, procedures, and controls for NERC CIP 002-5 through 014-2 Standards. Experience with development of mitigation plans, standardizing workflow processes for NERC applicable activities; promoting transparency, quality, increasing efficiency across organizational units.

Working as part of core cross-functional teams, we have collaboratively worked towards the maturity of NERC CIP 002-5.1 through 014-2 NERC CIP Standards, creating strategies, policies, programs, procedures, processes, and controls, that improve performance, that achieve NERC and business requirements. Working in conjunction with “OU” SME's, efforts have been focused on development and implementation of NERC CIP V5 reliability programs, processes, procedures, measures, and controls, translating these newly created programs into compliance obligations/actions that provided guidance, and instruction to business units, improving consistency and quality. Together we have developed strategies, and deliverables, evaluating the performance of programs, or project plans against internal controls aligning them with regulatory standards, and company goals.

As a technology and NERC CIP subject matter expert "SME", I have developed enhancements to workflow processes for regulatory programs, policies, and procedures, identifying potential risks, and areas of improvement within business units, making proposals that reduce and mitigate risks. Working in conjunction with legal and regulatory affairs teams, we have translated NERC Compliance regulatory requirements into actionable plans for use by business and organizational units. A partial list of my professional abilities include project analysis and design, dealing with industrial Cyber-Security, NERC compliance activities, process controls related to DCS systems, industrial communications systems, SCADA and data-acquisition systems, commissioning and troubleshooting efforts.

Experience evaluating system schematics, including relay diagrams and three-line diagrams to identify protection system components

Assessing applicability of identified electric system components against the BES definition effective as of 2014

Evaluating transmission and generation facility documentation to identify the most limiting equipment rating for all applicable facilities

Developing, coordinating, and implementing BES compliance program components to comply with the applicable mandatory and enforceable NERC Reliability Standards

Experience managing development and maintenance of client compliance-related policies, processes, procedures tools and data, including the use of information management compliance tools (document management; compliance dashboards; Regional Entity document delivery system).

Experience developing, implementing, and reviewing current policies and practices issued by FERC, NERC, Regional Entity, and other regulatory agencies.

Experience coordinating with client staff and other members to achieve goals and recommend direction on compliance activities while promoting a culture of compliance and security.

Experience communicating regularly with client subject matter experts (SMEs), responsible for compliance activities; providing the necessary encouragement and support needed for SME’s to carry out regulatory responsibilities.

Experience traveling to various client facilities as needed to review processes, records, conduct audits, consult with staff, etc.

Experience maintaining job/project knowledge to ensure expertise on NERC/Regional Entity Reliability and compliance Standards and Requirements

Passionate, motivated problem solver possesses the ability to analyze and articulate technical and non-technical topics to diverse groups, sponsoring initiatives, and taking accountability for managing cross-functional compliance efforts seriously, continually working to gain respect from associates, driving and arrive at complex decisions.

Provides operational insight into the development of strategies, and procedures to improve controls, surrounding NERC compliance consistency across organizational units, stressing accountability, to achieve and maintain NERC compliance consistency for projects having NERC impact on transmission facilities. Coordinating, or facilitating assessments for essential components of NERC CIP V5/6 compliance programs, working to enhance internal processes, promoting transparency, and consistency.

Goal-oriented professional, monitors change to state and federal regulatory requirements, policies, compliance standards, codes, and regulations, communicating potential gaps and proposals across organizational units; managing designated portions of internal audits, or mitigation plans, participating in regulatory audits as required.

Demonstrated ability and experience with tools and methods to manage program components, monitoring and reporting program status, regularly contributing to project strategies, developing success metrics, and working to removing obstacles that impede success.

Responsibilities have included assessing criteria to determine whether facilities and cyber-assets are critical to grid reliability, identifying or processing Technical Feasibility Exceptions “TFEs” for cyber-assets, evaluating security requirements, managing vendor-supported vulnerability assessments, providing feedback to disaster recovery, and incident response plans.

Innovative, performance-driven professional incorporates engineering theories, industry standards, concepts and techniques, government codes, and regulations into mission-critical special projects. Provides a lesson's learned perspective about the implementation of cyber-security initiatives that are applicable to NERC CIP impacted facilities, enhancing the understanding of technological infrastructure considerations, internal controls, cyber and physical security for industrial infrastructures.

