Who we are…
Ampyx Cyber is a specialized, services-only, international consulting firm with operations in North America and Europe. We focus on industrial control systems (ICS) and operational technology (OT) security. We help you keep the lights on, water pumping, gas flowing, transportation moving — and all other industrial technologies safe and secure. Protecting industrial control systems and operational technologies is our craft.
We set out to build a different kind of firm with a unique concentration on the industrial ecosystem, comprised of people who have dedicated their careers to it. Our consultants are carefully selected for their productivity, professionalism and integrity as well as their deep industry knowledge and regulatory/standards experience.
We are technology-agnostic. We don’t make, sell, or promote any specific hardware or software. This allows us to work with what you have, and ensures our recommendations are free from influence. We can work with all available options to provide you with the best fit for your unique situation.
We understand the industrial world. We have been operations staff, security practitioners, and management at industrial asset owners. We’ve worked within equipment manufacturers. We have drafted and influenced regulations and international standards. We have even been the federal regulator performing the audits and issuing the violations. We’ve seen your world from all sides. But most importantly, we tell it to you plain and simple, straight and honest - without wasting your time.
Client confidentiality is very important to us. As such, we do not list our customers on our website. Please contact us for a list of references.
Credentials
Professional Certifications
GCIP: GIAC Critical Infrastructure Protection - SANS Institute
CISSP: Certified Information Systems Security Professional — International Information Systems Security Certification Consortium (ISC2)
ISSAP: Information Systems Security Architecture Professional, CISSP Concentration — International Information Systems Security Certification Consortium (ISC2)
SSCP: Systems Security Certified Practitioner — International Information Systems Security Certification Consortium (ISC2)
CISA: Certified Information Systems Auditor — Information Systems Audit and Control Association (ISACA)
CRISC: Certified in Risk and Information Systems Control - Information Systems Audit and Control Association (ISACA)
DHS-CVI: Department of Homeland Security Certified Chemical-terrorism Vulnerability Information Authorized User – DHS
CEH: Certified Ethical Hacker — EC Council
NSA IAM: National Security Agency Information Assessment Methodology — INFOSEC Assessment Training and Rating Program (IATRP)
SCP: Snort Certified Professional — SourceFire
TCP: Tripwire Certified Professional — Tripwire
Professional Experience Highlights
First and former Manager of NERC CIP Compliance Audits and Investigations at WECC
First NERC CIP auditor in North America
Led and/or participated in (>100) NERC CIP Audits in all NERC Regions
Drafting of sections of NERC UAS 1200/1300 and NERC CIP versions 1/2/3
Drafting of multiple NERC CIP Interpretations
Contributing member to NERC CIP Supply Chain Working Group (SCWG) guidance publications
Contributing member to NERC Security Integration and Technology Enablement Subcommittee (SITES) guidance publications
Contributor to NERC/ERO Auditor Manual and Guidance
Speaker/contributor to multiple FERC Technical Committees
Regular public commentary on FERC NOPRs and Orders
SANS ICS456 GCIP instructor
SANS ICS Summit Advisory Board
EnergySec NERC CIP Bootcamp instructor and content developer
EnergySec Founder, Director and President Emeritus
Centro de Ciberseguridad Industrial (CCI) US Coordinator
Cyber Senate Steering Member for Industrial Control Cyber Security
DOE National Electric Sector Cybersecurity Organization (NESCO) Principal Investigator
NARUC/NASEO Cybersecurity Advisory Team for State Solar (CATSS) Advisory Group
NARUC/DOE Cybersecurity Advisory Group
National Telecommunications and Information Administration (NTIA) and Idaho National Lab (INL) Software Bill of Materials (SBOM) Energy POC Stakeholders
DOE Solar Energy Technology Office (SETO) and National Renewable Energy Lab (NREL) Industry Advisory Board (IAB) for the Securing Solar for the Grid (S2G)
Named contributor to DHS CISA Cyber Performance Goals (CPGs)
Advisory Board for Industrial Security Conference, Copenhagen (ISC CPH)
Winter Olympics Electric Utility Operations Cybersecurity Lead
Advisory (direct or Advisory Board Member) to multiple industrial security product vendors
Former utility staff (multiple utilities, telecommunications, water & energy)
Alliances
If we’re not experts at it, we know someone who is. This gives our clients access to our wide professional ecosystem - through Ampyx Cyber - to minimize the need for multiple contracts. We’re very proud to have agreements with the following top-notch companies:
Convergence Controls & Engineering
Convergence designs, programs, and supports industrial automation systems across all major industries including energy, food and beverage, water treatment, manufacturing and more. Convergence further helps companies get real-time data from their production equipment for dashboarding and enterprise wide reporting. Services include system engineering, specification, project management, procurement, control panel design and fabrication, commissioning services and 24x7 support. From Allen-Bradley to Zedi, IO to SCADA, Power and Control, we design, fabricate, commission, support and manage all of your electrons within your facility.
