Manager, Advisory, Cyber Security, Energy & Natural Resources, KPMG LLP
Christian Kon
Manager, Advisory, Cyber Security, Energy & Natural Resources
Christian Kon uses Agile methods for practical approaches to cybersecurity and process improvement with his background in Electrical and Computer Engineering, Energy Management System (EMS) operations, Industrial Control System (ICS) security, and NERC Critical Infrastructure Protection (CIP) compliance and auditing. From security strategy to individual transformation coaching and training, Christian is dedicated to providing innovative solutions forged in collaborative team environments. He champions that compliance is a natural result of sound security and efficient business processes, not separate and siloed from each other.
Professional and Industry Experience
Christian has served as engagement manager for multiple large utilities’ cyber security assessment, internal audit, external audit support, and compliance program improvement project. He has led teams of specialists who increased the compliance maturity improvement velocity by a factor of three using Agile methods for team and stakeholder engagement. In addition, Christian has worked with multinational utility companies developing an industry leading IT risk and control set. This product identifies companywide IT risk with mitigating cybersecurity and IT controls fully based in NIST, NERC CIP, COBIT, GDPR, NIS-D, and more. Previously, Christian was managing advisor for quality assurance activities nationwide audit and security maturity of one of the largest utility companies in the United States. At Mid-Continent Independent System Operator (MISO), he led the CIP Version 3 to Version 5 transition program. Further, Christian performed CIP Analyst and EMS Engineering activities at Orlando Utilities Commission (OUC) developing and implementing operational business policies, processes, and procedures. With this experience, Christian understands the full spectrum of differences in how Responsible Entities fulfill their compliance obligations while minimally impacting business operations.
Information Security Governance and Strategy
Information Security and Compliance