Energy Sector Critical Infrastructure Safety, Cybersecurity, and Compliance

South Texas ISSA

What: Instructor-Led Training (2 CPE Hours)

When: Friday, March 6, 2026

Hours: 11:30 am -1:30 pm CDT

Instructor:

Dr. Tom Duffey, Knight Critical Infrastructure Cybersecurity and Compliance Principal and Instructor (and former South Texas ISSA Education Director)

Location:

Microsoft

750 Town and Country Blvd

Suite #1000

Houston, TX 77024

ISSA Members: $20, includes 2 CPEs

ISSA Non-Member: $30, includes 2 CPEs

Prerequisite:

• Knowledge of basic OT/IT security and concepts

• Fundamental knowledge of networking principles

Description: Energy Sector Critical Infrastructure Safety, Cybersecurity, and Compliance
Operational technology (OT) systems provide support for national critical infrastructure spanning multiple industries. The U.S. Cybersecurity and Infrastructure Agency (CISA) supports 16 critical infrastructure sectors, including Energy. We live in a growing world of connectivity and a constantly evolving threat landscape. The days of “air-gapped” OT systems running proprietary protocols have gone by the wayside, and increasingly devices that originally were isolated from the outside world have built-in network capabilities. While increasing convenience and flexibility, such dynamic changes have resulted in the ability for global access via the Internet, along with a growing number of cyberattacks like those impacting the Ukraine in 2015/2016.

The juxtaposition of traditional information technology (IT) with OT environments, has resulted in realized physical consequences from cyberattacks. A knowledge gap exists because classic engineering focuses primarily on physics instead of digital risk. At the same time, IT curricula do not usually address plant environments or industrial control systems (ICS) like supervisory control and data acquisition (SCADA) and distributed control systems (DCSs) or common OT components like programmable logic controllers (PLCs) or a growing number of Industrial Internet of Things (IIoT) devices. Network switches and other equipment require ruggedized versions for use in OT environments. CMMC, a Department of War program to protect sensitive government information, including Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) for both IT and OT environments entered the first stage of enforcement, now requires energy defense contractors to undergo rigorous assessments to secure contracts.

Traditional IT security frameworks and regulations are insufficient for managing such challenges, and bridging the IT-OT gap requires a paradigm shift, incorporating proactive cyber-informed engineering (CIE) principles, along with OT-focused safety and cybersecurity risk mitigation measures. This session will discuss how organizations can leverage such principles and use countermeasures from the International Society of Automation/International Electrotechnical Commission (ISA/IEC) 61511 and 62443 and the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-82 security frameworks, along with North American Electric Reliability Corporation (NERC) critical infrastructure protection (CIP) standards and the Transportation Security Authority (TSA) pipeline security directives to protect their energy OT environments. Additionally, the session will touch on Defense Acquisition Regulation Supplement (DFARS) and NIST SP 800-171 requirements for energy sector entities with government contracts.

Instructor Bio:

Dr. Tom is an engineer, consultant, thought leader, project manager, instructor, and OT/IT cybersecurity and regulatory compliance professional with over 30 years of experience in the defense, energy, and healthcare sectors. His diverse experience also includes supporting multiple U.S. military branches. Dr. Tom spent over a decade as a defense contractor and was an ISSO and DIACAP/DoD RMF Program Manager for a three-star global military command before shifting his focus to industry. He holds multiple DoD 8570/8140 credentials and is a certified CMMC professional, lead assessor, and instructor.

Dr. Tom specializes in NIST, ISA/IEC, and ISO security frameworks, along with CMMC, NERC CIP, TSA SD02, HIPAA, and the DoD RMF regulatory mandates. He currently teaches ISA, TEEX, and CMMC classes. Throughout his career, Dr. Tom firmly believes in “growing” himself, others, and the organization while giving back to the security community. Therefore, he has participated in various NERC efforts and served in other supporting board and leadership roles for ISA Houston, South Texas ISSA, and the InfraGard Energy CSC. Teaching and learning remain two of Dr. Tom’s biggest passions.

Along with his doctoral dissertation on NERC CIP regulatory compliance, Dr. Tom has contributed to numerous security thought leadership efforts, including a World Economic Forum whitepaper on electric industry cyber resilience, and domain content for the EC-Council C|CISO certification Body of Knowledge.

Questions: Contact the ISSA South Texas Education Director ([email protected])

Please Note: ***Regular registration closes Friday, March 3, 2026 at 5:00 pm Central***

Note: South Texas ISSA requires an adequate head count to order any meals/snacks and pre-register names with the venue. Anyone registering after this time will be subject to an additional $5.00 fee and may not receive a meal.

Additional Note: Members, please verify your email address on file with ISSA. This is where all course correspondence will be sent to members for CPE.

Event Venue & Nearby Stays

Microsoft Corporate Office, 750 Town and Country Boulevard, Houston, United States

Concerts, fests, parties, meetups - all the happenings, one place.

Get App