Demonstrated transparent decision-making ability, effective team building, and project planning skills, consistently staying current with technological innovations; diligently I’ve worked with OUs to build, and strengthen effective client relationships with internal and external customers and business partners, bridging gaps between organization units, providing extensive knowledge of compliance regulations and controls, dealing with programmable cyber-asset management and change control. Continually, stressing compliance objectives, I have worked to ensure an appropriate compliant, risk-aware culture, consistently striving to maintain a safety focused productive climate, motivating, mobilizing, and coaching co-workers to meet high-performance goals and objectives that include system stability and cost effective solutions.

Managing risk appropriately, developing, or executing plans, managing information, and ensuring exceptional service to customers, by ensuring that all applicable documentation is in alignment with regulatory standards.

Accurately analyzing information integrating people, processes, systems, and technologies; developing plans to meet critical project timelines required to make decisions regarding projects, or programs having impact to the organization, coordinating activities, and ensuring timely delivery.

Collaborating with system owners, operators, management, and other personnel, we have interacted across areas of the corporation, enhancing business services, promoting customer satisfaction and productivity, consistently demonstrating value by promoting a safety culture to ensure a safe work environment for everyone. Utilized strong ethics, interpersonal skills, and moral leadership values, to influence, negotiate, and communicating effectively to cross-functional teams and upper management.

Experience utilizing root-cause-analysis to track potential NERC compliance risks pertaining to highly visible critical infrastructure projects, and analyzing system specifications for complex system designs, and integration projects that support infrastructure reliability. Assessing information and infrastructure security frameworks for gaps; monitoring for potential instances of non-compliance, reporting on methods to increasing transparency and accountability, escalating upwards for potentially identified events when appropriate.

Cybersecurity is more vital now than ever before. The number of cyber-attacks is increasing rapidly, they are evolving quicker, and becoming more resilient, making it difficult to defend against, and prevent. Security aspects of the energy industry, technologies and regulations are ever changing, business activities, related to Physical and Cyber Security of the Bulk Electric System, needs modification from time to time. Likewise, critical infrastructures will require changes simultaneously, or they will fall behind from a technological perspective.

Managed, collaborated with, or leveraged diverse, distributed project teams, through complex system design and deployment efforts for industrial communications, control, and electrical power systems. What is brought to the table is a diverse background including an enhanced understanding of industrial cyber and physical security landscapes, including extensive technical, and compliance knowledge. Over the years, working with infrastructure specialists, we have conducted numerous security, and regulatory compliance assessments for utility organizational units, including NERC CIP internal and external reviews, gap analysis, NERC CIP Program and value added compliance documentation development, on-site NERC audit support, physical and cyber-security mitigation and remediation plan evaluations. Utilizing root-cause-analysis, proactive project teams and I have identified and resolved potential issues as part of commissioning of electronic controls, for industrial instrumentation, SCADA, automation, communication, telecommunication, Wireless Ethernet, Microwave, Broadband network & RF optimization planning projects, for industrial systems supporting electrical distribution and distributive control systems.

Industrial Network Planning

System Design / Deployment

Broadband

System Optimization

RF Wireless Networks

Ethernet / Wireless Ethernet

Modbus

Microwave

Data Acquisition Systems

Root-Cause-Analysis

DNP / DNP3 / Goose

RS232, RS485

In any industry, it is extremely important to have impeccable interpersonal, and communication skills, along with the ability to listen, understand, and question uncertainty. One must possess an ability to solve problems that require attention to detail, working on issues where the evaluation and analysis of intangibles is required, in order to see “the bigger picture”, and contribute to the corporate goal. Over time, I have developed the ability to differentiate between what a customer wants and needs. Self-motivated, organized, individual has evolved into a professional who has the capacity to embrace diverse technical disciplines, both collaboratively, and independently, initially focusing on the customer needs, delivering on customer wants.

