Meet our experts
John Cusimano, CFSE, CISSP, GICSP
Vice President of Industrial Cybersecurity
John has over 20 years of experience and has performed many control system cybersecurity vulnerability and cyber risk assessments. He is a member of the International Society of Automation (ISA) and is a voting member of the ISA 99 cybersecurity standards committee. As part of that committee, he is the chair of the zones and conduits working group, and co-chair of the product development working group. He is the developer and primary instructor of the ISA courses on cybersecurity. John is a Certified Functional Safety Expert (CFSE), a Certified Information Systems Security Professional (CISSP), and a Global Industrial Cyber Security Professional (GICSP). John has a B.S. in Electrical and Computer Engineering from Clarkson University in New York.
“I am passionate about helping the process industries mature in their understanding and ability to manage operational (i.e. control system) cybersecurity risk by developing and applying engineering discipline to the process. Recognizing that operational cybersecurity risk is a subset of process safety risk, my goal is to leverage and align existing process safety management processes with operational cybersecurity management processes. I have been focused on developing, applying and sharing what I have learned with industry via client projects, standards committees and training since 2009.”
John has played guitar since he was 10 and was in bands throughout high-school and college. He has been in duets the last five years and has recorded dozens of original songs that he has co-authored with friends and professional lyricists. He’s also a food enthusiast (foodie) and enjoys both preparing and consuming great food, especially ethnic and regional foods. His favorite aspect of traveling is seeking out establishments that serve amazing food unique to that area.
Krish Sridhar , P.E., GSEC
IC Senior Business Manager
Krish Sridhar is a subject matter expert on cybersecurity solutions applied to industrial control systems. He brings over 20 years of industry experience with process automation, high availability architectures, industrial networks and application software. Krish has executed many cybersecurity risk and vulnerability assessment projects for chemical, specialty chemical, life sciences and CFATS compliant companies per the NIST framework and ISA 99/IEC 62443 standards. His particular expertise and experience is to develop and design holistic cybersecurity program for industrial control systems leveraging proven IT technologies, ICS security tools and products and industry best practices.
Krish works closely with various stakeholders within an organization to develop detailed implementation protocols, procedures, guidelines and help manage the lifecycle of a cybersecurity program.
Blogs & Whitepapers
Paul Rostick, CISSP, GICSP
CISO & Senior Principal Cybersecurity Advisor
Paul Rostick is the Chief Information Security Officer (CISO) and an Industrial Cybersecurity Advisor for aeSolutions. He advises company executives on establishing strategic Industrial Cybersecurity Programs.
Prior to joining aeSolutions, Paul was the CISO and Director of Cybersecurity Programs for Sunoco Logistics Partners, where he developed their first integrated IT/OT Cybersecurity Program. He has over 25 years of IT/OT/EHS experience in the Oil & Gas industry. Paul’s cybersecurity articles have been published in various industry publications, including Pipeline and Gas Journal, ISA InTech Magazine, TechTarget Search Security, and Linked-In. Paul regularly presents on Cybersecurity Program topics at industry conferences and forums, including ARCForum, AFPM, and AiCHE.
Steve Stock, GICSP, CCNP-W, CCDA
IC Business Manager
Steve is an Industrial Control Systems professional with over 24 years of experience working with IP networking and process controls systems. The last 12 years have been focused on the energy sector where he has served as the Technical Lead/Project Manager executing a wide range of projects. Extensive experience assessing, designing, implementing, testing, and remediating industrial infrastructures using both wired and wireless technologies and adhering to the NIST framework and ISA 99/IEC 62443 standards. Steve has also led multiple program-wide cyber security assessments to identify gaps, vulnerabilities, and cyber related risks to the Process Control Environment.
IC Business Development Manager
Thomas is joining aeSolutions as a Business Development Manager in our Lifecycle Solutions Group. His previous experience includes sales and business development leadership roles for a variety of companies, including a division of Emerson Automation Solutions and General Electric Oil & Gas, as well as time as a process and project engineer. He holds his Bachelor’s in Chemical Engineering, and a Master’s in Business Administration.
