Resilient. Secure. Compliant. NERC CIP and ICS/OT Security. We keep you ahead of your adversaries - and your auditors.
 

About Us

About Us Banner.png

Who We Are…

Ampyx Cyber is a specialized, services-only, international consulting firm with operations in North America and Europe. We focus on industrial control systems (ICS) and operational technology (OT) security. We help you keep the lights on, water pumping, gas flowing, transportation moving — and all other industrial technologies safe and secure. Protecting industrial control systems and operational technologies is our craft.

We set out to build a different kind of firm with a unique concentration on the industrial ecosystem, comprised of people who have dedicated their careers to it. Our consultants are carefully selected for their productivity, professionalism and integrity as well as their deep industry knowledge and regulatory/standards experience.

We are technology-agnostic. We don’t make, sell, or promote any specific hardware or software. This allows us to meet you where you are and work with what you have. It ensures our recommendations are free from influence. We can work with all available options to provide you with the best fit for your unique situation.

We understand the industrial world. We have been operations staff, security practitioners, and management at industrial asset owners. We’ve worked within equipment manufacturers. We have drafted and influenced regulations and international standards. We have even been the federal regulator performing the audits and issuing the violations. We’ve seen your world from all sides. But most importantly, we tell it to you plain and simple, straight and honest - without wasting your time.

Client confidentiality is very important to us. As such, we do not list our customers on our website. Please contact us for a list of references.

 

 Our Credentials

colors-2004497_1920.jpg

Professional Certifications

  • CIPC: Critical Infrastructure Protection Credential — Ampyx Cyber

  • GCIP: GIAC Critical Infrastructure Protection — SANS Institute

  • GSEC: GIAC Security Essentials Certification — SANS Institute

  • CISSP: Certified Information Systems Security Professional — International Information Systems Security Certification Consortium (ISC2)

  • ISSAP: Information Systems Security Architecture Professional, CISSP Concentration — International Information Systems Security Certification Consortium (ISC2)

  • SSCP: Systems Security Certified Practitioner — International Information Systems Security Certification Consortium (ISC2)

  • CISM: Certified Information Systems Manager — Information Systems Audit and Control Association (ISACA)

  • CISA: Certified Information Systems Auditor — Information Systems Audit and Control Association (ISACA)

  • CRISC: Certified in Risk and Information Systems Control - Information Systems Audit and Control Association (ISACA)

  • CASP+ ce: CompTIA Advanced Security Practitioner Certification — CompTIA

  • DHS-CVI: Department of Homeland Security Certified Chemical-terrorism Vulnerability Information Authorized User — DHS

  • CEH: Certified Ethical Hacker — EC Council

  • NSA IAM: National Security Agency Information Assessment Methodology — INFOSEC Assessment Training and Rating Program (IATRP)

  • SCP: Snort Certified Professional — SourceFire

  • TCP: Tripwire Certified Professional — Tripwire

Professional Experience Highlights

  • First and former Manager of NERC CIP Compliance Audits and Investigations at WECC

  • First NERC CIP auditor in North America

  • Led and/or participated in (>100) NERC CIP Audits in all NERC Regions

  • Drafting of sections of NERC UAS 1200/1300 and NERC CIP versions 1/2/3

  • Drafting of multiple NERC CIP Interpretations

  • Contributing member to NERC CIP Supply Chain Working Group (SCWG) guidance publications

  • Contributing member to NERC Security Integration and Technology Enablement Subcommittee (SITES) guidance publications

  • Contributor to NERC/ERO Auditor Manual and Guidance

  • Speaker/contributor to multiple FERC Technical Committees

  • Regular public commentary on FERC NOPRs and Orders

  • SANS ICS456 GCIP instructor

  • SANS ICS Summit Advisory Board

  • EnergySec NERC CIP Bootcamp instructor and content developer

  • EnergySec Founder, Director and President Emeritus

  • Centro de Ciberseguridad Industrial (CCI) US Coordinator

  • Industrial Security Conference Cophenhagen (ISC CPH) Advisory Board

  • RSA Conference Program Committee

  • Cyber Senate Steering Member for Industrial Control Cyber Security

  • DOE National Electric Sector Cybersecurity Organization (NESCO) Principal Investigator

  • NARUC/NASEO Cybersecurity Advisory Team for State Solar (CATSS) Advisory Group

  • NARUC/DOE Cybersecurity Advisory Group

  • National Telecommunications and Information Administration (NTIA) and Idaho National Lab (INL) Software Bill of Materials (SBOM) Energy POC Stakeholders

  • DOE Solar Energy Technology Office (SETO) and National Renewable Energy Lab (NREL) Industry Advisory Board (IAB) for the Securing Solar for the Grid (S2G)

  • Named contributor to DHS CISA Cyber Performance Goals (CPGs)

  • Advisory Board for Industrial Security Conference, Copenhagen (ISC CPH)

  • Winter Olympics Electric Utility Operations Cybersecurity Lead

  • Advisory (direct or Advisory Board Member) to multiple industrial security product vendors

  • Former utility staff (multiple utilities, telecommunications, water & energy)

 
background_gray_square.png

Biz Dev Channel

We offer great percentages with simple terms.

network-3357642_1920.jpg
 
 

Industrial Security Gear

Get covered.

 
 

Short Sleeve

Womens Fit

hoodies

 

S4x24 Octopus PLC

S4x24 Octopus PLC Womens

Assume she is technical