Christian Kon

Christian Kon uses Agile methods for practical approaches to cybersecurity and process improvement with his background in Electrical and Computer Engineering, Energy Management System (EMS) operations, Industrial Control System (ICS) security, and NERC Critical Infrastructure Protection (CIP) compliance and auditing. From security strategy to individual transformation coaching and training, Christian is dedicated to providing innovative solutions forged in collaborative team environments.  He champions that compliance is a natural result of sound security and efficient business processes, not separate and siloed from each other.

Professional and Industry Experience

Christian has served as engagement manager for multiple large utilities’ cyber security assessment, internal audit, external audit support, and compliance program improvement project. He has led teams of specialists who increased the compliance maturity improvement velocity by a factor of three using Agile methods for team and stakeholder engagement. In addition, Christian has worked with multinational utility companies developing an industry leading IT risk and control set. This product identifies companywide IT risk with mitigating cybersecurity and IT controls fully based in NIST, NERC CIP, COBIT, GDPR, NIS-D, and more. Previously, Christian was managing advisor for quality assurance activities nationwide audit and security maturity of one of the largest utility companies in the United States.  At Mid-Continent Independent System Operator (MISO), he led the CIP Version 3 to Version 5 transition program.  Further, Christian performed CIP Analyst and EMS Engineering activities at Orlando Utilities Commission (OUC) developing and implementing operational business policies, processes, and procedures.  With this experience, Christian understands the full spectrum of differences in how Responsible Entities fulfill their compliance obligations while minimally impacting business operations. 

Information Security Governance and Strategy

• Managed Agile enterprise oversight and engineering operations program maturity transformation and development.
• Led business and compliance group collaboration developing efficient, operational program policies, procedures, and compliance evidence templates.
• Advised management teams on security and compliance risk in enterprise program strategy based on company risk tolerance, security and compliance landscapes, and industry leading practices.

Information Security and Compliance

• Led multi-regional audit preparation workshops including operating process walkthroughs, program narrative development, interview rehearsals, compliance evidence analysis, and evidence packaging.
• Conducted internal audits, risk assessments, maturity assessments, mock audits, and investigations of compliance practices; including performing research, collection and review evidence, analysis, documentation of results, and corrective measures implementation.
• Assisted companies in responding to compliance monitoring processes such as Self-Certifications, Audits, and Spot-Checks; participating in audit interviews, and coordinating and ensuring timely submission of evidence consistent with NERC requirements enforced by Regional Entities FRCC, RF, MRO, SERC, and SPP.
• Created standardized approach to CIP V5 BES Cyber System Identification including Operational Technology (OT) and Information Technology (IT) systems for small and large Responsible Entities.
• Developed, facilitated, and instructed NERC CIP and security controls program training workshops.