20 Cyber Policy Experts To Follow On Twitter
— Forbes
35 Information Security Twitter Accounts You Have to Follow
— Security Scorecard
Top 50 Smart Grid Pioneers
— Smart Grid Today
 
 

Professional History

Patrick Miller shares over 35 years of IT/OT experience through his consulting services as an independent security and regulatory advisor for the Critical Infrastructure and Key Resource sectors. He is currently the CEO and owner of Ampyx Cyber, an industrial security consulting firm based in Portland, OR USA with a European office in Tallinn, Estonia. Patrick is also the US Coordinator and Professor for the Industrial Cybersecurity Center, or CCI (Centro de Ciberseguridad Industrial) based in Madrid, Spain and an instructor for the Cyber Information Security Leader (CISL) course through CSA CPH in Copenhangen, Denmark. Patrick is a former instructor for the SANS ICS456 training on the NERC CIP standards and currently teaches various OT/ICS cybersecurity and regulatory content for Ampyx Cyber.

Mr. Miller is an internationally recognized public speaker on the subjects of critical infrastructure protection, process and industrial control system (ICS/OT) cybersecurity, information technology (IT) cybersecurity, regulatory compliance (leading global expert on NERC CIP), audit and privacy. He is an active volunteer and member of several critical infrastructure security working groups. Patrick has been commended with a number of professional awards for his successful work in building information sharing functions and cybersecurity programs. In addition to his energy sector experience, Mr. Miller also held key positions in the water, telecommunications, finance, and insurance sectors.

Patrick’s career started in the 1980s with deep roots in the telecommunications industry. Over several years, Mr. Miller migrated from telecom to information technology management before taking a primary focus on cybersecurity as principal industrial security consultant for Breakwater Security Associates in 2001 where he developed and managed the energy and utility security consulting practice. He then joined PacifiCorp as a senior information security consultant where he was responsible for enterprise and industrial control system cybersecurity as well as NERC CIP regulatory compliance for the organization. Patrick left the utility after 7 years to join the regulatory strata as manager of critical infrastructure protection (CIP) audits and investigations for the Western Electricity Coordinating Council (WECC) Regional Entity under the North American Electric Reliability Corporation (NERC) in their capacity as the Electric Reliability Organization delegated by the Federal Energy Regulatory Commission (FERC). Mr Miller left the regulator to reconnect with industry as director of the NERC CIP compliance consulting practice at ICF International. In 2010, Patrick founded the 501(c)(3) nonprofit organization EnergySec and became President, CEO, and chairman of the board of directors. EnergySec was contracted to the U.S. Department of Energy (DOE) to establish a new public-private partnership known as the National Electric Sector Cybersecurity Organization (NESCO), and Patrick was Principal Investigator of the program. After successfully ramping and transitioning the NESCO program and taking EnergySec from startup to operational, he rejoined the consulting world through The Anfield Group as a managing principal. In 2014, Patrick left the Anfield Group to form Archer Energy Solutions (later renamed to Archer International), a consulting firm focusing on industrial security. After more than 6 successful years with Archer, Patrick sold his share in 2021 and formed Ampere Industrial Security, Inc as the premier global security and regulatory consulting firm for industrial control systems and operational technologies. In April of 2024, Ampere Industrial Security evolved into Ampyx Cyber as the firm expanded into Europe and unified on a global brand.

Career Highlights

  • First and former Manager of NERC CIP Compliance Audits and Investigations at WECC

  • First NERC CIP auditor in North America

  • Led and/or participated in many NERC CIP Audits in all NERC Regions

  • Drafting of sections of NERC UAS 1200/1300 and NERC CIP versions 1/2/3

  • Drafting of multiple NERC CIP Interpretations

  • Contributing member to NERC CIP Supply Chain Working Group (SCWG) guidance publications

  • Contributing member to NERC Security Integration and Technology Enablement Subcommittee (SITES) guidance publications

  • Contributor to NERC/ERO Auditor Manual and Guidance

  • Speaker/contributor to multiple FERC Technical Committees

  • Regular public commentary on FERC NOPRs and Orders

  • SANS ICS456 GCIP instructor

  • EnergySec NERC CIP Bootcamp instructor and content developer

  • EnergySec Founder, Director and President Emeritus

  • Centro de Ciberseguridad Industrial (CCI) US Coordinator

  • Cyber Senate Steering Member for Industrial Control Cyber Security

  • DOE National Electric Sector Cybersecurity Organization (NESCO) Principal Investigator

  • NARUC/NASEO Cybersecurity Advisory Team for State Solar (CATSS) Advisory Group

  • National Telecommunications and Information Administration (NTIA) and Idaho National Lab (INL) Software Bill of Materials (SBOM) Energy POC Stakeholders

  • DOE Solar Energy Technology Office (SETO) and National Renewable Energy Lab (NREL) Industry Advisory Board (IAB) for the Securing Solar for the Grid (S2G)

  • Advisory Board for Industrial Security Conference, Copenhagen (ISC CPH)

  • Winter Olympics Electric Utility Operations Cybersecurity Lead

  • Advisory (direct or Advisory Board Member) to multiple industrial security product vendors

  • Former utility staff (multiple utilities, telecommunications, water & energy)

Credentials and Certificates

  • GCIP: GIAC Critical Infrastructure Protection - SANS Institute, 2019

  • CISSP: Certified Information Systems Security Professional — International Information Systems Security Certification Consortium (ISC2), 2002, 2005, 2008, 2011

  • ISSAP: Information Systems Security Architecture Professional, CISSP Concentration — International Information Systems Security Certification Consortium (ISC2), 2005, 2008, 2011

  • SSCP: Systems Security Certified Practitioner — International Information Systems Security Certification Consortium (ISC2), 2001, 2004, 2007, 2010

  • CISA: Certified Information Systems Auditor — Information Systems Audit and Control Association (ISACA), 2006, 2009, 2012

  • CRISC: Certified in Risk and Information Systems Control - Information Systems Audit and Control Association (ISACA), 2010

  • DHS-CVI: Department of Homeland Security Certified Chemical-terrorism Vulnerability Information Authorized User – DHS, 2010

  • CEH: Certified Ethical Hacker — EC Council, 2007

  • NSA IAM: National Security Agency Information Assessment Methodology — INFOSEC Assessment Training and Rating Program (IATRP), 2003

  • SCP: Snort Certified Professional — SourceFire, 2006

  • TCP: Tripwire Certified Professional — Tripwire, 2001

GCIP.png