Risk Management Framework Basics and Preparation  

Tami Reynolds is acting Group Manager for the Cyber Risk Optimization Group at NREL. She provides technical leadership in building out and marketing the Distributed Energy Resources Cybersecurity Framework (DER-CF) tool to industry and federal partners. She works closely with partners to develop a deep understanding of applying the Department of Energy (DOE) Cybersecurity Capability Maturity Model (C2M2) and National Institute of Standards Technology (NIST) Cybersecurity Framework to their renewable and distributed energy systems, for the evaluation of cyber and physical security. Reynolds provides leadership in developing the Distributed Energy Resource Risk Manager (DER-RM), an NREL tool that will address the NIST Risk Management Framework with a focus on distributed energy resources. Reynolds also provides support to the U.S. Agency for International Development in developing cybersecurity programs in developing countries. Reynolds's insight and innovative ideas on new efforts are helping to merge cybersecurity and resilience research.

Md Touhiduzzaman is a Cyber Security Engineer in the Electric Security group at the Pacific Northwest National Laboratory with the research focuses on grid cyber system modeling, grid communication network, cybersecurity assessment (CSF, RMF) as well as analysis of cybersecurity consequences and threats on grid. Before joining PNNL, Touhiduzzaman was at National Renewable Energy Laboratory (NREL) as an energy cyber security researcher. In NREL, Touhiduzzaman co-led the research and development of the DER cyber security framework (DER-CF) and DER risk management framework (DER-RM) tools. He also co-led the effort of developing Cyber Value-at-risk framework for hydropower fleet and understanding the security benefit of 5G for DER operation. Touhiduzzaman was at PNNL as a post-doctoral researcher involved in developing risk assessment frameworks for externally exposed energy delivery systems, and conducting research on risk management framework for improving cyber resiliency.

Jim is the technical lead for the Cyber Operations group at RMC and is a recognized expert in Industrial Control Systems and Operational Technology cybersecurity. Under his leadership, the group has grown significantly to support all aspects of cyber risk management and mitigation, risk/vulnerability assessments (red and blue teams), R&D of vulnerabilities and mitigations, Computer Network Defense (CND), security operations center management, and Incident Response. Jim has over 25 years of experience in risk management, system validation, cybersecurity assessments, penetration testing, and secure software development. Prior to RMC, Jim served in cybersecurity and IA roles at Booz Allen Hamilton, SAIC, SRA International and Sprint. Jim has achieved and maintains CISSP, PMP, GISCP, GRID, CSSLP, CEH, and Security + certifications. He holds a Master of Science in Information Assurance and a Bachelor of Science in Computer Science.