Appendix C
Biographical Sketches of the Workshop Speakers

JOE BUSH is a research mechanical engineer for the U.S. Army Corps of Engineers (USACE) Engineering Research Development Center, Construction Engineering Research Laboratory (CERL) where he is the Building Energy Systems Team team lead for control systems. Since joining CERL in 2002, he has focused on the specification, implementation, and cybersecurity of facility-related control systems (FRCS) with a focus on interoperable multi-vendor open systems. Mr. Bush has authored multiple Unified Facilities Criteria and Unified Facilities Guide Specifications covering Utility Monitoring and Control Systems; heating, ventilation, and air conditioning (HVAC) controls; and the cybersecurity of FRCS. He supports the USACE Headquarters Engineering and Construction Division as a control system and cybersecurity subject-matter expert and serves as the Army member of the Control Systems Discipline Working group for the Tri-Service Standards and Criteria Program. Mr. Bush is a registered control systems engineer and holds a bachelor’s degree in mechanical engineering from The Cooper Union for the Advancement of Science and Art and a master’s degree in general engineering from the University of Illinois at Urbana-Champaign.

NATHAN HIZER is a registered professional engineer with more than 21 years of federal experience. He currently works in the Veterans Health Administration’s Healthcare Environments and Facilities Program in the Office of Healthcare Engineering supporting the field in all engineering-related issues with a specialty in mechanical engineering and controls. Mr. Hizer has held facilities and engineering roles with the Department of the Treasury’s Bureau of Engraving and Printing, the Department of Veterans Affairs’ (VA’s) Office of Information and Technology in the Office of Construction and Facilities Management, and with the VA medical centers in Huntington, West Virginia; Prescott, Arizona; and Martinsburg, West Virginia. Mr. Hizer has a BS in mechanical engineering from the University of Akron and a master of administration with a focus in project management from Northern Arizona University. He holds a Federal Acquisition Certification for Project Management (Senior Level Project Manager) Level III, a Contracting Officers Representative Level II certification, and a Global Information Assurance Certification in Information Security Fundamentals, and he is a Global Industrial Cybersecurity Professional. Mr. Hizer is a licensed professional engineer in the state of Texas.

JON HUDDLESTON serves as a USACE defense critical infrastructure (DCI) and operational technology (OT) program manager in the Headquarters USACE Installation Readiness Division. He conducts and oversees Mission Assurance risk assessments; Simulated Adversary and Threat Replication for Networks cyber threat integration; installation cyber resilience; and critical infrastructure dependency studies, exercises, and policy development. Mr. Huddleston served as the DCI assessment coordinator for the Army at the Pentagon; NDAA 1650 Cyber Assessment participant and analyst; and mission analyst and infrastructure assessor for Critical Infrastructure Protection-Mission Assurance Assessment Teams supporting the Army, the Defense Contract Management Agency, and the Department of Homeland Security. Recognitions include certification as a Certified Business Continuity Professional by the Disaster Recovery Institute International and Federal Bureau of Investigation Infragard member and

presenter. He was recognized by the director of the U.S. Secret Service and co-authored the program-managed structure for Army control systems and operational technology.

BOB HUNTER is a thought leader in the field of securing and managing OT, including industrial control systems (ICS) and supervisory control and data acquisition systems. He previously founded TrendPoint Systems, the leader in data center power monitoring and NetBrowser Communications, the first data center infrastructure management (DCIM) system company. He has more than 25 years of experience in bringing together successful software and embedded systems projects in the fields of DCIM, energy management, and cybersecurity management. Mr. Hunter founded Alpha Guardian using his expertise in the vulnerabilities and securing of key OT and ICS protocols, including Modbus, BACnet, Simple Network Management Protocol, Message Queuing Telemetry Transport, and others. Alpha Guardian is based in San Ramon, California, with a research facility located in Spokane, Washington.

COBY JONES is the senior manager of advanced applications for Johnson Controls Federal Systems. His career with Johnson Controls spans more than 25 years. In his current role, he supports information technology (IT) and OT teams at Department of Defense (DoD) locations and understands the importance of partnership in planning for the Base of the Future. Mr. Jones works with federal government customers to guide them through the digital transformation process for new and retrofit facility-related control system projects using the latest HVAC industry technology and cybersecurity practices. He also works as a liaison for DoD customers and Johnson Control’s product development teams to create synergy between new specification requirements and new industry technology. Mr. Jones spent 8 years at Fort Liberty Army Installation as a resource efficiency manager, as well as acting energy manager.

