Risk-Based Security Controls in Electrical Utilities
New security technologies and services are often presented to security professionals within electrical utilities as a response to a perceived threat or risk, but end users can be unsure what solutions are appropriate or most effective for our specific needs. Enterprise physical security leaders are expected to make the right decisions in selecting and implementing security mitigations and controls that provide the best return on investment (ROI) and provide the appropriate level of security at their electrical utility sites. But how can we ensure that we are making the correct choices and providing the level of security at our facilities that will address all risks? The presenters will review these concerns and discuss how they provide Southern California Edison stakeholders awareness of identified risks and recommendations in order to gain support for its use and implementation of risk-based controls.
- Discuss how to identify and prioritize risks for mitigation and to develop an approach to vetting technology for future risk-based applications.
- Recognize the importance of accurately conveying risks to C-Suite Stakeholders.
- Identify key characteristics of appropriate risk-based controls for an enterprise, such as an electrical utility.
- Discuss the importance of implementing a defense in-depth, layered approach to secure people, property and assets.
Physical Security Senior Advisor
Southern California Edison
Following his 28 years of service in law enforcement David retired and transitioned into the security industry. First as a private investigator, he then started a private security company and continued into consulting. He specialized in workplace violence prevention, providing investigations, training and physical security risks assessments. In 2015 David took a position in the electric utility industry with Southern California Edison (SCE) where he currently works as a Senior Advisor in Physical Security. David holds a Bachelor of Science in Criminal Justice Management from Union Institute & University. He has earned and maintains the Certified Protection Professional (CPP), Professional Certified Investigator (PCI) and Physical Security Professional (PSP) certifications through American Society of Industrial Security International (ASIS) where he is a member and serves on its Utility Security Counsel. He also holds memberships in the Association of Threat Assessment Professionals (ATAP) and International CPTED Association (ICA). David uses his education, experience and training to assist SCE’s Corporate Security meet physical security compliance and strategic goals in reducing risk and securing its people and assets.