Patrick Miller

Patrick Miller is a Managing Partner at Archer International where he provides consulting and advisory services specific to critical infrastructure security and regulatory guidance in areas such as strategic executive advisory, regulatory and legislative landscape, NERC Critical Infrastructure Protection (CIP) audit preparation, gap analysis, self-certification, compliance support, program implementation, training and technical remediation. 

More About Patrick

Profile

Patrick is a globally recognized speaker, panelist and thought leader on the subjects of critical infrastructure protection, industrial control system security, regulatory compliance, information security, audit and privacy. Patrick is currently a Managing Partner at Archer International, as well as the founder, director and president emeritus of EnergySec and US. Coordinator for the Industrial Cybersecurity Center.  "I’ve helped many organizations through their compliance path, whether as the subject matter expert doing the actual implementation, the Regulator auditing and issuing possible violations, or the consultant and advisor helping guide the utility to the right place"

Patrick's diverse background spans the Energy, Water, Telecommunications, Manufacturing and Financial Services verticals including key positions with regulatory agencies, private consulting firms, utility asset owners and commercial organizations.  At SANS he teaches the ICS456:Essentials for NERC Critical Infrastructure Protection course.

"I love teaching this subject because, for many, it’s like witchcraft or voodoo. Some dark art that requires a hidden language to understand and interpret. When students begin to understand how to read and apply the standards, they learn how to find that elusive holy grail of the intersection between security and compliance. This gives them powerful and hard-to-find skills for their organization and their career path"

As a teacher, he wants students to learn new ways to guide their organization to a place where they are both compliant and secure. "This isn’t easy, he says, it requires an understanding of their utility, cyber and physical security, and all of the applicable regulations. Understanding how to identify this intersection is key to getting the highest benefit for all of the time and money spent on both compliance and security"

Other subject matter areas of expertise include the Department of Energy (DOE) Electric Sector Cybersecurity Capability Maturity Model (ES-C2M2) and the Risk Management Process (RMP), the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), and various Executive Orders on Cybersecurity. Key roles were executive project lead, project management, security program development, executive and board security briefing, gap analysis, NERC Reliability Standards (CIP/O&P) mock audits, risk and internal controls assessments, direct NERC/FERC audit support, Reliability Standard Audit Worksheet (RSAW) review and creation, compliance management and tracking, violation management including preparation, evaluation, Self Reporting, remediation, Mitigation Plans, and settlement negotiations.

He is a proven executive, entrepreneur, team builder and leader with the perfect blend of refined soft skills and technical depth to span the gap between complex specialized details and delivering real business value. He is a globally recognized speaker, panelist and thought leader on the subjects of critical infrastructure protection, industrial control system security, regulatory compliance, information security, audit and privacy.

Patrick's interests and hobbies are mostly outdoor activities to get a mental and psychological break from technology. "I enjoy kayaking (whitewater, ocean, flatwater) and fishing most, but camping, hiking or anything that gets me outside and moving is preferred. Along the same lines, I positively love to travel. Seeing new places, people, food, cultures is worth more than anything"

PUBLIC SPEAKING AND SPECIAL EVENTS  

Globally recognized international public speaker, subject matter expert, interviewee and panelist on a variety of security related subjects. Please visit http://www.patrickcmiller.com for a comprehensive list.  

CREDENTIAL AND CERTIFICATIONS 

  • GCIP: GIAC Critical Infrastructure Protection – SANS Institute (SANS), 2019  
  • CRISC: Certified in Risk and Information Systems Control - Information Systems Audit and Control Association (ISACA), 2010 DHS-CVI: Department of Homeland Security Certified Chemical-terrorism Vulnerability Information Authorized User – DHS, 2010 CEH: Certified Ethical Hacker — EC Council, 2007 SCP: Snort Certified Professional — SourceFire, 2006  
  • CISA: Certified Information Systems Auditor — Information Systems Audit and Control Association (ISACA), 2006, 2009, 2012
  • ISSAP: Information Systems Security Architecture Professional, CISSP Concentration — International Information Systems Security
  • Certification Consortium (ISC2), 2005, 2008, 2011  
  • NSA IAM: National Security Agency Information Assessment Methodology — INFOSEC Assessment Training and Rating Program (IATRP), 2003  
  • CISSP: Certified Information Systems Security Professional — International Information Systems Security Certification Consortium (ISC2), 2002, 2005, 2008, 2011 SSCP: Systems Security Certified Practitioner — International Information Systems Security Certification Consortium (ISC2), 2001, 2004, 2007, 2010  
  • TCP: Tripwire Certified Professional — Tripwire, 2001  

    MEMBERSHIPS

  • ESEC: EnergySec – Founder, Board of Directors, President Emeritus CCI: Centro de Ciberseguridad Industrial – US Coordinator  
  • ISSA: International Systems Security Association — Portland, OR Chapter, Founding Member ISACA: Information Systems Audit and Control Association — Portland, OR Chapter, General Member  
  • InfraGard: Public/private partnership to protect Critical Infrastructure — Federal Bureau of Investigation (FBI); Portland, OR Chapter
  • General Member CIPC: Critical Infrastructure Protection Committee — North American Electric Reliability Corporation (NERC),
  • Associate Member RAWG: Risk Assessment Working Group — North American Electric Reliability Corporation (NERC),
  • Corresponding Member CSSWG: Control Systems Security Working Group — North American Electric Reliability Corporation
  • (NERC), Corresponding Member ICSJWG: Industrial Control Systems Joint Working Group – Department of Homeland Security 
  • (DHS), Vendor Subgroup, Information Sharing Subgroup, Corresponding Member  
  • I3P: Institute for Infrastructure Protection — Research Approval Board and General Member CEA: Council of Energy Advisors— Gerson Lehrman Group; Council Member