Deloitte
Advisory’s Cyber Risk market offering for Power and Utilities is pleased to
announce two important new additions to its team.
Joe Andrews is Manager of Cyber Risk
Services with Deloitte Advisory, part of Deloitte & Touche LLP. He joins
Deloitte Advisory after five years as Senior Compliance Auditor – Cyber
Security with the Western Electricity Coordinating Council (WECC). While at
WECC, he annually served as Audit Team Lead for over 120 on-site and off-site
CIP audits. His other duties included providing cyber security SME support to
the WECC Enforcement department, speaking at WECC and NERC technical and
training conferences, establishing WECC’s audit approach for the CIP v3 to v5
transition, being an SME liaison with WECC Registered Entities on CIP issues, and
analyzing and reverse engineering malware to stay current with new and emerging
threats.
Before
joining WECC, Joe spent 21 years working in cyber security for the US military,
based in Europe, the US and Asia. His many responsibilities included implementing
and training on the military’s Enterprise Security Framework (ESF), conducting
audits and self-assessments of compliance with the ESF, and supervising and
training the Incident Response Team. Joe has a BS in IT/Information Security
from Colorado Tech University and an MS in Information Security and Assurance
from Norwich University. He holds many certifications, including CISSP, Certified Information Systems Auditor (CISA), GIAC Reverse Engineering Malware (GREM), Certified Reverse Engineering Analyst (CREA), and Certified Ethical Hacker (CEH).
David Gulosh is also Manager of Cyber
Risk Services with Deloitte Advisory, part of Deloitte & Touche LLP. After
a successful career in law enforcement, he has held executive positions in Corporate
Security at two large corporations, as well as in the consulting field. Most
recently, he was Manager of Corporate Security at a major Independent Power
Producer. He has overseen all aspects of corporate security, including Security
Operations Centers, security policies and procedures, security assessments and
remediation, penetration testing, incident response and business continuity
planning, and procurement and implementation of physical and cyber security
systems. He has extensive regulatory compliance experience with NERC CIP, CFATS
(Chemical Facilities Anti-Terrorism Standards), Maritime Transport Security Act
(MTSA), TSA and other regulations. David is a Certified CSO (CCSO) and a DHS
Authorized CFATS user.
Deloitte
Advisory’s cyber risk services help complex organizations more confidently
leverage advanced technologies to achieve their strategic growth, innovation
and performance objectives through proactive management of the associated cyber
risks. With deep experience across a broad range of industries, Deloitte
Advisory’s more than 3,000 cyber risk services practitioners provide advisory
and implementation services, spanning executive and technical functions, to
help transform legacy IT security programs into proactive, secure, vigilant and
resilient cyber risk programs. The Power and Utilities Market Offering performs
many types of cyber security services for electric utilities and Independent
Power Producers. In particular, we have many consultants with experience
providing NERC CIP-related services. For more information, please email me at talrich@deloitte.com.
The views and opinions expressed here are my own and don’t
necessarily represent the views or opinions of Deloitte Advisory.
I have read your blog it is very helpful for me. I want to say thanks to you. I have bookmark your site for future updates.
ReplyDeleteSecurity Systems