Kiwanis Club of Houston
October 17th Luncheon

This luncheon will be at Brennan's!!

Speaker: Tauseef Ghazi

Ghazi currently serves as a principal in RSM’s security, privacy, and risk practice. He is a technical lead with more than 20 years of infrastructure security, system implementation and application security review experience. He has served as the lead partner with responsibility for planning, budgeting, execution and delivery of security assessments, cyber maturity evaluations, process control assessments, data privacy, business continuity, disaster recovery, IT governance, IT performance, IT risk assessment, infrastructure risk assessments, penetration testing and diagnostic engagements for energy clients for 2 decades.

In addition, Ghazi serves as the national leader for critical infrastructure protection security at RSM. Ghazi also has extensive experience in leading and delivering security assessments and serves as the leader on both strategic and tactical security engagements for RSM. Ghazi’s current focus and past clients include leading entities in the power and utility, oil and gas, and financial industries.

Detailed Experience

Leads board, executive and audit committee-level discussions around complex security issues and challenges to educate stakeholders on the business risks organizations face, and provides remediation roadmaps that align with the business and IT strategies

Leads large security program implementations both for corporate and operational systems to minimize security risks and maintain compliance to industry-approved frameworks, e.g., FFIEC, NERC CIP, NIST, ISO, ISA, SANs 20 Critical Controls, ES-C2M2

Led various cyber maturity assessment, including peer comparison with the energy industry to develop long-term sustainable security strategy tailored to clients’ business and operational needs

Designed and implemented comprehensive Industrial Control System Security Programs at various companies, including security of drilling platforms, drill ships, pipelines, power plants, refineries etc. (The implementations focused on governance, framework, comprehensive security process re-engineering, IT and security controls design and implementation.)

Led network architecture assessments for numerous process control centers covering better security design practices, segmentation and configurations, which enabled critical data to be accessed and maintained securely (The assessments also included vulnerability identification and exploitation simulating real attacks on critical infrastructure and process control network.)

Led CIP readiness assessments and reviews to determine appropriateness of the approach, progress and posture of the project in place to address government regulations (He provided key insight on several projects focused specifically on interpretation of regulations and impact of the requirements.)

Developed the methodology to conduct vulnerability assessments in real-time operational environments (SCADA, DCS, EMS, etc.) while maintaining and managing the risks attributed to vulnerability analysis and minimizing impact to such environments while identifying critical security risks

Led teams that have performed internal, external, wireless and application penetration testing for a number of clients (In this role, he has assisted in identifying the business risk of exploitable security vulnerabilities in order to better relate their impact to his clients and to assist them in appropriately mitigating the risks in the future.)