Professional Employment History - Gregory LaBauve

RSC - T&D NERC CIP V5 - Compliance Program Manager 2013 to 2016

Southern California Edison – Transmission and Distribution, Reliability Standards Compliance group "RSC", Los Angeles, CA

CIP / Electrical / Automation / Sr. Communications Engineer (TEP) 2011 to 2013

Tucson Electric Power "TEP" – PCAM Group, Tucson, AZ

Electrical Engineer (Vintage) 2009 to 2011

Electrical Instrumentation Unlimited of California - Bakersfield, CA

Senior Industrial Automation & Communications Specialist (Oxy) 2007 to 2009

LDL Services Inc. of California - Bakersfield, CA

Industrial Instrumentation & Automation / Communications Specialist (Oxy) 2004 to 2007

EIU - Electrical Instrumentation Unlimited of California - Bakersfield, CA

Electrical / Communication Specialist (Technicolor) 2003 to 2004

Electrical Instrumentation Unlimited of California - Memphis, TN

Other Employment History

Network Support Team Member (College) 2001 to 2003; 1996 to 1999

Information Technical Networks - Lafayette, LA

Computer Support and Manufacturing Research Team Liaison (College) 1999 to 2001

Apparel Computer Integrated Manufacturing - Lafayette, LA

Leadership Business Transformation Complex Large Systems Integration Program Management Service Delivery Strategic Plans Innovation Solutions Roadmaps Continuous Improvement Infrastructure Hardening ERP Digital Systems Business Process Reengineering IT Outsourcing Big Data Change Management Interoperability Alignment GRC Cybersecurity Regulatory Compliance NERC NIST Vendor Management

REGULATORY AND PROFESSIONAL ASSOCIATIONS

FERC - Regular analysis of FERC correspondence, NOPRs, participating in FERC Webinars

NERC - Monitor NERC Standards drafting team meetings, and NERC CIP standards Version updates, providing highlights and feedback

WECC - Regular attendee for Webinars and Regulatory Training and Peer Sharing Events, providing highlights and feedback

WICF - Western Interconnection Compliance Forum Member, participating in WICF Training Events, providing highlights and feedback

IEEE - Published in the IEEE Journal - “Design and Development of Autonomous Intelligent Smart Sensors"

NDIA - National Defense Industrial Association Corporate Member

InFraGard (In Process)

Blockchain Association - GBA is committed to helping individuals and organizations understand, implement, and benefit from Blockchain technologies.

Energy industry experience, providing knowledge of FERC, NERC, WECC, NIST37v3/53r4/82r2/94/800-14/CSC, ISMS, ISO27001/2/31000, ISA/IEC 62443, OSHA, NEC, IEEE, ANSI, NEMA, and Serbians-Oxley concepts

HIGHER EDUCATION AND PROFESSIONAL DEVELOPMENT

The University of Louisiana at Lafayette, BSEE - Electrical Engineering / Telecommunications

The University of Louisiana at Lafayette, ASEE - Electrical Engineering / Industrial Technologies

Bakersfield College, Advanced Training PLC - Ladder Logic

PROFESSIONAL EXPERIENCE & ACCOMPLISHMENTS

Major Utility – Transmission and Distribution, Los Angeles, CA 2013 to 2016

Reliability Standards Compliance group “RSC”

Promoted - RSC-T&D NERC CIP V5 - Compliance Program Manager

Managed to achieve NERC CIP 002-5 through 014-2 Standards, and business requirements, collaboratively creating NERC CIP V5 strategies, policies, programs, procedures, processes, and controls, reducing operational challenges to compliance with NERC CIP V3 requirements, while assessing and mitigating potential risks and impacts of NERC CIP V5 to the corporation. As NERC CIP-002-5.1 through 014-2 Standards have reached their current state of maturity, core compliance cross-functional teams and I have worked to achieve NERC, and business requirements, collaboratively creating NERC CIP V5 strategies, policies, programs, procedures, processes, and controls, that improve performance and reliability. Dedicated teams have worked to understand and reduce operational challenges to compliance with NERC CIP V3 requirements, assessing and mitigating potential risks and impacts of NERC CIP V5 to the corporation.

NERC CIP V3 to V5 transitional responsibilities assessing planned strategic initiatives for NERC CIP V5 developmental projects, team consisted of matrixed organizational units, contributing significantly to the overarching NERC CIP V5 compliance strategy.

NERC CIP professional coordinates compliance projects for production and EMS environments, working closely with utility IT, IS Security, T&D, System Operations and EMS teams to implement project plans.

