Bryan CarrSenior Security and Compliance Consultant
CISSP, CISA, PSP, PMP, CBRM
Bryan Carr is a Senior Security Consultant to the energy industry with eight years of experience in physical and cyber security compliance and auditing, also representing Archer Security Group in Portland, Oregon. Mr. Carr is a Subject Matter Expert for all CIP v5 compliance standards with emphasis on BES Cyber System classification, physical security, access control and monitoring, incident response, disaster recovery, and physical security for substations. Having performed 100+ performance audits, Mr. Carr’s has a vast knowledge of infrastructure, software and cyber security capabilities of industrial processes, SCADA and distributed control systems.
For four years, Mr. Carr was Senior Compliance Auditor, Cyber & Physical Security at the Western Electricity Coordinating Council (WECC), a regional entity responsible for coordinating and promoting Bulk Electric System security and reliability in the Western Interconnection. It is the largest and most diverse of the eight regional entities that have Delegation Agreements with the North American Electric Reliability Corporation (NERC). Mr. Carr led and participated in over 100 CIP v3 audits and 10 CIP v5 transition audits, including spot checks and investigations, of electric utilities across the Western region of the U.S. and British Columbia. He observed, evaluated, and documented compliance practices, methods, and results for over 100 transmission substations, transmission control centers, and generation facilities, and was selected to represent WECC on joint audits with other NERC regions.
Prior to his work with WECC, Mr. Carr was Compliance Program Manager for NERC CIP Compliance for Pacificorp, a leading western U.S. energy services provider and large grid owner/operator in the West, serving 1.8M retail customers in six western states. He directed and supported cyber and physical security programs, and oversaw the NERC CIP v3 compliance program for 12 critical physical assets and over 1,500 critical cyber assets. This is where Mr. Carr became an expert on all CIP standards and their application to industrial process, SCADA and distributed control systems.