AI Governance · OT/ICS Security · Critical Infrastructure
I develop research, frameworks, and assurance models for governing AI in high impact operational environments, with a focus on the electric sector, ICS/OT cybersecurity, and cyber physical AI risk. Author of AAIGF-E, the first control mapped AI governance framework built for the Bulk Electric System.
Cybersecurity GRC experience across smart city, critical infrastructure, and OT/ICS aligned environments, including governance work connected to a national smart city development program aligned with Saudi Vision 2030.
The Adaptive AI Governance Framework for the Electric Sector closes the governance gap that exists when AI systems operate inside the Bulk Electric System. No existing mandatory standard currently governs model integrity, adversarial threats, drift detection, or AI output influence on operators. AAIGF-E is a CIP overlay, not a replacement.
Member of the NCCoE Manufacturing Sector Community of Interest, receiving updates on events, publications, and opportunities to contribute to cybersecurity guidance for manufacturing and OT environments.
Participant in ISA99 related standards discussions, including JT 62443 06 activity. Submitted comments on ISA IEC 62443 SR 3.1 to SR 3.5 focusing on AI/ML security gaps, and contributed feedback on Security Level Representation options.
Reviewer and contributor to OWASP agentic AI security and governance work, with emphasis on AI risk scoring, assurance, and governance considerations.
Presents a 111 control, 11 domain governance framework for AI systems in Bulk Electric System environments, mapped to NERC CIP, NIST AI RMF, MITRE ATLAS, ISA/IEC 62443, and ISO/IEC 42001.
Maps AAIGF-E controls against NERC CIP to identify structural gaps in AI governance coverage within existing bulk electric compliance frameworks.
Proposes MITRE ATLAS extensions for adversarial AI attack vectors specific to cyber physical systems, OT environments, and critical infrastructure.
Develops a taxonomy of adversarial AI techniques for ICS and OT environments that fall outside current MITRE ATLAS coverage.
Introduces the ACP, AI Consequence Propagation, model to explain how authority drift in AI enabled industrial systems can create governance, safety, and operational risk.
Examines consequence oriented gaps in MITRE ATLAS when applied to adversarial AI threats in industrial control system environments.
Explores how retrieval augmented generation interacts with AI governance requirements in smart grid and industrial automation contexts, including mapping across major AI, cybersecurity, and energy frameworks.
Examines how retrieval augmented generation can support cybersecurity GRC workflows, including compliance traceability, evidence retrieval, and control mapping.
ISO 42001: Artificial Intelligence Management System · Webinar
New ISACA Advanced in AI Audit AAIA Certification Plan · Chapter Technical Session
How to Audit AI Systems: Practical Steps for IS Internal Auditors · Webinar
AI Auditing in High Risk Industries: A Practical Approach Beyond ISO 42001 and NIST AI RMF · Webinar
Prompt Injection Through Operational Data Feeds: A Structural Governance Gap in OT Connected Agentic AI Systems · Istanbul, Türkiye
Guest appearance on AI governance, OT/ICS security, and critical infrastructure · Podcast
Reviewing AI governance models, assurance controls, and gaps in high impact AI deployment plans for energy and industrial organizations.
Structured sessions on agentic AI risk, operational data trust, cyber physical threats, and assurance design for OT environments.
Mapping AI governance requirements to NERC CIP, NIST AI RMF, ISA/IEC 62443, MITRE ATLAS, and ISO 42001 for utilities and asset owners.
Available for pilot assessments, framework reviews, and advisory engagements. Inquire for scope and availability.
If your work involves NERC CIP compliance, OT/ICS security, AI deployment at a utility, smart infrastructure assurance, or AI governance research, I would value a conversation.