Corporate Risk Solutions

CISSP, CISA, C|EH, CSSA, IAM, CNA, Has Successfully Completed the Fundamentals of Auditing for NERC Compliance Training Course
Senior Security Consultant

Professional Experience

Phil Sobol joined Corporate Risk Solutions in March 2002 as a Senior Security Consultant specializing in cyber security, penetration testing and technology-based computer forensics investigations. Mr. Sobol is also a recognized expert in critical infrastructure security in the area of NERC CIP Compliance.

Mr. Sobol’s responsibilities include: NERC CIP Compliance; Security Risk Assessments and Analysis; Development of Security Risk Mitigation Strategies; Development and Implementation of Cyber Security Standards; Penetration Testing and Assessments; Computer Forensic Investigations; Cyber Security Governance Programs; Sarbanes-Oxley IT Security Compliance; Computer and Security Systems Audits; Technical Business Continuity Planning; Corporate Information Security Programs; Security Awareness Training Programs; IT Systems Risk Assessments and Policy and Practices Research and Development.

Credentials

• 29 years of experience in providing NERC CIP compliance, cyber security, penetration testing and technology-based computer forensics investigations for designated U.S. Critical Infrastructures including electric utilities, gas utilities and telecommunications
• Has completed NERC CIP consulting projects for numerous electric utilities
• Has completed numerous Cyber Security Vulnerability Assessments and Penetration Testing for various electric utilities and organizations
• Serves as an Independent Consultant on NERC CIP Spot Audits for various Regional Entities
• Has completed numerous NERC CIP-002 reviews on behalf of a Regional Entity
• Participates as a Technical Cyber Expert for a Regional Organization’s Critical Infrastructure Protection Working Group
• Serves as a Member of the ES-ISAC Process Working Group
• Drafting Team Member for the NERC CIP 002-1 Thru CIP-009-1 Standards
• Drafting Team Member for the NERC Violations Risk Factors
• Drafting Team Member for the NERC UA-1200 Standards
• Drafting Team Member of the ES-ISAC Working Group

Certifications / Education / Training

• Has Successfully Completed the Fundamentals of Auditing for NERC Compliance Training Course
• Certified Information Systems Security Professional (CISSP)
• Certified Information Systems Auditor (CISA)
• Certified SCADA Security Architect (CSSA)
• Certified Ethical Hacker (C|EH)
• NSA Certified InfoSec Assessment Methodology (NSA-IAM) Professional
• Certified Novell Administrator (CNA)
• Certified ProWatch Security System Programmer & Administrator
• Certified Lenel Security Systems Programmer & Administrator
• Has Attended Various NERC Cyber Security Standards Workshops
• Has Attended Various Regional Entity NERC CIP Standards Workshops
• On-Going Participation in the current NERC CIP Standards Revisions Team
• On-Going Participation in several NERC Security Guidelines Drafting Teams, such as Physical Security, Risk Analysis, and ES-ISAC Reporting
• Trained in Project Management, AutoCAD and Computer Forensics

Professional Associations

• Information Systems Security Association (ISSA)
• International Information Security Certification Consortium (ISC2)
• Information Systems Audit and Control Association (ISACA)
• FBI InfraGard program
• High Tech Crimes Investigation Association of Kansas City (HTCIA)
• Kansas Critical Infrastructure Protection Working Group

Selected Speaking Engagements

• Critical Aspects of Cyber Security (Midwest Council Security Forum, Kansas City, Missouri, 2008)
• NERC CIP Compliance (FERC and NERC Compliance Forum, Atlanta, Georgia, 2009)
• Information Protection Management (Southwest Power Pool NERC CIP “How-To” Workshop, 2009)
• Auditor’s Perspective on NERC CIP Compliance (RMEL, 2010)