1. MICHAEL BILHEIMER
48 Twin Brook Rd Hamden CT, 06518
Home E-mail: mikebilheimer@hotmail.com Cell (860) 377-7427
• Professional NERC Analyst with 7 years of NERC CIP Standards compliance experience in the
electric utilities industry.
• Strong experience and knowledge in FERC 693 and 706 with strong compliance focus on
NERC CIP Standards Version 3 through CIP version 5.
PROFESSIONAL EXPERIENCE:
AVANGRID/United Illuminating (UI) Orange, CT
Dec 2015 to Present Title: IT Compliance Analyst, NERC CIP
Manage and execute the NERC CIP Compliance program for AVANGRID/UI Information Technology/
Operation Technology (IT/OT) Department. This includes verifying the NERC compliance
requirements are being completed and interpatient g and providing direction on requirements
becoming affective.
• As the IT Compliance Analyst, NERC CIP I develop, plans, coordinates, directs and conducts
analysis for NERC Reliability Standards compliance. Currently, I am reviewing all IT NERC
CIP documentation for the NERC CIP Version 6 July 1, 2016 compliance date.
• My duties include conducting spot checks to verify compliance activities are being completed. I
preform this by monitoring the change management system, monitoring log reviews and
patching assessments in Secunia.
• For the past seven years I have managed and conducted all of UI’s NERC CIP -005 and CIP-
007 Cyber Vulnerability Assessment (CVA). I successfully choose a CVA vendor, organized
and scheduled SMEs for the CVA, prepared and gathered CVA documentation, escort the CVA
Consultants into Physicals Security Perimeters (PSP). During the CVA I locate cyber assets
within the PSP, explained network/Electronic Security Perimeter (ESP) diagrams, and managed
the activities at the control room and the substations. I have been under budget for the past two
CVAs.
• I routinely attend conferences, webcasts, and conference calls relating to NERC compliance.
These include :
o NPCC workshops
I am a presenting at the May 2016 NPCC Workshop on TCA/RM.
o TFIST (Task Force on Information System and Technology) (Primary)
o North American Transmission Forum
o E-ISAC
• My duties include meeting with NERC/ISO-NE auditors as required to demonstrate standard
compliance, answer questions, and provide hard copies of reports and documents as required.
• I coordinate with UI organizations to acquire internal resources needed to document compliance
with a specific standard and manage cross-functional standards compliance teams. This involves
me meeting with my counterparts in other departments and SMEs.
• I successfully created UI’s 2016 NERC CIP Version 5/6 online training. I developed the training
content in power point and provided it to an online developer. I then reviewed the developer
work and finalized the training. While the training was being modified for the online
application I had to conduct CIP Training classes for individuals that required NERC CIP
Access.
• I participate in the required annual recovery of IT devices that are in the UI CIP Program. This
is performed as an actual recovery test of actual recovery or as a paper drill.
• I currently am administering the CIP Version 3 TFEs and am preparing to convert them to CIP
Version 5 TFEs. I monitor all the TFEs and when a device(s) is added or removed I update the
Page 1
2. applicable TFE as Required. I am currently assessing what existing TFEs will be rolled over
into Version 5/6 TFEs and if any additional TFEs are required.
United Illuminating (UI)
Feb. 2008 to Dec. 2016 Title: NERC Business Analyst
Manage and execute the NERC CIP Compliance program for 7 years under the supervision of the
Director of NERC Compliance. Administer all NERC CIP compliance activities by ensuring NERC CIP
Standards compliance by the IT, SCADA, Systems Maintenance (Relays) Transmission Planning
Departments.
• In 2012 I successfully completed a NERC CIP audit and a 693 audit in 2012. I participated in
the evidence gathering and presentation for all CIP Standards to NPCC Auditors. This included
being the primary presenter for NERC CIP-004 and assisting with all other CIP Standards
presentations to NPCC auditors.
• I was Secretary for the weekly UI CIP Committee. I was responsible for the creating the agenda
that is approved by the CIP Committee Administration and recording meeting minutes. This
weekly meeting provides a set time where NERC CIP issues can be raised to all departments
that are effected by the CIP Standards.
• I was a planner for GRIDEX3. I will be running UI’s participation and developing/modifying UI
injects for the GRIDEX3 MSEL. These experiences have developed my ability to conduct
effective cyber security incident response drills.
• I participated in developing UI’s CIP Version 5 database development in ServiceNow.
I am accomplishing this by developing a database requirement document, developing process
flowcharts, and routinely meeting with the database developer. This new database will allow UI
to effetely meet many of the CIP Version 5 requirements.
• I annually reviewed the Information Protection Policy (IPP) for NERC CIP-003 and provide
guidance to departments about appropriate document labeling and transmittal of documents.
• Annually, I prepared UI NERC CIP Critical Asset List and CIP NERC Critical Cyber Asset a
list from a Lotus Notes Database that I manage. This includes reviewing the lists with SMEs to
verify they are accurate. Preparing the annually memo documenting that the task has been
completed and retaining the as evidence to meet evidence requirements for CIP standards.
