Ernest N. Hayden (Ernie), CISSP, CEH, is currently an executive consultant with Alexandria, VA.-based Securicon. Previously, he was managing principal, critical infrastructure protection/cybersecurity with Verizon, where his primary focus was on supporting customer projects regarding smart grid security, energy supply security, and electric grid security with special emphasis on NERC Critical Infrastructure Protection (CIP) standards. He has extensive experience in the power utility industry, critical infrastructure protection/information security, cybercrime and cyberwarfare. Ernie is a noted writer and speaker on the topic of smart grid security.
Prior to Verizon, Ernie was the information security strategic advisor in the compliance office at Seattle City Light. Ernie was also the chief information security officer for the Port of Seattle, one of the nation's largest combined airport and seaport operations.
Previously Ernie held several significant management positions in both the business management and the information security management arenas. He was president and CEO of Bellevue, Wash.-based MCM Enterprise, an advanced sensor technology company for the hydroelectric sector; he was IT security lead for the Seattle Justice Information System in the Seattle Municipal Courts and Seattle Police Department; he was director of security services for Alstom ESCA software; executive director for the Electric Power Research Institute (EPRI) covering Western U.S. and Canadian operations; and commissioned officer in the US Navy qualified as a nuclear engineer and surface warfare officer.
Do you have a question for our experts?
Contributions from Ernie Hayden, Contributor
- Cybersecurity insurance: Choosing an insurance policy
- Understanding SCAP NIST guidance and using SCAP tools t
- Best practices for information security reward incentive programs
- HIPAA covered entity and business associate agreement r
- Creating a security risk management plan format
- How to manage compliance as Chief Information Security
- FFIEC security requirements: Physical security management and logging
- Penetration test methodology: Creating a network pen testing agreement
- McAfee update problem: Dealing with bad antivirus DAT f
- Privacy laws in the workplace: Creating employee privacy policies
- Employee compliance: Creating a compliance-focused work
- How to determine the net value of an asset for risk impact analysis
- The cost of an audit: Choosing a competent PCI DSS QSA
- Negotiating an IT security budget for a data loss prevention tool
- How to enforce a USB security policy with support from management
- Credit card data storage: Virtual terminal protocol for PCI compliance
- Gap analysis methodology for IT security and compliance
- Information security program development: Security vs. compliance
- Should national information security standards be enforceable?
- How to update a disaster recovery, contingency planning strategy