Brian Harrell

Brian Harrell is a nationally recognized expert on critical infrastructure protection, continuity of operations, and cybersecurity risk management. Harrell is the President and Chief Security Officer at The Cutlass Security Group, where he provides critical infrastructure companies with consultation on risk mitigation, protective measures, and compliance guidance. In his current role, he has been instrumental in providing strategic counsel and thought leadership for the security and resilience of the power grid and has helped companies identify and understand emerging threats. Advising corporations throughout North America, Harrell has worked to increase physical and cybersecurity mitigation measures designed to deter, detect, and defend critical systems. Harrell is also a Senior Fellow at The George Washington University, Center for Cyber and Homeland Security (CCHS) where he serves as an expert on infrastructure protection and cybersecurity policy initiatives.

Prior to starting his own firm, Harrell was the Director of the North American Electric Reliability Corporation’s (NERC) Electricity Information Sharing and Analysis Center (E-ISAC) and was charged with leading NERC’s efforts to provide timely threat information to over 1900 bulk power system owners, operators, and government stakeholders. During his time at NERC, Harrell was also the Director of Critical Infrastructure Protection Programs, where he led the creation of the Grid Security Exercise, provided leadership to Critical Infrastructure Protection (CIP) staff, and initiated security training and outreach designed to help utilities “harden” their infrastructure from attack.

Prior to coming to the electricity sector, Harrell was a program manager with the Infrastructure Security Compliance Division at the U.S. Department of Homeland Security (DHS) where he specialized in securing high risk chemical facilities and providing compliance guidance for the Chemical Facility Anti-Terrorism Standards (CFATS). For nearly a decade of world-wide service, Harrell served in the US Marine Corps as an Infantryman and Anti-Terrorism and Force Protection Instructor, where he conducted threat and vulnerability assessments for Department of Defense installations.

Harrell has received many accolades for his work in critical infrastructure protection and power grid security, including awards from Security Magazine, CSO, AFCEA and GovSec. Harrell maintains the Certified Protection Professional (CPP) certification and holds a bachelor’s degree from Hawaii Pacific University, a master of education degree from Central Michigan University, and a master of homeland security degree from Pennsylvania State University.

The opinions expressed in this blog are those of Brian Harrell and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

Improving cybersecurity governance in the boardroom

Protecting vital water infrastructure

Protecting vital water infrastructure

Safe drinking water is a necessity for protecting public health and safety. Water systems in the United States perpetuate all human activity and properly treated wastewater is vital for preventing disease and protecting the...

Why the Ukraine power grid attacks should raise alarm

Why the Ukraine power grid attacks should raise alarm

The cyber-attacks in Ukraine are the first publicly acknowledged incidents to result in massive power outages. Grid defenders should develop anticipatory responses to these and other ICS attacks.

The private sector is the key to success for the Department of Homeland Security

The private sector is the key to success for the Department of Homeland Security

Infrastructure protection is a shared responsibility that cannot be met by government alone.

Grid security insights for 2017: Pressure mounts to prevent physical attacks

Grid security insights for 2017: Pressure mounts to prevent physical attacks

The new year will bring security challenges and its share of opportunities.

Above the lines: Addressing grid security in the press

Above the lines: Addressing grid security in the press

The electricity industry continues to improve its security posture, yet we are drowning in a sea of negative press.

Security convergence in a utility environment

Security convergence in a utility environment

It used to be that physical, operational and IT security were managed in isolation. However, criminals, activists and competitors don’t think that way and will use any vulnerability to gain access to your sensitive systems or...

Combating insider threats faced by utilities

Combating insider threats faced by utilities

Today, grid operators face daily external threats from cyber hackers and criminals vandalizing or destroying company assets. While protections are in place to help prevent these external threats, utilities must realize that insiders...

The modern look of a utility's chief security officer

The modern look of a utility's chief security officer

Security has received more attention in the last several years and organizations have realized that they lack a designated individual with the appropriate authority to carry out the security responsibilities of an organization. Enter...

Security from the outside looking in

Security from the outside looking in

Utilities that utilize red team exercises can benefit from the knowledge they produce, so long as you have executive buy in and are willing to take potential criticism.

Maintaining a utility's security and reputational risk is vitally important

Maintaining a utility's security and reputational risk is vitally important

Building a utility's reputation may take years, but it can be damaged or destroyed very quickly from a security event. Reputational risk is regarded as the greatest threat to a company's market value and standing in the community.

At the intersection of energy risk management and facility security

At the intersection of energy risk management and facility security

Security professionals in the utility sector must understand the distinct difference between risks, threats, and vulnerabilities and how they all provide useful data points for an effective risk management program. The outputs of this...

Load More