Sandy Bacik, author and former CSO, has over 14 years direct development, implementation, and management information security experience in the areas of Audit Management, Disaster Recovery/Business continuity, Incident investigation, Physical security, Privacy, Regulatory compliance, Standard Operating Policies/Procedures, and Data Center Operations and Management. With an additional 15 years in Information Technology Operations. She joined EnerNex in January of 2010.

Throughout her career Ms. Bacik has managed, architected and implemented comprehensive information assurance programs and managed internal, external, and contracted/outsourced information technology audits to ensure various regulatory compliance for state and local government entities and Fortune 200 companies. She has developed methodologies for risk assessments, information technology audits, vulnerability assessments, security policy and practice writing, incident response, and disaster recovery. She has implemented cross-functional Business Continuity Programs and developed an enterprise-wide security conscious culture through information assurance programs. Ms. Bacik has performed and managed engagements for the following assessment types and frameworks to ensure corporate compliance: Committee of Sponsoring Organizations of the Treadway Commission (COSO) , Payment Card Industry-Data Security Standard (PCI-DSS), Control Objectives for Information and related Technology (CobIT), Gramm-Leach Bliley Act (GLBA), Health Insurance Portability and Accountability Act (HIPAA), International Standards Organization (ISO) 17799, IT Infrastructure Library (ITIL), Sarbanes-Oxley Act (SOX), Cardholder Information Security Program (CISP), Payment Card Industry – Data Security Standard (PCI-DSS), Restriction of Hazardous Substances (RoHS), and Waste Electrical & Electronic Equipment (WEEE), NERC CIP.

Ms. Bacik has been heavily involved with local, national, and international security industry events, she is a Certified Information Systems Security Professional (CISSP), Information System Security Management Professional (ISSMP), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT), and Certified in Homeland Security (CHS) – Level III. She is a regular presenter at MIS Training Institute security conferences. Ms. Bacik has volunteered with the Washington State Criminal Justice Training Commission in developing and instructing public and private sector personnel in electronic investigations. She is involved with various groups that promote cooperative relationships between public and private sector security professionals for high-tech investigation and training. She was a member of Agora, a founding member of the Puget Sound Chapter of ISSA, former Vice President, webmaster, and instructor for Computer Technology Investigators Northwest (CTIN), and was a former Chair of Highline Community College’s CIS Advisory Committee. Ms. Bacik currently volunteers with NERC, NIST, and UCA in assisting in developing interoperability and security standards for the Smart Grid. Ms. Bacik is a certified instructor for The Internet and Your Child. Ms. Bacik is the author of Building an Effective Security Policy Architecture and a contributing author to the Information Security Management Handbook (2009).