Industrial Control System Information Sharing & Analysis Center (ICS-ISAC) Announces Corporate Board

By   ISBuzz Team
Writer , Information Security Buzz | Jul 31, 2013 02:33 am PST

The ICS-ISAC is pleased to announce the addition of industry luminaries Andy Bochman (IBM), Sean Paul McGurk (Verizon), Gib Sorebo (SAIC) and Jon Stanford (PwC) to its Corporate Board.

Each of these individuals brings a wealth of knowledge, ability and experience to the governing board of the Center.


Andy Bochman: IBM

Andy Bochman is a frequent speaker, writer and advisor on topics at the intersection of grid modernization, renewables, energy efficiency and cyber security.  Based on over ten years of experience in application and software security policy development, best practices and tools, applied in particular to DOD and Energy Sector threats and use cases he serves as subject matter expert and regular contributor to industry and national security working groups on energy security and cyber security issues. His specialties include building consensus for increasing cyber security awareness and rigor within Federal agencies as well as public and privately held electric utilities and the organizations that regulate them.

Mr Bochman writes regularly for The Smart Grid Security Blog.  The smart grid is a growing digital information network and modernized power generation, transmission and consumption system. Drawing upon lessons from the development of security best practices (and mistakes) from the internet and telecom networks, this blog tracks the thinking on how to best secure the emerging smart grid.  He also writes for The DOD Energy Blog. This blog tracks the energy challenges facing the US Department of Defense in the early 21st century. Drawing from the best thinking inside and outside the Pentagon, it examines problems and identifies possible short, medium and long term solutions in technology and policy.

Sean Paul McGurk: Verizon

Prior to joining Verizon Sean Paul McGurk severed in several roles in the federal government, military and private sector focusing on information assurance and cybersecurity. He has over 30 years of experience in advanced systems operation and information systems security.  Mr McGurk served as a member of the Federal Government’s Senior Executive Service (SES) while at the Department of Homeland Security as the Director of the National Cybersecurity and Communications Integration Center (NCCIC). While at DHS he also served as the Director of the Control Systems Security Program and established the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). For several years he worked as an arms control inspector for the Department of Defense where he conducted numerous inspections throughout the Soviet Union and subsequent Commonwealth of Independent States in accordance with the Intermediate Nuclear Forces (INF), the Strategic Arms Reduction Treaty (START) and the Conventional Armed Forces in Europe Treaties.

Mr McGurk is currently a Managing Principal for Verizon Investigative Response with extensive experience in Industrial Control System (ICS) Cybersecurity, Critical Infrastructure Protection (CIKR) and National Security Operations Center management. His primary focus is leading the Investigative Response (IR) capability for Industrial Control, automated and embedded systems security.

Gib Sorebo: SAIC

Gib Sorebo is a Chief Cybersecurity Technologist and Vice President at SAIC. He has been working in the information technology industry for more than seventeen years in both the public and private sector. He is recognized for his expertise in information security compliance where he has helped government and commercial customers comply with FISMA, GLBA, HIPAA, and other legal obligations. He leads cybersecurity activities for the energy industry where he established the SAIC Smart Grid Security Solutions Center for product security testing and solution development and contributes to a variety of other smart grid security research efforts. Additionally, he led projects involving NERC CIP, NEI 08-09, and security assessments of electric utilities. He is a frequent speaker at cybersecurity and energy conferences on a variety of issues including compliance, continuous monitoring, incident response, smart grid, e-discovery, and many others. He has authored numerous publications, including a book on smart grid security. His efforts have led to exponential growth in new energy industry business for his business unit.

Mr Sorebo also holds a law degree, specializing in information security and privacy issues and electronic discovery. He has been active with the American Bar Association’s Information Security Committee for several years and has contributed to publications relating to PKI, information security liability, and electronic discovery.

Jon Stanford: PwC

Jon Stanford is a nationally recognized leader in applying the National Institute of Standards & Technology (NIST) Risk Management Framework and the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) cyber security standards in utility environments. He contributed to Industrial Control System enhancements in the NIST Special Publications standards and served over two years as an inaugural member of the NERC standard drafting team chartered to revise the CIP cyber security standards.

Mr Stanford is Director of and Critical Infrastructure Security Lead for PwC’s Power & Utilities Practice where he works with C-suite and operations executives at US power and utilities companies to develop and manage innovative solutions focused on transforming security programs to achieve sustainable high performance.  He leads assessments of critical infrastructure, Smart Grid, SCADA and process control systems and industrial control networks as well as serves as a trusted industry advisor in risk management and compliance strategies, advanced threat and cyber crime prevention, detection, mitigation and recovery.

About the Author:

is18Chris Bask | @icsisac |

Chris Blask, Chair of the Industrial Control System Information Sharing and Analysis Center (ICS-ISAC), has a career that spans the breadth of the industrial control system cybersecurity space.

In 1990 he worked at General Electric Power Systems as a control systems engineer and sebseuently joined Sea Change Corporation (1991) where he invented one of the first commercial firewall products, the BorderWare Firewall Server.

He joined Cisco System in 1998 where he led the company’s firewall business to a position of global leadership, a legacy that continues to this day. Building on the success at Cisco, he and several Cisco colleagues founded Protego Networks (2002), an early Security Information and Event Management (SIEM) vendor that was later acquired by Cisco.

His career success continued with the founding of Lofty Perch (2005) an organization dedicated to investigating the application of situational awareness technologies to industrial control system (ICS) cybersecurity.

Subsequent years found him at NSS Labs developing regulatory compliance testing regimes (2008); creating AlienVault’s Industrial Control Systems Group (2011); and, based on his years of firsthand experience, authoring the first book on SIEM, “Security Information and Event Management Implementation”, (McGraw Hill, 2010).

Today Mr. Blask is Founder and CEO of consultancy ICS Cybersecurity, Inc.; Chair of the Industrial Control System Information Sharing and Analysis Center (ICS-ISAC); Chief Architect for NorthWind Technologies in Doha, Qatar; Advisor to Itex Solutions in Sana’a, Yemen and to Targetproof in Atlanta, Georgia (USA).  In addition, he is actively involved with a wide range of industry efforts both in the United States and abroad.