Tim Gale, ISA 62443 Cybersecurity Expert
IC Senior Principal Specialist
Over 25 years experience in Industrial Cybersecurity, Process Control and Process Safety and in the Oil & Gas, Chemicals, Pulp & Paper, Food & Beverage and Mining Industries. Experience with PLC, DCS, BMS, and SIS systems on projects throughout the United States, Canada, Europe and Asia. Skilled in detailed control system design, commissioning and startup, FAT/SAT, and Cybersecurity testing. Currently responsible for responsible for Cybersecurity Data Analysis, Risk Assessment and Control System Cyber‐Factory Acceptance Testing. Expertise in vulnerability assessments against the NIST Cybersecurity Framework, IEC 62443, NIST 800‐53 and 800‐82. ISA 62443 Cybersecurity Expert.
Emerson Delta‐V, Honeywell TDC 2000/3000, Honeywell HC900, Allen‐Bradley PLCs, Siemens PCS7, Moore APACS, Foundation Fieldbus, Profibus, ASi, Devicenet
Sr. Lifecycle Services Manager -Process Safety, Automation, Controls and Cyber Security
Marco (Marc) Ayala is a Sr. Lifecycle Services Manager -Process Safety, Automation, Controls and Cyber Security with aeSolutions. Marc has over 20 years of experience in process automation and safety and is active in the Chemical Sector and Oil and Gas cybersecurity effort working alongside DHS for securing the private sector. He has trained extensively with INL Idaho National Labs with colleagues focusing on ICS-CERT and has worked as an end user from I&E and I&C throughout his career, where he has handled advanced process control, maintained and designed enterprise historians, and has worked with enterprise-IT to perfect a direct balance of ICS/SCADA Industrial-IT and demarc with Enterprise-IT. Marc is deeply engaged in ICSJWG, ACC-ChemITC and is an active member on ISA 99/62443, FBI – Infragard, ICS-CERT/US-CERT. Marco is a Senior Industrial Cybersecurity Project Manager for aeSolutions, a process safety consulting, engineering and automation company that provides process safety lifecycle solutions and tools.
Industrial Cybersecurity Business Manager
Dave recently served as the Director of Cybersecurity Solutions for Exida, and previously as the Global Manager of Process Automation Development and Support for Air Products and Chemicals. Dave holds several Industrial Cybersecurity certifications. Dave will be responsible for managing complex projects and programs for industrial cybersecurity clients.
Josh Ruff, CCNA
Industrial Cybersecurity Principal Specialist
Josh has over 6 years of experience working on, designing, and/or executing Cybersecurity Vulnerability Assessments, Wired/Wireless Industrial Networks, Process Automation & Controls Engineering, Automation Application and Device Level Security, Standards and Procedures Development, Commissioning and Start-up, and Project Management in Oil & Gas onshore, upstream and midstream facilities. Having been embedded for 3 years with one of the largest operators in the Bakken and being an end user of Industrial Cybersecurity products and policies, Josh is able to utilize this experience to assess and evaluate process and procedural hazards, ICS architecture, and cybersecurity risks.
Industrial Cybersecurity Principal Specialist
Over 15 years of experience in various IT disciplines and industrial cybersecurity. Experience in Industrial Cyber Security Program Leadership includes MES/Systems Integration, Engineering and Discipline Leadership for capital design engineering in the integrated fiber, resin and chemical intermediates industries. Responsible for implementing corporate wide strategies in bridging the world between IT and OT, gap assessments, portfolio and program development/management, developing policies, standards, training programs, risk profile and framework, business continuity strategy, OT/IT governance framework and global/regional support strategy. Experience working with various stakeholders in across disciplinary environment and across various business entities. Participant of ISA99/62443 WG10: Use Case Studies.
Industrial Cybersecurity Principal Specialist
Terry McCoy has over 10 years of experience with Instrumentation and Process Controls Systems.
