Michael Sanchez, CEO (CISA) is involved in the scoping and planning of every project, and then serves in an advisory capacity until all deliverables are completed. He has over 34 years of experience in information technology, cybersecurity, physical security, compliance, and audit. Michael has held senior leadership positions in the energy, oil & gas, healthcare, and transportation industries. He is a former VP and General Manager for ICF International, a large global management consulting firm, where he served as head of Commercial Cybersecurity and Compliance. In other past roles, he managed IT and OT for a $12-billion energy corporation, assisted in the IT rebuild and redesign for a large power generation company, and served for 12 years as a board member for FBI InfraGard Houston, helping to facilitate the sharing of information related to domestic physical and cyber threats.

Sid Shaffer, VP and Chief Delivery Officer (MBA, CISA) has a reputation for consistent first-class delivery in the industry. With 24 years of experience and a passion for quality, he provides technology enablement and leads our teams to deliver excellence throughout the entire cybersecurity lifecycle.  Sid is an expert in the application of internal controls in risk reduction and has extensive experience with developing and assessing cybersecurity and compliance programs, including substantial compliance experience with North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) requirements. He has managed and participated in multiple cybersecurity exercises and vulnerability assessments, assisted management in the remediation of security and control concerns, advised clients on methods of reducing cybersecurity risks, and facilitated sessions to improve key business processes and the related controls.

Dr. Thomas “Tom” Duffey, Director Cybersecurity and Compliance (CAP, C|CISO, CCNP-S, CDPSE, C|EH, CISA, CISM, CISSP, CRISC, FITSP-M, GCIP, HIPAA CHP, HITRUST CCSFP, MCSE, PMP, SABSA SCF, SASE) specializes in serving the cybersecurity and regulatory compliance needs of the defense, healthcare, and energy (utilities and oil & gas) critical infrastructure sectors.  He is passionate about protecting operational technology (OT) and the Internet of Things (IoT) for multiple industries.  His consulting and training experience includes support for worldwide military branches (U.S. Army, Navy, Air Force, Marines, Army Reserve, Air National Guard), and he has worked at numerous CONUS and OCONUS facilities across the globe. Tom’s DoD 8570 qualifications include IAM II, IAT III, and IASAE II, along with CNDSP-Auditor, CNDSP-Incident Responder, and CNDSP Manager. Tom earned his Doctoral Degree with specialization in Computer and Information Security and wrote his dissertation on NERC CIP Regulatory Compliance /Security.

The ITEGRITI Project Management Office (PMO)

Each ITEGRITI project has an assigned lead, a person with the background and experience for successful project leadership and delivery, who is teamed with a Project Manager.  Our leads manage the project team, approach, and deliverables while our PM’s monitor hours, timelines, barriers, deliverables and ensure the teams have the support and resources necessary for client success.  As appropriate, these resources include the use of standard methodologies, tools, and templates to generate consistent and quality deliverables.  ITEGRITI PMs report independently to our PMO office, currently led by our CEO.

Stanley Kopman, Senior Project Manager (BSEE) has over 40 years of experience in the electric utility industry, including more than 20 years of expertise in regulatory compliance in the United States and Canada.  He formerly served as the Assistant Vice President of Compliance Enforcement and Mitigation for Northeast Power Coordinating Council (NPCC), one of the NERC regional entities.  He has led multiple audit teams for FERC, and NERC OT/ICS audits and participated as chairman of various NERC and regional compliance committees.  While at NPCC, Stanley’s accomplishments included:

  • Developed and implemented a collaborative, risk-based compliance monitoring and enforcement program (CMEP).
  • Developed and implemented internal regional compliance procedures, documentation, and reporting tools related to the CMEP.
  • Ensured compliance monitoring and enforcement issues were thoroughly vetted and processed by NPCC per the NERC Rules of Procedure.
  • Represented NPCC on NERC Committees and Task Forces, providing input and perspective from a regional view.
  • Organized and led NPCC Regional response audit team as it prepared and presented requested information to NERC and FERC.
  • Developed successful and influential outreach programs for NPCC Registered Entities, including creating and presenting at semi-annual compliance workshops for as many as 200

Phil Lucas, Senior Project Manager (CE, MBA) has over 38 years of experience working for major utility companies across various roles in transmission, distribution, and generation. Prior to joining ITEGRITI, Phil led corporate oversight and governance of NERC O&P compliance for a major utility. In that role he provided direction for the development of RSAWs, self-reports, mitigation plans, audit planning and preparation, mock audits, and led multiple on-site audits with FRCC, SERC and RFC. He was also the POC with SERC and FRCC, responsible for submitting self-reports, mitigation plans, and evidence to document completion.  Phil is experienced with managing large-scale technology projects including the implementation of a DSDR Smart Grid project for a major utility where he supported compliance programs, worked with business partners and control owners to design and define processes and controls, performed assessments of evidence, and addressed potential audit concerns.