ONG-ISAC serves as a central point of coordination and communication to aid in the protection of exploration and production, transportation, refining, and delivery systems of the ONG industry, through the analysis and sharing of trusted and timely cyber threat information, including vulnerability and threat activity specific to ICS and SCADA systems.
Board of Directors
The Board of Directors and Officers are responsible for the stewardship of the Corporation and are elected to ensure the ONG-ISAC has the critical capabilities needed to achieve its objectives.
Appointed as ONG-ISAC Executive Director in September 2018, Angela is a retired FBI Special Agent with extensive experience in cybersecurity and protecting critical assets. Since joining the ONG-ISAC, she has expanded the ONG-ISAC’s membership with a Strategic Partnership Pilot Program, bringing new organizations, expertise, resources and funding to support the ISAC’s efforts. In addition, Angela has been a subject matter expert speaker, organizer and participant in numerous energy-related conferences, briefings, exercises, meetings, webinars and other events. Ms. Haun is actively pursuing upgraded technologies and additional benefits for ONG-ISAC member analysts and executives.
Community Development Specialist
Sara Scott has recently joined the ONG-ISAC Team as of July 2019 and provides recruitment and marketing support for the ISAC. Sara holds a BFA Degree from The University of Mississippi (2012) and uses her creativity to find innovative solutions for recruitment and promotion. Prior to joining the ISAC, Sara worked in the physical security industry providing sales, marketing, and project management support. In addition to her passion for recruitment, Sara also has a passion for photography and design and has won numerous awards for past works.
Meet the Board of Directors
The board of directors and the officers are responsible for the stewardship of the corporation and are elected to ensure the ONG-ISAC has the critical capabilities needed to achieve its objectives.
Stuart served as a Board Member for over 5 years and became Chairman in June 2018. He has attended the FBI CISO Academy, has served as President of the award-winning South Texas Chapter of the Information Systems Security Association (ISSA), and is a member of ISACA and InfraGard. Stuart has developed and led information security programs for multi-billion dollar companies for the past twelve years and is currently the Sr. Director, IT Security and Compliance for one of the largest publicly-traded energy partnerships. His experience includes information security policy development, creating security awareness campaigns, security operations, leading incident response teams, and setting information security strategy.
Matt Harper is the strategic leader of all the information security and infrastructure functions for a multi-national Fortune 500 Energy Company. Matt has more than 15 years of success in identifying, investigating, and mitigating digital security risks. He is accountable for Enterprise IT Risk Management responsibilities including: Cybersecurity, Continuity of Operations, IT Compliance and Governance functions. Matt is a frequent presenter and panelist at security conferences and industry events, an ONG-ISAC Board Member, and the immediate Past Chair of the Oil & Gas Section Coordinating Council. Prior to his role at Devon, Matt served 15 years as a Special Agent in the Federal Bureau of Investigation responsible for investigating computer intrusion and intelligence matters.
Mary Rose Martinez
Mary Rose Martinez is the chief information security officer and senior director of IT Architecture for Halliburton. She is responsible for global cyber security strategy, execution, and operations, as well as IT enterprise architecture and standards. With over 27 years of experience in the oil and gas industry, she has held various leadership and strategic roles across IT, software development, and marketing. Mary Rose participates in several external security organizations and also serves on the board of PIDX International. The Houston Business Journal named her one of the 2019 Women Who Mean Business honorees. Mary Rose holds a bachelor degree in both computer science and mathematics from the University of St. Thomas, and a master of computer science degree from Rice University.
Dan Chisum is Manager, IT Security, Strategy and Planning for ConocoPhillips. He has more than 30 years of experience with the company in a variety of IT and Internal Audit roles. For the last 16 years he has had responsibility for information security, privacy, records management and business continuity. Since 2014 his role has steadily broadened to include other IT responsibilities such as strategy, planning and budgeting, and IT project delivery. Dan is active in several external security organizations. This includes serving as Secretary for the ONG-ISAC, National Leadership Board member for the CISO Coalition, and Chair of the Global CISO Executive Summit. Dan is a Past Chair of the IT Security Subcommittee and the API Security Conference.