Performance-driven leader leverages industry and ever-evolving technological expertise, to identify opportunities for process improvement; providing in-depth knowledge of regulatory standards, transparently delivering proactive insights on developments in NERC environments, and embracing opportunities for professional enhancement. OU SMEs, have worked with compliance groups, legal, regulatory affairs teams, and vendors, to translate NERC V5/6 regulatory requirements into actionable plans for use by business operations, and technical design teams who are factoring in infrastructure considerations based on external regulatory requirements, and internal regulatory documentation; enhancing over-arching cyber-system(s) security posture for critical infrastructures.

Whether coordinating or participating in activities with personnel from multiple “OUs”, proactively I have advocated for enhanced compliance and technical requirements to upper management for NERC CIP impacted projects, that increase efficiency of production and operational compliance processes.

Critical thinker monitors change to state and federal government regulations, policies, compliance standards, codes, and regulatory process, for changes in regulatory policy, assisting internal customers, developing remediation activities for potentially identified deltas.

Forward thinking professional stays abreast of emerging security trends and threats to the energy industry, striving to ensure an appropriate compliance and risk aware culture. Continually, strengthening business relationships with industry, to gain strategic insights, identifying risk, working towards development or enhancement of value added documentation, required by upper management to formulate corporate goals.

Experience formulating, and advocating for strategic enhancements and technical solutions, focused on enhancing information security, operational performance, and compliance requirements; emphasizing the need for flexibility while adapting to change. Diligently assesses operational performance, cyber, and physical security posture, advising mid-level leadership teams and upper management on the latest developments in regulatory processes for industrial cyber-security landscape, and potential impacts to the organization.

Advocating for best practices, intending to enhance the reliability and sustainability of the Grid, insuring alignment with goals and regulatory requirements, conducting cross-training activities, delivering presentations and webinars, sharing lessons learned, mentoring others based on lessons learned. Continually, driving and delivering on strategic initiatives, fostering a safety-focused culture of continuous improvement within cross-functional teams engaged in planning activities, for projects consisting of multiple organizational units, identifying opportunities for self-improvement, and continual professional growth.

co-author of the Reliability Standards Compliance groups “RSCs”, Vision, and Mission Statements that align with corporate goals.

What I bring to the table is experience with securing Critical infrastructures

RSC T&D NERC CIP V5 Compliance Program Manager, for the Reliability Standards Compliance group “RSC”, works in conjunction with cross-functional teams, collaboratively developing strategies, policies, and procedures to improve internal performance in an effort to achieve regulatory and business requirements. Provided a lesson's learned perspective pertaining to the implementation of cyber-security initiatives for NERC CIP impacted facilities, and working to enhance the understanding of technological infrastructure considerations, internal controls, cyber, and physical security controls for industrial infrastructures.

NERC CIP Subject Matter Expert "SME" provides guidance, proposals, recommendations, and detailed technical knowledge of numerous programmable cyber-systems and cyber-asset device classes, networking and security components, application platforms, and operating systems that typically reside within production facilities. NERC CIP V5 Compliance professional, incorporates a technological perspective when analyzing capital projects, performing risk assessments, for physical and Cybersecurity vulnerabilities. Effectively collaborates with peers and program personnel, and all levels of management, developing recommendations and solutions that secure stakeholder agreements.

Leveraged infrastructure security frameworks expertise, to assess confidential information, for security or non-compliance gaps; identifying potential opportunities for process improvement. Facilitating internal risk-based reviews including technology and NERC compliance based critical infrastructure projects; performing data-intensive analytics of evidence, developing enhanced system evaluation process that promoting strategic problem-solving efforts, serving as a strategic resource, providing awareness to potential internal & external security issues and trends.

Advanced knowledge of communication protocols, networking principles, technologies, topologies, and penetration testing techniques, utilizing manual or automated methods, scripts, commercial and open source tools, providing analysis of potentially identified vulnerabilities associated cyber assets or mission critical systems security. Provided proposals to identify, mitigate, and manage potential infrastructure technical risks, from information-centric cyber-assets and ever-changing technology, proposing mitigations for potentially identified security risks, developing related security controls.

Practical experience utilizing analytics, risk analysis, and risk management methodologies, recommending, implementation of industrial cyber-security best practices for current and emerging technologies such as sensors/integrated platforms, DCS, SCADA

Contact this candidate