Critical Infrastructure Protection

Cybersecurity  +  Compliance  +  Managed Services


Protecting your IT/OT infrastructure is crucial and recent events demonstrate how a motivated hacker can wreak chaos on well-protected systems. ITEGRITI is a cybersecurity consulting and advisory firm with deep expertise gained through our work in protecting large-scale and distributed National Critical Infrastructure since those Standards first became mandatory in 2008.  The cybersecurity resilience programs we develop will help you avoid hacks, detect breaches, minimize business disruption during an event, and reduce incident recovery time.


Cybersecurity threats are evolving, footprints are expanding, and attackers have become even more sophisticated. The threat landscape is expanding as companies extend technology to accommodate employee, customer, and vendor needs. Organizations must now consider the impact from service disruption, data destruction and ransomware, and erosion of customer confidence in terms of operational cost, regulatory penalties, and brand or reputational damage.

To operate, organizations require the reliability of their information technology systems and IT/OT managed assets. Well-designed cybersecurity programs defend against and withstand most hacks but, despite best efforts, a motivated hacker will break into a system they target. There is no doubt, no question. What happens next depends on incident planning and preparedness. Cybersecurity Resilience builds on good cybersecurity programs by addressing demands for business continuity, information protection, and crisis communications.

  • How will business operations and customer service continue until technology is restored?
  • What did the hackers take, was sensitive data encrypted, and is it usable by these criminals?
  • How, when, and what is communicated to leadership, employees, customers, and the community and by whom?

ITEGRITI designs and implements programs that help companies avoid hacks, detects breaches when they occur, minimize business disruption during a cybersecurity event, and reduce incident recovery time. We work with organizations to align cybersecurity programs with enterprise risks and first consider existing security hardware, software, and security/compliance controls. We help companies establish and evaluate specific control objectives and internal controls, measure operational effectiveness, and establish an improvement plan that includes actionable remediation activities.

Through our strategic partnership with HCL Technologies, and a network of 150 alliance partners, we implement the items selected by our clients for remediation in terms of policy and procedure, hardware and software implementation or configuration, and internal control and audit program to measure, manage and report ongoing control effectiveness.

How We Help Clients

  • Account management: user, service, and privileged

  • Asset inventory, change and configuration management

  • Attack surface reduction: service, port, asset, and application rationalization

  • Business continuity planning and testing

  • Cloud solutions and security controls

  • Crisis communications

  • Cyber and physical security convergence

  • Disaster recovery planning and testing

  • Employee enablement: BYOD and secure remote access

  • Incident response and recovery:  process, tools and information

  • Information protection: classification, identification, and storage

  • Network security architecture design, segmentation, and redundancy

  • Organizational change management

  • Penetration testing and social engineering, security assessments

  • Secure asset configuration and hardening, including IOT/IIOT

  • Security patching: source and file validation and implementation

  • Security training and awareness

  • Site walkdowns

  • Supply chain management: policy and supplier assessments


Risks associated with cyber systems containing or controlling Critical Infrastructure, PII and ePHI are growing as regulations mount, hacking tactics evolve, and bad press meets social media.  The Federal Government and public demand protection of this information and assets, and these regulations can carry civil, operational and financial penalties.  And companies are becoming keenly aware that compliance does not alone provide cybersecurity.

Many organizations are working to develop and support compliance cultures.  In order to accomplish this, sustainable programs must be manageable, scalable, and transparent where compliance tasks are embedded with operational tasks.  In return, leadership must be provided with timely and accurate information with which to make decisions – internal audit programs must measure, monitor and report the operational effectiveness of key controls.

Our team members served in operational, management, and auditor roles and have deep experience in regulatory compliance and affairs, internal compliance program development, cybersecurity, training development and delivery.

How We Help Clients


  • Program design and implementation (FERC, NERC CIP, HIPAA, HITRUST, AFRMR, ITGC, etc.)

  • Compliance assessments using recognized frameworks (NIST, ISO27K, NERC CIP, HITRUST CSF, COBIT, etc.)

  • Internal control design and implementation

  • Audit program design and implementation

Audit Preparation

  • Gap analysis and recommendations

  • Compliance package creation and review (e.g. RSAWS, narratives, cross references, etc.)

  • Mock audits

  • SME/witness training and coaching

Mitigation Activities

  • Root casual analysis and corrective action generation

  • Organizational change management

  • Process design for key IT functions including user, asset, patch and change management

  • Process design for GRC tool to measure, manage and report internal control effectiveness


Effective cybersecurity and compliance programs rely on key functional support from security and compliance managers having specific roles and experience. These professionals are in high-demand and not all organizations are staffed to meet these needs, while others divide and distribute tasks across many resources. This approach most often creates environments where management has no access to timely and accurate information on the effectiveness of their cybersecurity or compliance programs.

By establishing a key set of necessary tasks and developing a model where organizations can select services to meet their specific need and budget, ITEGRITI can provide ongoing compliance and cybersecurity advisory through our Virtual support models:  vCISO, vCompliance Team, and Workforce Support. Our fractional resource models are very cost effective.

