Deloitte Advisory is Expanding!

Deloitte Advisory’s Cyber Risk market offering for Power and Utilities is pleased to announce two important new additions to its team.

Joe Andrews is Manager of Cyber Risk Services with Deloitte Advisory, part of Deloitte & Touche LLP. He joins Deloitte Advisory after five years as Senior Compliance Auditor – Cyber Security with the Western Electricity Coordinating Council (WECC). While at WECC, he annually served as Audit Team Lead for over 120 on-site and off-site CIP audits. His other duties included providing cyber security SME support to the WECC Enforcement department, speaking at WECC and NERC technical and training conferences, establishing WECC’s audit approach for the CIP v3 to v5 transition, being an SME liaison with WECC Registered Entities on CIP issues, and analyzing and reverse engineering malware to stay current with new and emerging threats.

Before joining WECC, Joe spent 21 years working in cyber security for the US military, based in Europe, the US and Asia. His many responsibilities included implementing and training on the military’s Enterprise Security Framework (ESF), conducting audits and self-assessments of compliance with the ESF, and supervising and training the Incident Response Team. Joe has a BS in IT/Information Security from Colorado Tech University and an MS in Information Security and Assurance from Norwich University. He holds many certifications, including CISSP, Certified Information Systems Auditor (CISA), GIAC Reverse Engineering Malware (GREM), Certified Reverse Engineering Analyst (CREA), and Certified Ethical Hacker (CEH).

David Gulosh is also Manager of Cyber Risk Services with Deloitte Advisory, part of Deloitte & Touche LLP. After a successful career in law enforcement, he has held executive positions in Corporate Security at two large corporations, as well as in the consulting field. Most recently, he was Manager of Corporate Security at a major Independent Power Producer. He has overseen all aspects of corporate security, including Security Operations Centers, security policies and procedures, security assessments and remediation, penetration testing, incident response and business continuity planning, and procurement and implementation of physical and cyber security systems. He has extensive regulatory compliance experience with NERC CIP, CFATS (Chemical Facilities Anti-Terrorism Standards), Maritime Transport Security Act (MTSA), TSA and other regulations. David is a Certified CSO (CCSO) and a DHS Authorized CFATS user.

Deloitte Advisory’s cyber risk services help complex organizations more confidently leverage advanced technologies to achieve their strategic growth, innovation and performance objectives through proactive management of the associated cyber risks. With deep experience across a broad range of industries, Deloitte Advisory’s more than 3,000 cyber risk services practitioners provide advisory and implementation services, spanning executive and technical functions, to help transform legacy IT security programs into proactive, secure, vigilant and resilient cyber risk programs. The Power and Utilities Market Offering performs many types of cyber security services for electric utilities and Independent Power Producers. In particular, we have many consultants with experience providing NERC CIP-related services. For more information, please email me at talrich@deloitte.com.

The views and opinions expressed here are my own and don’t necessarily represent the views or opinions of Deloitte Advisory.