He has been an aeSolutions team member for over 7 of those years primarily serving our oil & gas clients. He has worked extensively with both onshore and offshore oil drilling and production systems and has specialties in Controls, Alarms, and Safety Instrumented Systems (SIS) along with a diverse background in the IT world. Terry was crucial in the validation and implementation of a major oil company’s SIS program. He has also performed numerous gap assessment surveys in the Burner Management Systems (BMS) field.
Holding several certifications in the Industrial arena, Terry’s combination of OT & IT skills makes him a well-rounded Industrial Cybersecurity Specialist who will primarily be focused on vulnerability assessments and Risk Assessments of ICS networks.
Terry currently serves as a chairman on the Seattle ISA board.
Allen Steagall, GICSP, CCNP R&S, CCDP, CCNA Cyber Ops, CCNA Security
Industrial Cybersecurity Technical Project Manager
Allen has over 20 years of experience with various Information Technology systems, seven of which are specific to Industrial IT in onshore and offshore facilities working with Industrial Control Systems and Process Control Networks. Cisco certified in routing, switching, security, and design. Technically proficient in designing, configuring, installing, troubleshooting, and optimizing industrial networks. Technical lead of cybersecurity vulnerability and risk assessments including unobtrusive data collection, detailed analysis, and actionable reporting. Maintains membership in the FBI’s InfraGard and the ISA and is also credentialed with the Federal Communications Commission. Previous experience with military operations communications systems including radio, wire, and cryptographic hardware while serving in the United States Marine Corp.
IC Technical Project Manager
Jacob Morell is a Chemical Engineer with experience in industrial cybersecurity, process safety, automation, and process operations. In his current role as an Industrial Cybersecurity Technical Project Manager he leads teams that perform Cybersecurity Risk Assessments, Vulnerability Assessments, PHA/LOPA studies, and Alarm Rationalization studies. His primary focus is on implementation of CyberPHA risk assessments and leveraging his strong background in process safety & operations to improve the assessment process. Jacob is a licensed Professional Engineer, Certified Function Safety Expert (CFSE), and has a B.S. in Chemical Engineering from Clemson University.
Patrick Riley, GICSP
Industrial Cybersecurity Principal Specialist
Subject matter expert on cybersecurity solutions applied to industrial control systems. Over 9 years of industry experience with designing and implementing industrial networks and application software and troubleshooting and maintaining large scale deployments. Has performed several cybersecurity risk and vulnerability assessment projects for Oil and Gas as well as manufacturing companies per the NIST Cybersecurity Framework and IEC 62443 and NIST-800-82 standards. Patrick’s core competencies include Security Architecture Design, Network Security, Security Policy, Access Control and Incident Handling. He has experience working closely with various stakeholders within an organization to develop detailed implementation design requirements, ensuring adherence to industry best practices.
Industrial Cybersecurity Specialist
Robbie specializes in technical documentation including the development of internal and external policies, procedures, templates, and tools, as well as performing security standards and controls analysis, and reporting on cybersecurity projects.
Robbie has 2+ years of experience in cybersecurity implementation projects, having worked in a similar role with Louisiana State University prior to joining aeSolutions. Currently, Robbie is pursuing his PhD from Texas A&M University in College Station, TX.
IC Principal Specialist
Alvaro has most recently worked as a Security Engineer for Check Point Software Technologies, and a Project Engineer for Honeywell. Alvaro attended the Marines Corps Communication and Electronics School, specializing as a Data Network Specialist and Tactical Data Network Administrator, and holds his CompTIA Network + and CompTIA Security + certifications.
IC Senior Specialist
Steve’s recent roles include Technical and Test Support at Hewlett Packard Enterprise, and he is a Cisco Certified Entry Network Technician (CCENT), currently pursuing his CCNA certification, as well as a degree in Network & Computer Systems Administration. IN his new role, Steve will be supporting our clients’ industrial cybersecurity needs.
We Can Help
Our Core Services