How We Help Clients


  • Strategic planning, governance, and oversight

  • Align security initiatives with business risks and objectives

  • Technology advisory and steering committee – cybersecurity

  • Impact analysis and planning – cybersecurity

  • Technology and program reviews for M&A support

  • External, independent IT audits (ITGC, etc.)

vCompliance Team

  • Technology advisory and steering committee – compliance

  • External, independent compliance audits

  • Impact analysis and planning – compliance

  • Compliance resource generation (risk and control mappings, updates to regulations, etc.)

  • Vulnerability assessment

  • Third-party vendor assessments

Workforce Support

  • Perform background checks, personnel risk assessments (PRAs)

  • Provide end-user training

  • Manage and report user training

  • Develop cyber security awareness materials

  • Cybersecurity candidate screening, development, and pre-employment evaluation



Companies struggle with ongoing operational, cybersecurity, and regulatory compliance responsibilities. Recruiting, training, and retaining quality talent is difficult, but it can be even harder to find qualified and dependable consultants to ease the burden from:

  • Having more projects or tasks than time or resources to manage
  • Ever growing task lists that don’t seem to end
  • Preparation activities for upcoming audits and reviews

ITEGRITI can help in many capacities, including:

  • Dedicated resources to complete projects and task list items
  • Compliance program and effectiveness assessments
  • Management and oversight of “Shadow IT”, outsourced Cloud applications
  • Audit and SME preparation
  • Process improvement and procedure writing
  • Organizational change management and training
  • Internal audit program design
  • Independent, external assessments


Experience > Process > Results
The ITEGRITI leadership team is involved in every project, including initial project advisory, scoping, and organization, and later through direct assignment or oversight roles.  Our experience includes:

  • IT and OT operational experience with industry, Big 4 and large consulting backgrounds
  • Planning and management of large, complex projects throughout the U.S. & Canada supporting Critical Infrastructure across electric, oil & gas, healthcare, financial services, and transportation sectors
  • Management, oversight or service on over 300 projects in cybersecurity, compliance, and audit
  • Multiple framework & methodologies:
    • NERC CIP, ISO27k, NIST (RMF, CSF, 800-37, 800-53, 800-171, NISTIR-7628), NRC 5.71, NEI 08-09, AFRMR, and COBIT
  • Certified cybersecurity & compliance professionals:
  • Management, oversight or service on over 200 projects in cybersecurity, compliance, and audit

ITEGRITI designs an approach that follows the Plan, Do, Check, Adjust model. Our delivery team has access to tools and templates that can manage team workflow, provide consistency in deliverables, and generate timely & accurate reporting. Our tools include:

  • A database that manages data requests, workflows, reviews, and disposition with reports that dynamically provide Data Request status.
  • Surveys and self-assessments that are accessible from computers, tablets and cell phones.
  • An available SFTP site for the sharing of sensitive information.

Case Study

An ITEGRITI client had a growing list of cybersecurity, compliance, process improvement, training and organizational change management concerns but lacked internal resources for timely completion of tasks. We reviewed the list with our client, identified dependencies and critical path, anticipated level of effort, and organizational priority. They contracted our team to lead and help complete priority items on their task list, working both independently and in collaboration with their employees, vendors, and other contractors. ITEGRITI managed efforts in an Agile fashion and by working together our client was able to meet internal and external deadlines.

We have now completed over a dozen projects projects for this client supporting NERC corporate compliance, IT compliance, CIP program management, enterprise applications, generation, transmission, renewables, critical infrastructure operations, cybersecurity, telecommunications, and physical security.


“Michael and the ITEGRITI team has partnered with us to advance and mature our cyber security capabilities across the technology that operates our critical energy infrastructure, in the midst of an evolving regulatory environment and threat landscape. ITEGRITI seamlessly integrated into our team, providing valuable industry expertise and practical solutions to imbed these new capabilities into the way we work at Duke Energy. Fantastic insights, tangible results. Thank you for the partnership!

Brian Savoy
SVP, Business Transformation & Technology
Duke Energy Corporation


ITEGRITI is pleased to announce that we entered a strategic partnership with HCL Technologies, combining their industry-leading Security of Things services with ITEGRITI’s cybersecurity, compliance, and Critical Infrastructure expertise.  HCL has a worldwide network of R&D, innovation labs and delivery centers, cybersecurity fusion centers, and 159,000+ ‘Ideapreneurs’ working in 50 countries, HCL serves leading enterprises across key industries, including 250 of the Fortune 500 and 650 of the Global 2000.

How can we support your goals?

Let’s work together

Want to make an impact?

Come work with us

Holistic Cybersecurity Assessments

ITEGRITI performed a holistic cybersecurity assessment for three separate utilities owned by a single client.  The assessment included performing comprehensive site walk downs to identify critical infrastructure, reviewing process documentation, and performing a gap analysis [...]

Efficient, Repeatable CIP Validation Process

ITEGRITI designed and implemented a CIP assessment process for a large utility that increases the efficiencies in gathering and evaluating compliance evidence, yet still firmly rooted in the NERC data request approach.  Highly accurate and [...]

View More Projects
Go to Top