FEMP Cyber Series: 1 Understanding Management's Cybersecurity Priorities  

Education Type: 
1 hour
0.2 CEU
Sponsored by: 

DOE Federal Energy Management Program - FEMP

The United States faces persistent and increasingly malicious cyber campaigns against both the public and private sectors that threaten American security, economic well-being, and privacy. Federal agency staff are facing increasing pressures to defend their facilities, control systems, and operational technologies against cyber intrusion. But how do staff know what areas of investment to prioritize? This Federal Energy Management Program (FEMP) training, part of a series on cybersecurity, will focus on how to identify key priorities from facility and site management that inform how to assess, mitigate, and track a facility's cybersecurity posture over time.

FEMP Cyber Series: 1 Understanding Management's Cybersecurity Priorities
FEMP Cyber Series: 2 Find Cybersecurity Gaps to Manage Cybersecurity Risk
FEMP Cyber Series: 3 Focusing on Connected OT Cybersecurity Risk
FEMP Cyber Series: 4 Understand and Mitigate Cybersecurity Gaps


Jason Koman, Energy Technology Program Specialist, U.S. Department of Energy Federal Energy Management Program (FEMP)  

Jason Koman is an Energy Technology Program Specialist at the Department of Energy's (DOE) Federal Energy Management Program (FEMP). He leads FEMP's work focused on Grid-Integrated Efficient Buildings (GEBs), water sustainability and resilience, and cybersecurity. Jason began his career in the non-profit space with the Clinton Foundation as a global program manager for energy efficient, low carbon buildings. Moving into the private sector as a consultant to the US Department of Energy during the Obama and Trump administrations, Jason rose to the role of managing director at RE Tech Advisors, leading a team of 30+ consultants to deliver sustainability programs for the US EPA and DOE. Jason decided to return to DOE in 2021 to focus on decarbonizing federal government infrastructure and helping agencies meet their sustainability goals under the Biden administration. He holds a Bachelor's in Public Policy from Trinity College, Hartford and a Master's in Public Policy from the University of California, Berkeley.

Christopher Bonebrake, Energy Cyber Program Coordinator, Pacific Northwest National Laboratory (PNNL)  

Christopher Bonebrake graduated from Washington State University with a bachelor's degree in Electrical Engineering in 2002 and a master's degree in Electrical Engineering in 2004. He has been working for PNNL since 2002 on various projects such as analog electronics and system design on chemical and radiation detection systems, industrial control systems, commercial Energy Management Systems (EMS), supervisory control and data acquisition (SCADA) equipment, power system simulation and analysis using lab-based tools, and cyber security events and training related to energy delivery systems. He is currently the Energy Cyber Program Coordinator and working on the cybersecurity of energy delivery systems.

Joseph Loftus, PNNL  

Joseph Loftus' experience in React and full stack development started in his two Science Undergraduate Laboratory Internships at PNNL and in his courses at Gonzaga University. He has grown his web development skills as a Software Engineer at PNNL since January 2019. His experience at PNNL encompasses continuous integration with Jenkins and Bamboo, backend development in Java and Node.js, and frontend development in React, SASS, jQuery and TypeScript.

Learning Objectives

Upon completion of this training, attendees will be able to:

  • Identify available FEMP resources for facility energy cybersecurity;
  • Recognize how the Management Priorities tool can help identify key OT cybersecurity priorities from facility and site management that will inform how they assess, mitigate, and track their facility's cybersecurity posture over time;
  • Identify how practices within each domain may have different levels of maturity, which may impact where investment in cybersecurity is most needed; and
  • Identify how priorities and goals defined by an organization's management team may differ from the organization's actual cybersecurity maturity and posture.
Federal Agencies and Facility Criteria: