Ampyx Cyber Blog
The Intersection of Regulation & Resilience
NERC CIP Audit Readiness: A Strategic Compliance Guide 2026
Stop treating NERC CIP audits as fire drills. Learn the proactive timelines, documentation discipline, and live audit approach that separate prepared utilities from panicked ones. Here’s a strategic guide to compliance sanity from a former CIP auditor.
Foundations for OT Cybersecurity: From Inventory to Impact
CISA’s new OT asset-inventory guidance puts structure behind “know your system.” This post translates it into action: a practical, prioritized field set and taxonomy you can implement now. We added a lightweight BIA overlay that links asset criticality to mission impact. We also show where to emphasize configuration baselines, change control, and logging to improve monitoring and decision quality.
The Pillars of an Effective Incident Response Plan
A strong Incident Response Plan (IRP) is more than just a document—it’s a foundation built on key elements like asset inventory, network diagrams, logging, communication strategies, backups, and clear roles. In this blog, Dan Ricci, Senior Cybersecurity Consultant at Ampyx Cyber, breaks down the critical components every IRP needs to be resilient and effective in the face of cyber incidents.
Is SBOM the answer?
Government and industry experts have recently pointed to software bill of materials (SBOM) as a requirement for organizations, but what are you getting? David Foose spends some time exploring aspects of SBOM fever.
The importance of network segmentation for critical infrastructure
Network Segmentation - creating specialized, highly-protected network segments for critical systems - can provide necessary isolation and defense against ransomware and other attacks on critical infrastructure.
Industry brief: National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems
Recent activity from the Biden Administration represents a pivotal moment in the establishment of baseline cybersecurity standards for critical infrastructure.
The new National Security Memorandum on industrial security: What does it mean for me?
What do you need to know now that the White House has issued its National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems? Watch this interview with Ampere Industrial Security's Patrick Miller.