Ernest N. Hayden (Ernie), CISSP, CEH, is currently an executive consultant with Alexandria, VA.-based Securicon. Previously, he was managing principal, critical infrastructure protection/cybersecurity with Verizon, where his primary focus was on supporting customer projects regarding smart grid security, energy supply security, and electric grid security with special emphasis on NERC Critical Infrastructure Protection (CIP) standards. He has extensive experience in the power utility industry, critical infrastructure protection/information security, cybercrime and cyberwarfare. Ernie is a noted writer and speaker on the topic of smart grid security.
Prior to Verizon, Ernie was the information security strategic advisor in the compliance office at Seattle City Light. Ernie was also the chief information security officer for the Port of Seattle, one of the nation's largest combined airport and seaport operations.
Previously Ernie held several significant management positions in both the business management and the information security management arenas. He was president and CEO of Bellevue, Wash.-based MCM Enterprise, an advanced sensor technology company for the hydroelectric sector; he was IT security lead for the Seattle Justice Information System in the Seattle Municipal Courts and Seattle Police Department; he was director of security services for Alstom ESCA software; executive director for the Electric Power Research Institute (EPRI) covering Western U.S. and Canadian operations; and commissioned officer in the US Navy qualified as a nuclear engineer and surface warfare officer.
Do you have a question for our experts?
Contributions from Ernie Hayden, Contributor
- HIPAA covered entity and business associate agreement r
- Creating a security risk management plan format
- FFIEC security requirements: Physical security management and logging
- How to manage compliance as Chief Information Security
- Penetration test methodology: Creating a network pen testing agreement
- Privacy laws in the workplace: Creating employee privacy policies
- McAfee update problem: Dealing with bad antivirus DAT f
- How to determine the net value of an asset for risk impact analysis
- Employee compliance: Creating a compliance-focused work
- The cost of an audit: Choosing a competent PCI DSS QSA
- Negotiating an IT security budget for a data loss prevention tool
- How to enforce a USB security policy with support from management
- Credit card data storage: Virtual terminal protocol for PCI compliance
- Gap analysis methodology for IT security and compliance
- Information security program development: Security vs. compliance
- Should national information security standards be enforceable?
- How to update a disaster recovery, contingency planning strategy
- HIPAA password policy: Managing Windows stored usernames and passwords
- SOX data retention policies: What to do with old software archives
- A written information security policy (WISP) example for compliance