Professional Profile
Strategic cybersecurity executive with over twenty years of experience leading industrial control systems (ICS) cybersecurity and governance initiatives for critical infrastructure. Proven track record in developing and executing enterprise-wide cybersecurity strategies, driving governance excellence, and fostering innovation aligned with frameworks like NIST CSF, IEC 62443, NIST SP 800-53/82, and ISO 27001. Highly adept at collaborating with senior leadership, business units, and external partners to enhance organizational security posture.
Key Achievements
- Area Manager for EPRI's Generation Sector Digitalization Area with research programs for cybersecurity, control systems, monitoring and data analytics, AI, and emerging technologies
- Program Manager of EPRI's Program 209: Cyber Security for Generation Assets
- Appointed Cross-Sector Cyber Security Lead for research and development at EPRI
- Led multiple teams of engineers to implement cybersecurity controls and develop research products that increased the reliability, resiliency, and efficiency of energy sector assets
- Delivered countless high-level threat briefings to executive and management level officials
- Developed a patent-pending secure interactive remote access appliance
- Managed multiple projects with budgets exceeding $20 million in research and government project funding on time, within budget, and within scope results
Innovation Highlights
- Led multiple fast-paced DoW (DoD) and DOE cybersecurity R&D projects concurrently
- Pioneered a patent-pending secure interactive remote access appliance, enhancing cybersecurity for ICS environments by providing robust, scalable alternatives to traditional MFA solutions
- Developed AI-driven cybersecurity controls for DOE CESER-funded projects, integrating machine learning to detect and mitigate threats in real-time for thermal energy storage systems
- Authored cybersecurity hardening guidelines for ICS and embedded systems, adopted by utilities globally to strengthen critical infrastructure resilience
- Developed the methodology and demonstrated the adoption of IT/OT incident response playbooks for the energy sector worldwide with average annualized avoided cost and decreased cybersecurity O&M of over $2.5M per plant
Professional Experience
Served in prior roles as Area Manager, Program Manager, Principal Project Manager, and Principal Technical Leader
- Directed a team of 16+ multidisciplinary engineers and researchers, spearheading strategic advancements in ICS cybersecurity, AI, and digitalization
- Collaborated with C-level executives, business unit leaders, and external partners (utilities, DOE, national labs) to align cybersecurity initiatives with organizational goals
- Hired, developed, and mentored engineers, subject matter experts, and student employees within the digitalization area
- Managed a $20M+ annual research portfolio, delivering 70+ cybersecurity projects that reduced risk exposure collectively by billions in the industry
- Applied risk management frameworks (NIST CSF, PMBOK, ISO 27001, IEC 62443) to develop cybersecurity strategies
- Championed integration of emerging technologies, including cloud security and zero-trust architecture principles
- Spearheaded development of cutting-edge technologies, methodologies, and best practices
- Worked one-on-one with utilities worldwide to implement, transfer, demonstrate, and assess cybersecurity best practices
- Supervised a team of engineers responsible for cybersecurity programmatic implementation, secure-by-design development, and cyber regulatory compliance
- Oversaw large scale cybersecurity engineering projects at major nuclear and fossil energy utilities worldwide
- Designed and applied cybersecurity controls for new reactor control systems and digital components
- Oversaw multiple ongoing multimillion-dollar cybersecurity implementation projects with over 40 fulltime and temporary employees deployed to various sites throughout the U.S.
- Implemented cybersecurity controls aligned with regulatory standards (NRC, NIST, NERC CIP)
- Part of nuclear critical group
- Part of the DHS ICS-CERT team focusing on incident response and intelligence coordination based in the NCCIC in Arlington, VA
- Led incident response for high-profile cybersecurity incidents targeting critical infrastructure, mitigating nation-state advanced persistent threats
- Coordinated with intelligence partners across government (FBI, NSA, USCYBERCOM, NRC, Secret Service) to understand adversary tactics and coordinate victim notification
- Developed classified reporting in coordination with government partners
- Delivered classified and unclassified threat briefings to senior administration staff at the White House, critical infrastructure asset owners, and industry stakeholders
- Collaborated with information sharing analysis centers like the E-ISAC
- Maintained a security clearance
- Focused on explosives, ballistics, weapons development, and physical security research within the National and Homeland Security Directorate
- Worked in multi-disciplinary team researching weapons effects on national security assets and in support of the global war on terrorism
- Maintained relationships with intelligence community, U.S. military, JSOC, law enforcement, and other government agencies
- Advised upper-level management on new technology within varying infrastructure environments
- Performed research within the Control Systems Cybersecurity Program on vulnerabilities in operational technology
- Served as an authorized derivative classifier
- Maintained a security clearance
Education & Certifications
Graduate Certificate in Terrorism Analysis
University of Maryland, College Park, Maryland
M.S. in Nuclear Engineering
The Ohio State University, Columbus, Ohio
B.S. in Mechanical Engineering
The Ohio State University, Columbus, Ohio
Advanced Certifications
- Advanced Cyber Security of Industrial Control Systems (301) Certification, ICS-CERT
- Industrial Control Systems Evaluation (401), CISA
- Cyber Security of Electronic and Internet Based Elections, University of Michigan
Skills & Expertise
Leadership & Management
- Program and project management (budgets exceeding $20 million)
- Team leadership and development (40+ engineers)
- Stakeholder collaboration with C-level executives
- Crisis management and incident response
Technical Expertise
- ICS/OT cybersecurity
- AI-driven security solutions
- Zero-trust architecture
- Cloud security
- Risk management frameworks
Standards & Frameworks
- NIST CSF, NIST SP 800-53/82
- IEC 62443, ISO 27001
- NERC CIP, 10 CFR 73.54
- FFIEC, DOE CIE
Tools & Technologies
- Kali Linux, Wireshark, GRASSMARLIN
- SNORT, MISP, Zeek/Bro
- ELK Stack, Mandiant MIR
- Malware analysis tools
Selected Recent Publications & Presentations
- Hollern, J. "Cyber Security Awareness and Culture Training: (OPSEC) Awareness Posters." Electric Power Research Institute. Brochure 3002032610. August 2025.
- Hollern, J., "Cyber-Physical Digital Twins for Intrusion Detection." Critical Effect DC 2025, Conference Proceedings, June 2025.
- Credle, S., Harun, N. F., Johnson, G., Lawrence, J., Lawson, C., Hollern, J., et al. "Blockchain Research and Development Activities Sponsored by the U.S. Department of Energy and Utility Sector." Energies, 18(3), 611., January 2025.
- Hollern, J., Lawrence, J., "Cyber Resilience in AI-Driven Industrial Control Systems." Society of American Military Engineers, Joint Engineer Training Conference Proceedings. May 2024.
- Hollern, J. "Gas Turbines of the Future: Leading with Cyber Security at the Forefront." Global Gas Turbine News, Vol. 62, No.1. pp. 56-57. August/September 2022.
Awards & Recognition
- EPRI Chauncey Starr Award Recipient for Hardware-Based Secure Remote Access Appliance, 2022
- Patent Pending: Hardware-based secure interactive remote access appliance
- Member of ANS Cyber Security Standard Committee, 2016-2018
- AREVA Engineer of the Year, Honorable Mention, 2015
- SC Magazine's Best Security Team Award (ICS-CERT), 2013