John L. Driggers possesses over 23 years of experience in Oil Field operations, IT, Security, and Risk. Prior to his current role as Schlumberger VP, CyberSecurity John was the Cyber Security Operations Manager responsible for delivering the Next Generation Security Operations Center. John was one of the founding members of the Schlumberger IT Security group, helping to define the standards and policies as the company grew its reliance on connected IT systems. In this role he helped create one of the first sandbox networks, designed to safely observe and monitor the actions of malicious software. John moved from IT Security research into IT Security Operations, and was responsible for leading the IT Security program integrating one of Schlumberger’s largest global acquisitions. Following the successful integration, he became the IT Security Operations manager for the newly merged company. John later moved to the position of Global IT Security Operations Manager for Schlumberger. John’s next role was as Schlumberger’s Global Network Operations Manager, responsible for the terrestrial connectivity of over 1,100 physical sites across 85 countries. His security experience helped shape the direction of the network and ensuring that security was integrated into the core design. This role expanded over time to include the global VSAT network of 1500 mobile sites, and the move to a distributed security framework comprising next generation firewalls. In 2013, John returned to the US to join the Schlumberger IT Transformation project, responsible for the SAP Infrastructure, Security, and BASIS teams. In this role, his team was responsible for the deployment, support, and security of one of the world’s largest SAP/R3 HANA projects. John’s current role of VP, Cyber Security is again part of the overall Schlumberger Digital Transformation. Schlumberger has grown the Cyber Security program to reflect the evolution of the products and services that the company delivers, and the role that Digital plays in the overall strategy. The Cyber Security group in Schlumberger is now responsible for the comprehensive security stance of the company, ranging from the Digital Software and Services offerings, the traditional IT landscape, and the IIoT products deployed to the wellsite. A key part of John’s role includes the expansion and evolution of the next generation intelligence, detection and response capabilities of Schlumberger. John has been a member of Schlumberger’s Incident Response Team since 2000, and has a SANS GSEC certification.
Derek Rude is the Director of IT Security for Weatherford. With more than 20 years of security experience, Derek is responsible for information security strategy, architecture, operations, and incident response. He is an expert in incident response and recovery implementing successful strategies and tactics against both APT and Hacktivists. He has served as a co-chair of the Evanta Houston CISO Summit since its inception. He has also participated in numerous customer advisory boards including FireEye and Microsoft. Prior to this role, Derek was the Director of Information Security for Koch Business Solutions, Senior Manager of IT Security for Halliburton, Application Security Program Manager at Hewlett Packard/Compaq, and Senior Consultant in Information Risk Management at KPMG. Derek also served as a Surface Warfare Officer and Information Professional Officer in the United States Navy where he was a consumer of intelligence, provided secure communications, and secured Top Secret Cryptography. Derek is passionate about learning and has attended several SANS Courses including Threat Intelligence, ICS Active Defense, and Advanced Incident Response, Threat Hunting, and Digital Forensics. He has also received three degrees from Texas A&M University: MBA (2011), MS Management Information Systems (1999), and BS Psychology (1993).
Steve’s global 30-year career in oil & gas and chemicals, is highlighted by accomplishment in engineering and IT with increasing leverage and responsibilities. He is recognized for driving efficiencies and reducing total costs through technology investments, process re-engineering and creatively thinking outside the box and finding solutions to difficult business problems. Steve started his career at Shell Oil Company in 1988, where he joined Shell’s research center and subsequently worked as an exploration geophysicist. He worked in the geophysical field for 15 years, including 10 years as an industry consultant at Energy Innovations prior to joining Oxy in 2002. At Oxy, Steve was previously Oxy’s Petrotechnical Solutions manager before moving to IT in 2005. In IT, Steve has served as the Director of International IT Services, Director of Automation Technology, Director of Infrastructure, and most recently as the Director of IT Security, Governance, Risk & Compliance. His cyber security experience started in 2011 as part of Oxy’s early efforts to protect their industrial control systems. As Chief Information Security Officer (CISO) at Oxy he drove business driven risk management through people, process and technology investments. He has a strong foundation in technology, a passion for transforming organizations and teams, and a focus on strategic thinking and execution. His extensive history of driving change through the enterprise to maximize value, improve resilience, reduce risk, and drive business value has led to his recent reassignment to lead the IT Integration Program after the recent acquisition of Anadarko Petroleum. Steve holds both a Bachelors (1987) and Masters (1989) Degree in Electrical Engineering from the University of Houston, where he was a member of the Honors College.
