AI Governance · OT/ICS Security · Critical Infrastructure
I develop research, frameworks, and assurance models for governing AI in high impact operational environments, with a focus on the electric sector, ICS/OT cybersecurity, and cyber physical AI risk. Author of AAIGF-E, the first control mapped AI governance framework built for the Bulk Electric System.
Cybersecurity GRC experience across smart city, critical infrastructure, and OT/ICS aligned environments, including governance work connected to a national smart city development program aligned with Saudi Vision 2030.
The Adaptive AI Governance Framework for the Electric Sector closes the governance gap that exists when AI systems operate inside the Bulk Electric System. No existing mandatory standard currently governs model integrity, adversarial threats, drift detection, or AI output influence on operators. AAIGF-E is a CIP overlay, not a replacement.
AAIGF-E is available for research aligned pilot assessments with electric sector, OT/ICS, smart infrastructure, and critical infrastructure organizations.
A pilot assessment can help identify AI governance gaps, map existing controls against AAIGF-E, and evaluate how AI related risks such as model integrity, drift, adversarial inputs, operator influence, monitoring, response, and recovery are addressed within current governance and compliance processes.
Use this short form to prepare a pilot assessment inquiry. When you submit it, the request will be securely sent through Formspree.
The AAIGF-E maturity assessment is being developed as a board oriented review model to help organizations evaluate AI governance readiness across lifecycle ownership, control coverage, assurance, monitoring, incident response, and recovery readiness.
Summarizes current AI governance readiness and accountability across high impact AI use cases.
Maps current governance and cybersecurity practices against AAIGF-E control expectations.
Translates AI governance gaps into leadership level risk themes and recommended next steps.
Participant in NIST AI Profile public discussions, including feedback related to AI governance, assurance, and critical infrastructure risk. Member of the NCCoE Manufacturing Sector Community of Interest for cybersecurity guidance related to manufacturing and OT environments.
Participant in ISA99 related standards discussions, including JT 62443 06 activity. Submitted comments on ISA IEC 62443 SR 3.1 to SR 3.5 focusing on AI/ML security gaps, and contributed feedback on Security Level Representation options.
Reviewer and contributor to OWASP agentic AI security and governance work, with emphasis on AI risk scoring, assurance, and governance considerations.
Accepted for presentation at the IEEE Scientific Sessions of the 2026 International Conference on Cybersecurity, Digital Forensics, and AI Applications in Istanbul, Türkiye.
Presents a 111 control, 11 domain governance framework for AI systems in Bulk Electric System environments, mapped to NERC CIP, NIST AI RMF, MITRE ATLAS, ISA/IEC 62443, and ISO/IEC 42001.
Maps AAIGF-E controls against NERC CIP to identify structural gaps in AI governance coverage within existing bulk electric compliance frameworks.
Proposes MITRE ATLAS extensions for adversarial AI attack vectors specific to cyber physical systems, OT environments, and critical infrastructure.
Develops a taxonomy of adversarial AI techniques for ICS and OT environments that fall outside current MITRE ATLAS coverage.
Introduces the ACP, AI Consequence Propagation, model to explain how authority drift in AI enabled industrial systems can create governance, safety, and operational risk.
Examines consequence oriented gaps in MITRE ATLAS when applied to adversarial AI threats in industrial control system environments.
Explores how retrieval augmented generation interacts with AI governance requirements in smart grid and industrial automation contexts, including mapping across major AI, cybersecurity, and energy frameworks.
Examines how retrieval augmented generation can support cybersecurity GRC workflows, including compliance traceability, evidence retrieval, and control mapping.
ISO 42001: Artificial Intelligence Management System · Webinar
New ISACA Advanced in AI Audit AAIA Certification Plan · Chapter Technical Session
How to Audit AI Systems: Practical Steps for IS Internal Auditors · Webinar
AI Auditing in High Risk Industries: A Practical Approach Beyond ISO 42001 and NIST AI RMF · Webinar
Prompt Injection Through Operational Data Feeds: A Structural Governance Gap in OT Connected Agentic AI Systems · Istanbul, Türkiye
Guest appearance on AI governance, OT/ICS security, and critical infrastructure · Podcast
Reviewing AI governance models, assurance controls, and gaps in high impact AI deployment plans for energy and industrial organizations.
Structured sessions on agentic AI risk, operational data trust, cyber physical threats, and assurance design for OT environments.
Mapping AI governance requirements to NERC CIP, NIST AI RMF, ISA/IEC 62443, MITRE ATLAS, and ISO 42001 for utilities and asset owners.
For AAIGF-E pilot assessments, maturity reviews, framework reviews, and advisory engagements, inquire for scope and availability.
If your work involves NERC CIP compliance, OT/ICS security, AI deployment at a utility, smart infrastructure assurance, or AI governance research, I would value a conversation.
SSRN · Google Scholar · ORCID