informa
5 min read
article

ICS-ISAC Announces Corporate Board

Execs from IBM, Verizon, SAIC, and PwC join board
Jul. 30, 2013 – Arlington, VA

The ICS-ISAC is pleased to announce the addition of industry luminaries Andy Bochman (IBM), Sean Paul McGurk (Verizon), Gib Sorebo (SAIC) and Jon Stanford (PwC) to its Corporate Board. Each of these individuals brings a wealth of knowledge, ability and experience to the governing board of the Center.

Andy Bochman: IBM

Andy Bochman is a frequent speaker, writer and advisor on topics at the intersection of grid modernization, renewables, energy efficiency and cyber security. Based on over ten years of experience in application and software security policy development, best practices and tools, applied in particular to DOD and Energy Sector threats and use cases he serves as subject matter expert and regular contributor to industry and national security working groups on energy security and cyber security issues. His specialties include building consensus for increasing cyber security awareness and rigor within Federal agencies as well as public and privately held electric utilities and the organizations that regulate them.

Mr Bochman writes regularly for The Smart Grid Security Blog. The smart grid is a growing digital information network and modernized power generation, transmission and consumption system. Drawing upon lessons from the development of security best practices (and mistakes) from the internet and telecom networks, this blog tracks the thinking on how to best secure the emerging smart grid. He also writes for The DOD Energy Blog. This blog tracks the energy challenges facing the US Department of Defense in the early 21st century. Drawing from the best thinking inside and outside the Pentagon, it examines problems and identifies possible short, medium and long term solutions in technology and policy.

Sean Paul McGurk: Verizon

Prior to joining Verizon Sean Paul McGurk severed in several roles in the federal government, military and private sector focusing on information assurance and cybersecurity. He has over 30 years of experience in advanced systems operation and information systems security. Mr McGurk served as a member of the Federal Government's Senior Executive Service (SES) while at the Department of Homeland Security as the Director of the National Cybersecurity and Communications Integration Center (NCCIC). While at DHS he also served as the Director of the Control Systems Security Program and established the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). For several years he worked as an arms control inspector for the Department of Defense where he conducted numerous inspections throughout the Soviet Union and subsequent Commonwealth of Independent States in accordance with the Intermediate Nuclear Forces (INF), the Strategic Arms Reduction Treaty (START) and the Conventional Armed Forces in Europe Treaties.

Mr McGurk is currently a Managing Principal for Verizon Investigative Response with extensive experience in Industrial Control System (ICS) Cybersecurity, Critical Infrastructure Protection (CIKR) and National Security Operations Center management. His primary focus is leading the Investigative Response (IR) capability for Industrial Control, automated and embedded systems security.

Gib Sorebo: SAIC

Gib Sorebo is a Chief Cybersecurity Technologist and Vice President at SAIC. He has been working in the information technology industry for more than seventeen years in both the public and private sector. He is recognized for his expertise in information security compliance where he has helped government and commercial customers comply with FISMA, GLBA, HIPAA, and other legal obligations. He leads cybersecurity activities for the energy industry where he established the SAIC Smart Grid Security Solutions Center for product security testing and solution development and contributes to a variety of other smart grid security research efforts. Additionally, he led projects involving NERC CIP, NEI 08-09, and security assessments of electric utilities. He is a frequent speaker at cybersecurity and energy conferences on a variety of issues including compliance, continuous monitoring, incident response, smart grid, e-discovery, and many others. He has authored numerous publications, including a book on smart grid security. His efforts have led to exponential growth in new energy industry business for his business unit.

Mr Sorebo also holds a law degree, specializing in information security and privacy issues and electronic discovery. He has been active with the American Bar Association's Information Security Committee for several years and has contributed to publications relating to PKI, information security liability, and electronic discovery.

Jon Stanford: PwC

Jon Stanford is a nationally recognized leader in applying the National Institute of Standards & Technology (NIST) Risk Management Framework and the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) cyber security standards in utility environments. He contributed to Industrial Control System enhancements in the NIST Special Publications standards and served over two years as an inaugural member of the NERC standard drafting team chartered to revise the CIP cyber security standards.

Mr Stanford is Director of and Critical Infrastructure Security Lead for PwC's Power & Utilities Practice where he works with C-suite and operations executives at US power and utilities companies to develop and manage innovative solutions focused on transforming security programs to achieve sustainable high performance. He leads assessments of critical infrastructure, Smart Grid, SCADA and process control systems and industrial control networks as well as serves as a trusted industry advisor in risk management and compliance strategies, advanced threat and cyber crime prevention, detection, mitigation and recovery.

About the ICS-ISAC

The Industrial Control System Information Sharing and Analysis Center (ICS-ISAC) is a member driven organization supported by valued industry partners. It exists to bring together key stakeholders for the purpose of sharing knowledge about risks, threats and best practices across our shared critical infrastructure. The Center was created to provide the ICS community with a common platform where collaboration can be performed in an environment best suited to the needs of all involved parties.

Interested organizations, researchers, vendors, and asset owners can become a part of the Industrial Control System Information Sharing and Analysis Center at http://ics-isac.org