Who We Are…
Ampyx Cyber is a specialized, services-only, international consulting firm with operations in North America and Europe. We focus on industrial control systems (ICS) and operational technology (OT) security. Protecting industrial control systems and operational technologies is our craft.
We set out to build a different kind of firm with a unique concentration on the industrial ecosystem, comprised of people who have dedicated their careers to it. Our consultants are carefully selected for their productivity, professionalism and integrity as well as their deep industry knowledge and cybersecurity experience.
We are technology-agnostic. We don’t make, sell, or promote any specific hardware or software. This allows us to meet you where you are and work with what you have. It ensures our recommendations are free from influence. We can work with all available options to provide you with the best fit for your unique situation.
We operate fluently across the global regulatory landscape. Whether you are navigating NERC CIP in North America, NIS2 (all transpositions) and the CRA in Europe, or international frameworks like IEC 62443, we understand how these requirements intersect and where they diverge. We don't just track the rules; we help you normalize them into a single, defensible security program that satisfies auditors across borders without duplicating effort.
We understand the industrial world. We have been operations staff, security practitioners, and management at industrial asset owners. We’ve worked within equipment manufacturers. We have drafted and influenced regulations and international standards. We have even been the federal regulator performing the audits and issuing the violations. We’ve seen your world from all sides. But most importantly, we tell it to you plain and simple, straight and honest - without wasting your time.
Client confidentiality is very important to us. Accordingly, we do not list our clients on our website. We’re happy to provide a list of references upon request.
Our Credentials
Professional Certifications
CIPC: Critical Infrastructure Protection Credential — Ampyx Cyber
CDEC: OTSEC Cyber Defense Expert Certification — Cyber Defense Center
GCIP: GIAC Critical Infrastructure Protection — SANS Institute
GSEC: GIAC Security Essentials Certification — SANS Institute
CISSP: Certified Information Systems Security Professional — International Information Systems Security Certification Consortium (ISC2)
ISSAP: Information Systems Security Architecture Professional, CISSP Concentration — International Information Systems Security Certification Consortium (ISC2)
SSCP: Systems Security Certified Practitioner — International Information Systems Security Certification Consortium (ISC2)
CISM: Certified Information Systems Manager — Information Systems Audit and Control Association (ISACA)
CISA: Certified Information Systems Auditor — Information Systems Audit and Control Association (ISACA)
CRISC: Certified in Risk and Information Systems Control - Information Systems Audit and Control Association (ISACA)
CASP+ ce: CompTIA Advanced Security Practitioner Certification — CompTIA
DHS-CVI: Department of Homeland Security Certified Chemical-terrorism Vulnerability Information Authorized User — DHS
CEH: Certified Ethical Hacker — EC Council
NSA IAM: National Security Agency Information Assessment Methodology — INFOSEC Assessment Training and Rating Program (IATRP)
SCP: Snort Certified Professional — SourceFire
TCP: Tripwire Certified Professional — Tripwire
Professional Experience Highlights
First and former Manager of NERC CIP Compliance Audits and Investigations at WECC
First NERC CIP auditor in North America
Led and/or participated in (>100) NERC CIP Audits in all NERC Regions
Drafting of sections of NERC UAS 1200/1300 and NERC CIP versions 1/2/3
Drafting of multiple NERC CIP Interpretations
Contributing member to NERC CIP Supply Chain Working Group (SCWG) guidance publications
Contributing member to NERC Security Integration and Technology Enablement Subcommittee (SITES) guidance publications
Contributor to NERC/ERO Auditor Manual and Guidance
Speaker/contributor to multiple FERC Technical Committees
Regular public commentary on FERC NOPRs and Orders
SANS ICS456 GCIP instructor
SANS ICS Summit Advisory Board
EnergySec NERC CIP Bootcamp instructor and content developer
EnergySec Founder, Director and President Emeritus
Centro de Ciberseguridad Industrial (CCI) US Coordinator
Industrial Security Conference Cophenhagen (ISC CPH) Advisory Board
RSA Conference Program Committee
Cyber Senate Steering Member for Industrial Control Cyber Security
DOE National Electric Sector Cybersecurity Organization (NESCO) Principal Investigator
NARUC/NASEO Cybersecurity Advisory Team for State Solar (CATSS) Advisory Group
NARUC/DOE Cybersecurity Advisory Group
National Telecommunications and Information Administration (NTIA) and Idaho National Lab (INL) Software Bill of Materials (SBOM) Energy POC Stakeholders
DOE Solar Energy Technology Office (SETO) and National Renewable Energy Lab (NREL) Industry Advisory Board (IAB) for the Securing Solar for the Grid (S2G)
Named contributor to DHS CISA Cyber Performance Goals (CPGs)
Advisory Board for Industrial Security Conference, Copenhagen (ISC CPH)
Winter Olympics Electric Utility Operations Cybersecurity Lead
Advisory (direct or Advisory Board Member) to multiple industrial security product vendors
Former utility staff (multiple utilities, telecommunications, water & energy)
Careers
A Different Kind of Firm for a Different Kind of Expert.
We value our people because we are our people. There is no corporate fluff or vendor-driven sales quotas here, just mission-critical work and the professional autonomy to do it right. We are a diverse, international team that prioritizes integrity, straight talk, and the quiet work of securing the global industrial footprint. If you’re ready to solve real-world challenges, let’s talk.
