A regional electric cooperative responsible for generating and transmitting power to member distribution systems across its service territory. As a regulated bulk electric system operator, the cooperative operates under NERC CIP cybersecurity requirements and faces operational and security risks with direct consequences for the communities it serves.
Client identity withheld per confidentiality standard. Available for reference discussion upon request.
TDW has served as an embedded senior consultant to the cooperative's risk and security functions for nearly two decades — one of two concurrent long-term engagements that define TDW's consulting practice. Over that period, TDW has worked across cybersecurity, information security, enterprise risk management, emergency preparedness, physical security, and major IT infrastructure projects, functioning as a trusted extension of the internal team rather than a transactional outside vendor.
TDW co-developed RiskView, a Salesforce-based enterprise risk management platform that documents the cooperative's critical business processes, assets, resources, and their interdependencies. The platform provides leadership with a structured, continuously maintained view of operational risk — supporting both internal risk governance and regulatory requirements.
TDW facilitated risk assessments with company leadership to identify and prioritize critical processes and assets, and performed business impact analysis (BIA) on potential loss scenarios to quantify the operational and financial consequences of disruption.
TDW developed a comprehensive suite of contingency plans aligned to FEMA NIMS, covering the full spectrum of scenarios a critical infrastructure operator must be prepared for:
TDW also designed and facilitated crisis exercises and scenario-based training to validate plan effectiveness and build organizational readiness.
TDW participated on the cooperative's cybersecurity team to develop standards and controls aligned to NERC CIP guidelines — the primary federal cybersecurity regulatory framework for bulk electric system operators. TDW conducted cybersecurity assessments of critical corporate applications, identified vulnerabilities, and worked with IT and cybersecurity staff to remediate findings.
TDW supported development of a corporate information security program — defining classification categories, information handling requirements, and controls for sensitive corporate information. TDW conducted information security assessments for assets identified as critical through the enterprise risk program, partnered with leadership to close identified gaps, and developed staff education materials on information security standards and protocols.
TDW managed a major communications network upgrade supporting management of the cooperative's electric grid assets. The project involved:
Continuously maintained enterprise risk platform (RiskView) giving leadership an auditable, real-time view of organizational risk.
Complete contingency plan suite — CIRP, ERP, BCP, CMP — exercised and maintained, providing documented regulatory compliance and genuine operational readiness.
NERC CIP-aligned cybersecurity standards and controls developed and sustained over a 19-year engagement.
Corporate information security program with documented classification framework, controls, and assessment methodology.
Modernized grid communications network with a fully operational NOC — delivered on scope and within technical constraints.
19-year trusted advisor relationship, with TDW functioning as an embedded member of the risk and security team.
The length of this engagement is itself a differentiator. Nineteen years of continuous service to a single critical infrastructure client reflects something that can't be manufactured: consistent delivery, deep institutional knowledge, and a client relationship built on genuine trust. TDW doesn't just understand this client's risk environment — TDW helped build the frameworks used to manage it.