Cutaway Security
Cutaway Security, a veteran owned company, is a team of seasoned information security professionals who stand ready to assist you with your daily or emergency security efforts. We feel that security starts with a solid foundation of understanding an organization’s assets, people, and business requirements. We will leverage this philosophy and our unique experiences in the manufacturing, energy, media, and service industries to help accurately scope and complete your next security effort.
Egede industrial cybersecurity
Egede is a distinguished leader in industrial and critical infrastructure cybersecurity, offering an extensive range of expert services to safeguard complex systems and environments. With years of specialized experience, Egede stands as a trusted advisor in cybersecurity, providing comprehensive solutions from security design and architecture to in-depth technical tasks such as malware analysis and cybersecurity assessments. Recognized for its "offensive thinking" approach, Egede delivers tailored industrial cybersecurity analyses, penetration testing, and application testing, ensuring reliable protection tailored to the unique needs of each client. Committed to excellence and innovation, Egede's team of seasoned professionals is dedicated to advancing the standards of cybersecurity, making them a preferred partner for both large and small companies looking to fortify their defenses against evolving threats.
Full circle strategic communications
A woman-owned business founded in 2006, FullCircle Communications LLC is a boutique consultancy specialized in cybersecurity, cybersecurity education, and strategic support services in engineering and related disciplines. Our customers and partners include the Department of Defense, the State of California’s Manufacturing Exchange Partnership with the National Institute of Standards and Technology, South Carolina, Michigan, and Universities. We maintain a strong network of companies, Universities, FFRDCs, and consultants to ensure the strongest and best support to our customers and partners.
GRIMM
GRIMM is a forward-thinking cybersecurity organization led by industry experts. The company's practice demonstrates the impact of security risks and provides technical solutions to address top risks. GRIMM's expertise is built on operational experience in solving advanced cybersecurity problems.
INPOWERD
INPOWERD LLC is a verified Veteran Owned Small Business (VOSB) specializing in power grid operations, North American Electric Reliability regulatory compliance, risk management, physical and cyber security for the electric utility industry. INPOWERD provides strategic consulting services to clients across the United States and Canada. INPOWERD services also include executive leadership programs and coaching, strategic plans, business start-up and continuity plans, technical writing (policies and procedures), and certified training development and facilitation.
insane cyber
Founded in 2020 by Dan Gunter, Insane Cyber has quickly established itself as an upcoming leader in the cybersecurity space, focusing on using automation to protect critical infrastructure and operations in the energy, data center, government, oil and gas, and other sectors. The proprietary Valkyrie Automated Security platform provides proactive and reactive protection for operational technology, leveraging powerful automation to monitor host and network data. Valkyrie is currently trusted by multiple Fortune 200 companies.
Karta
Karta is an Integrated Risk Management software consulting firm that supports North American electric utilities with risk management, NERC and business compliance management solutions. Karta's own NERC compliance management solution is used by many electric utilities in North America, and Karta consultants spend 80% of their time working with BES organizations.
Manifest
Manifest is a venture-backed cybersecurity company focused on operationalizing software bills of materials (SBOMs) to help organizations reduce their supply chain risk. In the wake of several prominent software supply chain vulnerabilities (Log4j, Apache Struts, etc.), enterprises are turning to SBOMs to understand what open source and third party libraries are in their environments, especially in their OT/ICS where software lasts for years. While SBOM generation tools are proliferating, enterprises lacked a solution to consume and derive insights from those SBOMs - until Manifest. We provide SOC teams with a comprehensive software inventory, enabling them to answer the question, "Where do I have Log4j?" in seconds instead of weeks; enable Product Security to respond quickly and securely to SBOM regulations and requests; and enable GRC and third-party risk teams to easily and simply quantify the risk in vendor applications.
Channel Sales
We offer great percentages with simple terms.