• For the past seven years I have managed and conducted all of UI’s NERC CIP -005 and CIP-
007 Cyber Vulnerability Assessment (CVA). I successfully choose a CVA vendor, organized
and scheduled SMEs for the CVA, prepared and gathered CVA documentation, escort the CVA
Consultants into Physicals Security Perimeters (PSP). During the CVA I locate cyber assets
within the PSP, explained network/Electronic Security Perimeter (ESP) diagrams, and managed
the activities at the control room and the substations. I have been under budget for the past two
CVAs.
• I monitored UI’s adherence to its Physical Security Plan. I accomplished two reviews of access
entries into UI’s substations in 2014 and I am preparing to preform two more reviews in 2015.
• I have managed for the last seven years UI’s Annual NERC CIP-004 Training, Personal Risk
Assessments, Awareness material distribution, and the quarterly electronic access reviews. I
developed UI’s CIP Training in 2008 and annually updated the CIP Training program.
• I managed UI’s Technical Feasibility Exceptions (TFE) program. This includes tracking TFEs
and the associated assets, collecting and documenting TFE evidence, and presenting submitted
TFEs for review by NPCC. I am in charge of updating TFEs as in Accordance with Appendix
4D of the Rules of Procedure. It is common for an SME to request guidance from to me to see if
a TFE is required for a particular device.
Page 2
3. • Managed and responded to NERC Alerts. This task involved managing the NERC Alert
Website, receiving NERC Alerts, Preparing responses with appropriate SMEs as required by the
NERC Alert.
• Daily I monitored and administered UI’s NERC CIP Names Database to manage UI’s CCAs.
This database managed UI adherence to NERC CIP-003 Change Management, CIP-002 list of
CAs and CCAs, It contains UI employees and contractors CIP -004 compliance information. I
was in charge verifying that information being entered is correct, assisting any SME that
required training on the system, assistance with entering information or change tickets, and
troubleshooting technical issues. This database was effectively used during UI’s NERC CIP
audit as evidence for multiple standards.
• Developed and managed a CIP training program for The United Illuminating Company (UI). I
annually conduct Online CIP training to over 300 UI personnel to meet the training
requirements of CIP-004.
• I developed and maintained UI’s NERC CIP policies and procedures to comply with NERC
Standards. I was the author of the following policies and procedures; UI’s Change Management
Policy and procedure, UI’s Names Database Policy, UI’s TFE policy. I routinely reviewed other
department’s documents for accuracy and verified that they have been updated on an annual
basis.
• I routinely attended conferences, webcasts, and conference calls relating to NERC compliance.
These include:
o NPCC workshops
o CIPC (Critical Infrastructure Protection Committee (UI Alternate)
o NPCC Compliance Committee (UI Alternate)
o TFIST (Task Force on Information System and Technology)
o North American Transmission Forum
• Kept abreast of NERC CIP Reliability Standards developments and maintain knowledge on
NERC CIP industry matters by participated in weekly TFIST workgroup.
• Consulted with subject matter experts on NERC Standards. I routinely answer questions from
UIs Transmission, Protection and control, Test, Security Services, and UI Management on CIP
compliance questions.
• Monitored the development of new NERC CIP Reliability Standards, identified new compliance
requirements and created plans for administering processes to ensure compliance in the future.
Osmose Utility Services
October 2004-Febuary 2008 Title: Forman
For three years I inventoried both Northeast Utilities and National Grid (Massachusetts) utility poles
on the distribution system. The service provided GPS location of the utility pole, equipment on the pole,
and pole inspection. While in this position I was a data collector for one year, a Quality Control
Forman for two years, and an acting supervisor for a half a year.
• Coordinated a team to collect accurate data on National Grids and Northeast Utilities
distribution electrical grid. I was in charge of a team Data technicians collecting. I did this by
sampling technician’s work, supplying work packets of distribution lines, and dealing with
employee issues. On a special assignment I coordinated a five man team to collect the
distribution infrastructure information on Nantucket. Due to the cost and difficulty of getting
equipment to the island I was requested by National Grid to specifically head this collection
task.
• During this time I had to collect data on utility poles and underground equipment. This required
me to be able to identify electric distribution equipment. Equipment examples are wires, poles,
transformers, insulators, cutout/fuses, and other equipment.
• I routinely assigned crews to tasks and prioritizing jobs during my time at Osmose.
Page 3
4. • Preformed Monthly Safety Inspections In employee Vehicles and Safety gear. This included
varying the Hard had expiration date has not expired, employee had their safety vest, Medical
kit was on hand, and delivering Safety awareness messages and tips.
COMPUTER LITERACY:
• Windows, Service Now, Secunia, Open Text Content Server 10, Lotus Notes, Primavera 7, MS
Office, Power Point, Microsoft Outlook, Microsoft Access,.
• I have reviewed ports and services, patching policies; password polices of SCADA, Physical
Security systems, switches, and firewalls. I assisted in the development of the network diagram
to depict UI’s SCADA Network and Electronic Security Perimeters (ESPs).
EDUCATION
• May 2004 Masters of Science in Environmental Policies Studies, New Jersey Institute of
Technology (NJIT), Newark, NJ
• May 2002 Bachelors of Arts: Public Policy and Government, Eastern Connecticut State
University (ECSU), Willimantic, CT
Page 4