SANDY KLINE is serving at DoD for the Under Secretary for Acquisition and Sustainment as the director for Mission Assurance and Facility-Related Control Systems Cybersecurity. She is leading efforts to understand, quantify, and mitigate the cybersecurity risks to hundreds of thousands of FRCS on military installations worldwide. FRCS represent a significant portion of DoD’s critical infrastructure providing the water and power required for accomplishment of military missions. Using DoD’s Mission Assurance methodology as a foundation, Ms. Kline is working across DoD to enable the identification of the impacts of cybersecurity attacks to OT and IT to mission capabilities and to the life, health, and safety of installation personnel. Key to this effort is mapping interdependencies between and across systems by building on mission decomposition work the Services have done through Crown Jewel, NDAA 1650, and Mission Relevant Terrain-Cybersecurity analyses. Leveraging the National Institute of Standards and Technology (NIST) Cybersecurity Framework 2.0 (released in February 2024), her team has created a FRCS Cybersecurity Framework to enable standardized assessment and tracking of organizational cybersecurity maturity that is key the development and sustainment of complex continuous monitoring and recovery capabilities being pursued by DoD to meet Executive Order (EO) 14028, “Improving the Nation’s Cybersecurity.” Recent achievements by her office include the release of updated construction criteria for FRCS; completion of Cybersecurity Resilience Readiness Exercises at Marine Corps, Navy, and Army installations; establishment of the FRCS Cyber Framework; partnerships with industry to update military construction guidance for cybersecurity commissioning; and engagement with the National Security Agency to incorporate intelligence informed cybersecurity requirements into legacy and new FRCS systems. Prior to working for DoD, Ms. Kline worked for the Secretary of the Navy as the director for installation resilience working on mission assurance energy, water, and cybersecurity resilience issues that resulted in $250 million in energy savings and $300 million in clean air credits used to improve energy and water resilience and achieve objectives of EO 14027. Ms. Kline has also been the deputy director for military construction and the deputy chief information officer and enterprise architect for the Naval Facilities Engineering Command, the director for enterprise IT at the Naval Sea Systems Command, and the program manager for logistics for the F-14 aircraft at the Naval Supply Systems

Command, as has been recognized in all of these position with Navy Meritorious Civilian Awards. Ms. Kline is a graduate of The Pennsylvania State University as an industrial engineer.

MICHAEL POWELL is a cybersecurity engineer at the National Cyber-Security Center of Excellence (NCCoE) at NIST. His research focuses on cybersecurity for the manufacturing sector, particularly how it impacts industrial control systems. Dr. Powell joined the NCCoE in 2017. In his previous positions, he was responsible for the management and oversight of the building and commissioning of the U.S. Navy’s Arleigh Burke-51 class ships. He also served in the Navy for more than 20 years, retiring as a chief petty officer. He holds a bachelor’s degree in IT, an MPA, and a master’s degree in IT. Dr. Powell completed his doctorate in applied computing at Pace University.

TOM SMITH is currently serving at the General Services Administration (GSA) as the center director in the IT category, Office of Supply Chain Risk Management (SCRM), where he has been leading recent efforts to build collaborative working relationships across Federal Acquisition Service (FAS), industry, and government agencies to improve compliance and integration of Cybersecurity Supply Chain Risk Management (C-SCRM) policies, processes, and capabilities to strengthen and secure GSA-wide contract vehicles. He joined the GSA team in 2018 as a member of the IT category management team serving as a senior IT specialist and SCRM subject-matter expert within the Office of IT Solutions. His accomplishments include developing and establishing various C-SCRM training programs for the acquisition workforce, piloting multiple SCRM tools in use across FAS, and creating vehicles for strategic customers to include the benchmark Second Generation IT program, the Ascend cloud marketplace, and current Supply Chain Risk Illumination Professional Tools & Services blanket purchase agreement efforts. Mr. Smith continues to be engaged in every aspect of building and maturing the FAS C-SCRM program, SCRM Division, and providing valued C-SCRM subject-matter expertise both within GSA and across the federal government. Prior to joining GSA, Mr. Smith served in a variety of senior acquisition corps leadership roles during his nearly 30 years of Air Force active duty and federal civil service. His roles ranged from chief engineer for the Air Force’s Business Enterprise Services Division—with technical oversight of $30 billion in Air Force enterprise-wide strategic sourcing and services—to deputy director and military command positions in numerous major defense acquisition programs delivering war-winning capabilities in weapons, aircraft, avionics, and space launch systems. His military awards include the Defense Meritorious Service Medal, the Meritorious Service Medal, and the Joint Service Commendation Medal. Mr. Smith holds senior acquisition certifications in program management, systems engineering, and IT. He holds a bachelor’s degree in electrical engineering from Auburn University and an MS in engineering management from the Florida Institute of Technology.

CHUCK WEISSENBORN works at Dragos, an industrial cybersecurity company—working with OT, industrial control systems, and the industrial Internet of Things—on a mission to safeguard civilization. As the chief technology officer for Dragos Public Sector, he leads the company’s efforts to support public-sector organizations around the world and its efforts to secure control systems and associated OT. Before joining Dragos, Mr. Weissenborn worked at Symantec where he was responsible for all business operations supporting the U.S. Army worldwide. He is also a member of the Army National Guard as a member of the Critical Infrastructure Protection Battalion (CIPBN) in the West Virginia National Guard. The CIPBN provides mission assurance assessments and risk reduction recommendations across DoD, including teams aligned to the headquarters of the Department of the Army G3-5-7, the Defense Information Systems Agency. In his Guard role, he often supports Joint, Army, and inter-agency efforts to bring together community partners and private-sector utilities to ensure the successful execution of public-sector mission sets that rely on OT. Before joining the West Virginia National Guard, Mr. Weissenborn was a member of the Texas National Guard for more than 18 years, with assignments that included the S6 Non-commissioned Officer in Charge for the 36th Combat Aviation Brigade and the Texas Defensive Cyber Operations Element. He most recently returned from a deployment to the U.S.

Central Command area of responsibility where he supported the long-range precision fires mission. Mr. Weissenborn has deployed four times in support of military operations since September 11, 2001. Mr. Weissenborn is an avid supporter of several non-profit organizations and is the co-chair of the Critical Infrastructure/Control Systems cybersecurity committee at the National Defense Industrial Association, which supports engagement and collaboration efforts between DoD and the defense and organic industrial base.

This page intentionally left blank.