Keith Herndon joined Baker Hughes in July 2017. BHGE is a leading supplier of oilfield services, products, technology and systems to the worldwide oil and natural gas industry. The 32,000 employees currently at the company, work in more than 80 countries helping customers find, evaluate, drill, produce, transport and process hydrocarbon resources. Keith has brought the voice of the customer to Product Line managers and is working to develop a new architecture for BHGEs’ extensive, global and diverse manufacturing environments. To support this expanded effort, Keith is currently designing a new Security Operations Center for both the IT and OT environment. Before joining Baker Hughes, Keith spent 36 years at Shell Oil Company where he was the US CISO and Manager of Compliance & Incidents. He held numerous assignments in Exploration & Production, Downstream, IT Operations and the head office before joining the Information Risk Management department. Keith has had postings in Houston, Muscat, Oman, and The Hague, in the Netherlands. Keith is a founding board member of the Oil & Gas Information Sharing and Analysis Center (ONG-ISAC), served on the International Information Integrity Institute (I-4) Member Advisory Committee, is an active member of the American Petroleum Institute’s IT Security Sub-committee, and serves on the Evanta CISO board.
Angelique Grado is the Chief Information Security Officer of MRC Global Inc., a global industrial distributor of pipe, valves, fittings and related products and services to the energy industry and No. 6 on Industrial Distribution’s Big 50 List. Angelique has over 20 years of information security experience, with 12 years of that time focused on information protection in the U.S. armed forces. Angelique moved to Houston in the early 2000s to be closer to her husband’s family, where she has helped local companies improve their security posture. In addition, she was the volunteer founder of Houston-based Infragard Oil & Gas Special Interest Group (SIG) with the FBI and has served on the board of the Gulf Coast Chapter of the ISSA. Angelique was handpicked to represent the Armed Forces on the President’s National Infrastructure Protection Center’s team and was part of a force modernization effort creating secure, high-speed, network-centric military operations. She has both supported White House Communications for an international Presidential (POTUS), Secretary of State and Secretary of Defense (SECDEF) visit and broadcast presidential speech from a US Air Force site as well as was the Chief Information Officer of the first US Air Force military exercise group in former eastern-bloc Poland for a joint operations exercise providing both command center and tactical field communications. She speaks at numerous presentations and participates on panels concerning information security, professionalization of the security industry career path and futurizing industrial and business technologies, including IOT and security. She enjoys time off from work with her amazingly supportive family on their small property with their 3 crazy horses and multitudes of flora and fauna.
With the participation and engagement of our members and volunteer staff provided by member companies, the ONG-ISAC can continue to create value for its members and the entire oil and natural gas sector. While there are many ways to volunteer and help the ONG-ISAC succeed, our committee member positions require individuals who are committed to the protection of the energy sector and to making the oil and natural gas industry stronger and safer.
The Membership Committee’s primary responsibility is to evaluate all member applications. Each membership request goes through a due diligence process to ensure eligibility according to bylaws and to determine membership level.
The Benefits Committee helps the Board to ensure the benefits provided by ONG-ISAC will create value for the members and the entire oil and natural gas sector. The Benefits Committee is comprised of member companies’ representatives who meet to provide input on benefit programs, vendor relationships and other issues affecting the ONG-ISAC.
The Information Sharing Committee works with members and strategic partners to build relationships and identify areas where more effective information sharing can be utilized. In addition, the Information Sharing Committee sets the scope for types of threats on which the organization should focus its research and analysis efforts. When necessary, the Information Sharing Committee serves as a key resource for the ONG-ISAC’s staff when coordinating actions during a crisis or incident affecting members.