Cybersecurity Basics for Energy Managers  

Education Type: 
1.5 Hours


0.2 CEU
Sponsored by: 

DOE Federal Energy Management Program - FEMP

This Energy Exchange recorded session* provides a high–level overview of controls systems cybersecurity. It explains how operating technologies can pose unique challenges for cybersecurity and how legacy systems, IoT integration, and operational technology (OT) architecture priorities require a different approach relative to traditional IT cybersecurity.


Daryl Haegley, Director, Mission Assurance & Cyber Deterrence, U.S. Department of Defense  

Daryl Haegley's distinguished career includes military, federal, civilian and commercial consulting experience. Assigned to the Office of the Principal Cyber Advisor to the Secretary of Defense as director, Mission Assurance and Deterrence in Cyberspace, he advises on cyberspace activities, cyber mission forces, and offensive and defensive cyber operations and missions. His role encompassed overseeing strategic cybersecurity efforts to protect the control systems and operational technology enabling the U.S. Department of Defense's critical infrastructure. Led multi-federal-department coordination and writing of the report to the president addressing cyber-physical systems federal and non-federal skill and training gaps directed by the America's Cybersecurity Workforce Executive Order. For the past nine years, Daryl has brought awareness to the ever-increasing cyber threat to unprotected connected devices and has led the government to make change. He maintains four certifications, three Masters’ degrees, two college tuitions. and one patent.

Doug Clifton, Executive Director, Ernst & Young LLP's Cyber Threat Management Group  

Doug Clifton is an executive director in Ernst & Young LLP's Cyber Threat Management group, which is based out of Dallas and focused on cybersecurity in the industrial/operational technology. Doug has more than 28 years of experience in technology delivery and leadership roles, focusing during the last 14 years on building and managing cybersecurity service businesses for industrial control and SCADA systems. Doug developed a cybersecurity services business in the industrial automation space over the last 12 years and has led and executed more than 550 cyber defense projects. Doug has met with White House staff regarding industrial control system security and has worked with clients to build and strengthen their cybersecurity safeguards.

Marianne Meins, Vice President, Parsons Federal Global Business Unit  

Parsons delivers, protects, and sustains critical federal assets across the national security, defense, intelligence, and infrastructure markets worldwide. Marianne has more than 25 years of experience leading national security mission initiatives supporting intelligence, defense, and homeland security solutions development. Since joining Parsons in 2015, she has served as the cyber intelligence and operations sector manager and business development manager for the National Security Division. Previously, she held several executive positions in industry, leading and growing profit-and–loss organizations for large and small businesses, all focused on national security missions.

Matt Lemma, Software Executive, U.S. Department of Defense, Healthcare, and Financial Services industries  

Matt Lemma is a software executive with 19 years supporting the U.S. Department of Defense, Healthcare, and Financial Services industries. He has managed $70–million organizations including software development, managed services, and cloud implementation resulting in multiple certifications including ISO 9001, ISO 20001, CMMI ML3 and CMMI ML5. As a former CIO of a software–as–a–service (SaaS) company, Matt holds CISSP, ITIL, PMP, and CPHIMS certifications, which provide a baseline of industry leading knowledge.

Learning Objectives

Upon completion of this course, attendees will understand:

  • The fundamental difference between the priorities of OT and information technology (IT) from a cyber perspective;
  • The process for achieving authority to operate for legacy controls systems;
  • The basic differences between DIACAP and NIST as they relate to controls systems compliance in DoD facilities;
  • Whether wireless systems pose a fundamental threat or if they can be safely implemented in some applications; and
  • Whether controls networks can reside on existing IT networks or if isolation is a fundamental control that cannot be overcome.

*The session featured in this on-demand course was recorded on August 21, 2018, at the 2018 Energy
Exchange held in Cleveland, Ohio (Track 10, Session 1).

Federal Agencies and Facility Criteria: