Resilient. Secure. Compliant. NERC CIP and ICS/OT Security. We keep you ahead of your adversaries - and your auditors.
 

About Us

technology-5881448_1920.jpg

Who We Are…

Resilience over hype. Physics over fear. Actions over checklists.

We are a specialized firm who have seen the industrial world from every seat. Our ethos is to provide the straight and honest technical leadership required to secure the systems that power our societies, without wasting time or compromising our integrity. We prioritize the safety and reliability of the operation above all else, translating complex global regulations and deep technical security practices into pragmatic, field-hardened strategies that work.

Ampyx Cyber is a specialized, services-only, international consulting firm with operations in North America and Europe. We focus on industrial control systems (ICS) and operational technology (OT) security. Protecting critical infrastructure is our craft.

We set out to build a different kind of firm with a unique concentration on the industrial ecosystem, comprised of people who have dedicated their careers to it. Our consultants are carefully selected for their productivity, professionalism, and integrity as well as their deep industry technical knowledge and cybersecurity experience.

We understand the industrial world because we come from it. We have been operations staff, security practitioners, and management at industrial asset owners. We’ve worked within equipment and technology manufacturers. We have drafted and influenced regulations and international standards. We have even been the federal regulator performing the audits and issuing the violations. We’ve seen your world from all sides. But most importantly, we tell it to you plain and simple, straight and honest - without wasting your time.

We are 100% independent and technology-agnostic. We don’t sell or promote any hardware or software. We have firmly decided to receive no compensation whatsoever tied to recommending any vendor or product to our clients. No channel partnerships, no kickbacks, no profit sharing, no referral bonus - zero means zero. This allows us to meet you where you are and work with what you have. It ensures our recommendations are truly free from influence. We can work with all available options to provide you with the best fit for your unique situation.

We operate fluently across the global regulatory landscape. Whether you are navigating NERC CIP in North America, NIS2 (all transpositions), CER, and/or the CRA in Europe, or international frameworks like IEC 62443 or ISO 27001, we understand how these requirements intersect and where they diverge. We don't just track the rules; we help you normalize them into a single, defensible security program that satisfies auditors across borders without duplicating effort.

Our EU-operation, Ampyx Cyber GmbH, is an independently owned and operated European company, registered and headquartered in Germany. While it operates under the same brand and shares the same integrity and professional standards as its North American counterpart, it is a legally distinct entity with no US investor interest and no US control over its operations or data (the sole Managing Director is a German national). For European clients with concerns about data sovereignty and the reach of foreign jurisdictions over their technology partners and service providers, Ampyx Cyber GmbH offers full EU-sovereign engagement.

 

 Our Credentials

colors-2004497_1920.jpg

Professional Certifications

  • CIPC: Critical Infrastructure Protection Credential - Ampyx Cyber

  • CDEC: OTSEC Cyber Defense Expert Certification - Cyber Defense Center

  • GCIP: GIAC Critical Infrastructure Protection - SANS Institute

  • GSEC: GIAC Security Essentials Certification - SANS Institute

  • CISSP: Certified Information Systems Security Professional - International Information Systems Security Certification Consortium (ISC2)

  • ISSAP: Information Systems Security Architecture Professional, CISSP Concentration - International Information Systems Security Certification Consortium (ISC2)

  • SSCP: Systems Security Certified Practitioner - International Information Systems Security Certification Consortium (ISC2)

  • CISM: Certified Information Systems Manager - Information Systems Audit and Control Association (ISACA)

  • CISA: Certified Information Systems Auditor - Information Systems Audit and Control Association (ISACA)

  • CRISC: Certified in Risk and Information Systems Control - Information Systems Audit and Control Association (ISACA)

  • CASP+ ce: CompTIA Advanced Security Practitioner Certification - CompTIA

  • DHS-CVI: Department of Homeland Security Certified Chemical-terrorism Vulnerability Information Authorized User - DHS

  • CEH: Certified Ethical Hacker - EC Council

  • NSA IAM: National Security Agency Information Assessment Methodology - INFOSEC Assessment Training and Rating Program (IATRP)

 

Why the Industry Trusts Us

  • First NERC CIP auditor in North America

  • First Manager of NERC CIP Compliance Audits and Investigations at WECC

  • Original CIP Architect: drafting of sections of NERC UAS 1200/1300 and NERC CIP versions 1/2/3

  • Drafting of multiple NERC CIP Interpretations

  • Led and/or participated in >100 NERC CIP Audits in all NERC Regions

  • Contributing member to NERC CIP Supply Chain Working Group (SCWG) guidance publications

  • Contributing member to NERC Security Integration and Technology Enablement Subcommittee (SITES) guidance publications

  • Contributor to NERC/ERO Auditor Manual and Guidance

  • Speaker/contributor to multiple FERC Technical Committees

  • Regular public commentary on FERC NOPRs and Orders

  • SANS ICS456 GCIP instructor

  • Expert Witness Testimony: U.S.-China Economic and Security Review Congressional Commission (USCC) on Global Energy Infrastructure Security

  • EnergySec NERC CIP Bootcamp instructor and content developer

  • EnergySec Founder, Director and President Emeritus

  • Centro de Ciberseguridad Industrial (CCI) US Coordinator

  • Cyber Senate Steering Member for Industrial Control Cyber Security

  • DOE National Electric Sector Cybersecurity Organization (NESCO) Principal Investigator

  • NARUC/NASEO Cybersecurity Advisory Team for State Solar (CATSS) Advisory Group

  • NARUC/DOE Cybersecurity Advisory Group: Cybersecurity Baselines for Electric Distribution and DER Aggregators

  • National Telecommunications and Information Administration (NTIA) and Idaho National Lab (INL) Software Bill of Materials (SBOM) Energy POC Stakeholders

  • DOE Solar Energy Technology Office (SETO) and National Renewable Energy Lab (NREL) Industry Advisory Board (IAB) for the Securing Solar for the Grid (S2G)

  • Named contributor to DHS CISA Cyber Performance Goals (CPGs)

  • Advisory Board & Program Committee for Key Industry Conferences: RSAC, LevelZero, ISC CPH, CyberTek, SANS ICS Summit

 
background_gray_square.png

Corporate Information

 

Legal and Corporate Information

Ampyx Cyber operates as a global firm with legal entities established in the United States and Germany to support clients across multiple regions and regulatory environments. For those seeking additional detail, our Legal & Corporate Information page outlines the entities behind the Ampyx Cyber brand and explains how services are delivered across jurisdictions.

 

Impressum

As part of our operations in Germany and the European Union, Ampyx Cyber GmbH provides legally required corporate disclosures under German law. The Impressum contains official registration, management, and contact information for our German entity and supports transparency for clients, partners, and regulators in the region.

 

Privacy Policy

Trust is central to our work. Protecting sensitive information and handling data responsibly is foundational to how Ampyx Cyber operates. Our Privacy Policy describes how personal data is collected, used, and safeguarded across our global activities, including how data protection obligations are addressed for users in different regions.

 

Our Clients

Client confidentiality is very important to us. Accordingly, we do not list our clients on our website. Upon request, we're happy to connect you with references relevant to your sector and/or regulatory environment.