Corporate Risk Solutions, Inc.
Rosehill Office Park
8725 Rosehill Road, Suite 450
Lenexa, Kansas 66215
913-422-0410
866-492-7072 Toll Free
Contact Us

Philip S. Sobol, CISSP, CISA, IAM, CNA

Senior Security Consultant
psobol@corprisk.net

Phil Sobol is a Senior Security Consultant specializing in cyber security and Technology-based computer forensics investigations. Mr. Sobol is also a recognized expert in critical infrastructure security in the area of NERC CIP standards compliance as well as Cyber Security Governance Programs, Sarbanes-Oxley IT Security Compliance, Computer and Security Systems Audits and Penetration Testing, Technical Business Continuity Planning, Corporate Information Security Programs, Awareness Training Programs, IT Systems Risk Assessments and Policy and Practices Research and Development.

Prior to joining Corporate Risk Solutions, Mr. Sobol worked for five years for a Fortune 100 International Telecommunications Company as a Security Engineer providing his expertise in network and communications security for a revolutionary, cutting-edge technology destined to change the way communications providers provided services to their customers.

His responsibilities included security risk assessments and analysis on new developmental projects, providing security risk mitigation strategies to numerous internal departments and managing the implementation of an Intrusion Detection System into various parts of the telecommunications network. He participated in system testing and failover as well as interfacing with developers to provide recommendations on security coding best practices.

Mr. Sobol also spent 11 years as an IT Network Administrator at all tiers of support for a leading medical monitoring device manufacturer. He was responsible for managing a Novell IT Network, Facility Security Systems and Corporate Telecommunications Systems for the research and development department of the company comprising a user base of 80 R&D and support personnel.

His responsibilities included network and information security, network reliability, special applications programming, end user support, system backup and restoration processes, first line of defense for computer incident response, network virus and malware protection, phone and voice mail system programming and maintenance, facility security systems programming and maintenance, reliability of network communications with five remote sites, new system implementation, workstation and application troubleshooting, document retrieval database design, programming and maintenance.

Mr. Sobol has been an invited speaker at a number of United Telecom Council conferences and the Midwest Infrastructure Security Forum using his experience and expertise to enlighten attendees about the NERC Critical Infrastructure Protection Standards and applications. As a functional expert, he has lectured on the topic of Wireless Security in SCADA Networks to the Kansas Critical Infrastructure Protection Working Group. Mr. Sobol has also presented numerous Security Awareness Training programs to critical infrastructure organizations. And has attended the SANS SCADA Security Summit and Midwest Infrastructure Security Forum.

Mr. Sobol participated on three NERC Drafting Teams. Beginning with the UA1200 Cyber Security Standards, Mr. Sobol has helped to shape the requirements for security within the electric industry. From the UA1200 Team, Mr. Sobol joined the Critical Infrastructure Protection (CIP) Standards Drafting Team further contributing to the security of the nation’s electric infrastructure. As the CIP Standards became adopted by the electric industry, Mr. Sobol then joined the Violations Risk Factors Drafting Team helping to set the level of risk to the Bulk Electric System for companies that violated the standards. Mr. Sobol has continued to be involved in critical infrastructure protection activities by participating in the development of the Department of Energy’s Roadmap to Secure Control Systems in the Energy Sector and frequently staying in contact with various members of the drafting teams and Regional Reliability Organizations to continue to clarify the requirements of these security standards.

During his tenure at Corporate Risk Solutions, Mr. Sobol has designed security audit programs for utility clients as well as provided support for client physical security systems, conducted internal cyber and computer forensic investigations, provided after action analysis from cyber attacks, written corporate policies and procedures, organized Computer Incident Response Teams and provided expert counsel on topics surrounding HIPAA, Sarbanes-Oxley, NERC CIP Standards and various regulatory requirements. He is a graduate of both Dale Carnegie and the Basic Reid Interview and Interrogation Course.

Mr. Sobol is a licensed Security Consultant/Private Investigator in several Midwest States and is an active member of the Information Systems Security Association (ISSA), the International Information Security Certification Consortium (ISC)2, the Information Systems Audit and Control Association (ISACA), the FBI InfraGard program and the High Tech Crimes Investigation Association of Kansas City (HTCIA). He is an observer with the Kansas Critical Infrastructure Protection Working Group which is comprised of electric utility companies in the states of Kansas and Missouri.

Mr. Sobol’s certifications include the Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), NSA Certified InfoSec Assessment Methodology (NSA-IAM) Professional, and Certified Novell Administrator (CNA). Mr. Sobol is a Certified ProWatch Security System Programmer and Administrator and is also trained in Project Management, AutoCAD and Computer Forensics.