I am a cyber security professional with more than 15 years of experience working across multiple industry sectors. Over the course of my career I have helped to design cyber security frameworks, audit and assess cyber security programs, perform cyber security research, provide cyber security training, and manage large projects on behalf of a variety of clients, including fortune 50 companies and the U.S. and Mexican Governments. My primary specialty areas include: (1) performing a variety of cyber maturity and risk assessments on cloud, traditional IT, and OT systems, (2) developing road maps to mature the performance of cyber security programs, and (3) performing threat modeling and risk quantification to prioritize and optimize investments in cyber programs. I have extensive experience in presenting complex technical information to a variety of senior organizational leaders as well as students and non-technical personnel. While at FERC I was the technical lead for the NERC CIP standards and was instrumental in developing the Final Rules associated with CIP Version 5, CIP Version 6, and the FERC Supply Chain Risk Management order.