Profiles search
Michael Tallent
Chief Information Security Officer at Duquesne Light Company
Pittsburgh, PA, United States
Details
Experience:
As the Chief Information Security Officer, I am accountable for developing and implementing Duquesne Light’s information security strategy and program. I am responsible for working with company leadership to create a culture of information security awareness among employees, partners and vendors. I am responsible for evaluating and implementing information security technologies and concepts to protect information assets and industrial control systems. I have developed and staffed an organization which is responsible for enterprise wide cybersecurity operations, engineering, IAM, IT governance, risk management and compliance. I am responsible for ensuring the Company maintains compliance with all regulatory standards and most specifically NERC CIP regulations.
Recent major accomplishments include the implementation of a new SCADA Energy Management System with supporting NERC CIP controls. These controls include a new Security Event Management system, a configuration monitoring system, an IT Service Management platform, a Privileged Access Management solution and an Intrusion Detection Solution. In addition, I have overseen the implementation of a new Enterprise Identity and Access Management solution, IT Risk Management Program, Supply Chain Risk Management program and Threat Intelligence and Information sharing program.
2016 : Present
Duquesne Light Company
Managing Director and Chief Information Security Officer
Accountable for the leadership and execution of Santee Cooper’s enterprise information security program. Implemented an enterprise-wide approach that integrates people, policy and technology and leverages centralized governance and decentralized execution to provide a highly effective cybersecurity posture for corporate assets and industrial control systems. This responsibility included information technology and operational technology security for a diverse generation fleet of hydro, conventional fossil, gas, and renewable energy sources as well as wholesale water systems.
2014 : 2016
Santee Cooper
Head of Cyber Security
Accountable for the governance, oversight, and leadership of TVA’s enterprise information security program. This responsibility included information technology and operational technology security for a diverse generation fleet of nuclear, hydro, conventional fossil, gas, and renewable energy sources. Implemented organizational programs for security operations and threat intelligence, NERC CIP compliance, FISMA compliance, Sarbanes-Oxley compliance, and the agency's Privacy Program. Integrated cyber security activities with policy, people and technology to provide the organization with a robust cybersecurity framework and solutions. Managed annual capital and O&M budget in excess of $20 million dollars.
2011 : 2014
Tennessee Valley Authority
Director of Enterprise IT Security and Policy, Chief Information Security Officer
Responsible for managing a diverse staff of program managers and security professionals tasked with evaluating and implementing projects to reduce cyber risk. Developed and enhanced relationships with stakeholders to ensure cybersecurity was engaged at appropriate points in the project management lifecycle. Responsible for tracking and managing cybersecurity risk for the Tennessee Valley Authority. Managed the delivery for a portfolio of cybersecurity projects in excess of $15 million.
2009 : 2011
Tennessee Valley Authority
Sr. Manager Cybersecurity Solutions
Responsible for cyber security operations which included incident and event monitoring, threat intelligence, vulnerability assessment, vulnerability management, incident response and forensics. Responsible for security assessments and penetration tests.
2008 : 2009
Tennessee Valley Authority
Manager Cyber Security Operations
Recent major accomplishments include the implementation of a new SCADA Energy Management System with supporting NERC CIP controls. These controls include a new Security Event Management system, a configuration monitoring system, an IT Service Management platform, a Privileged Access Management solution and an Intrusion Detection Solution. In addition, I have overseen the implementation of a new Enterprise Identity and Access Management solution, IT Risk Management Program, Supply Chain Risk Management program and Threat Intelligence and Information sharing program.
2016 : Present
Duquesne Light Company
Managing Director and Chief Information Security Officer
Accountable for the leadership and execution of Santee Cooper’s enterprise information security program. Implemented an enterprise-wide approach that integrates people, policy and technology and leverages centralized governance and decentralized execution to provide a highly effective cybersecurity posture for corporate assets and industrial control systems. This responsibility included information technology and operational technology security for a diverse generation fleet of hydro, conventional fossil, gas, and renewable energy sources as well as wholesale water systems.
2014 : 2016
Santee Cooper
Head of Cyber Security
Accountable for the governance, oversight, and leadership of TVA’s enterprise information security program. This responsibility included information technology and operational technology security for a diverse generation fleet of nuclear, hydro, conventional fossil, gas, and renewable energy sources. Implemented organizational programs for security operations and threat intelligence, NERC CIP compliance, FISMA compliance, Sarbanes-Oxley compliance, and the agency's Privacy Program. Integrated cyber security activities with policy, people and technology to provide the organization with a robust cybersecurity framework and solutions. Managed annual capital and O&M budget in excess of $20 million dollars.
2011 : 2014
Tennessee Valley Authority
Director of Enterprise IT Security and Policy, Chief Information Security Officer
Responsible for managing a diverse staff of program managers and security professionals tasked with evaluating and implementing projects to reduce cyber risk. Developed and enhanced relationships with stakeholders to ensure cybersecurity was engaged at appropriate points in the project management lifecycle. Responsible for tracking and managing cybersecurity risk for the Tennessee Valley Authority. Managed the delivery for a portfolio of cybersecurity projects in excess of $15 million.
2009 : 2011
Tennessee Valley Authority
Sr. Manager Cybersecurity Solutions
Responsible for cyber security operations which included incident and event monitoring, threat intelligence, vulnerability assessment, vulnerability management, incident response and forensics. Responsible for security assessments and penetration tests.
2008 : 2009
Tennessee Valley Authority
Manager Cyber Security Operations
Company:
Duquesne Light Company
About
Experienced Electric Industry Chief Information Security Officer who is a strategic, executive agent of change for the protection of information and assets that are the lifeblood of critical infrastructure and private enterprise.
Profile Photo
