Summary
Overview
Work History
Education
Skills
Timeline
Generic

Garret G. Lamb

Herriman

Summary

Experienced and detail-oriented NERC Compliance & Energy Professional with over 17 years of in-depth experience in regulatory compliance, electric power systems, and cybersecurity. Skilled in managing NERC compliance programs for low, medium and high impact entities, developing internal control procedures, and ensuring operational readiness through technical compliance programs. Proficient in SCADA, network security, and system operations with a strong focus on automation, documentation, and cross-functional team collaboration.

Overview

17
17
years of professional experience

Work History

Senior Consultant

Guidehouse
  • Provided expert consulting services to Registered Entities across the United States, and Canada, supporting compliance with the NERC Reliability Standards across Critical Infrastructure Protection (CIP) and Operations and Planning (O&P) domains.
  • Acted as Subject Matter Expert on a wide range of NERC standards, including CIP-002 through CIP-014, and key O&P standards such as PRC-005, PRC-024, MOD-025, FAC-003, FAC-008, EOP-004, helping clients interpret requirements and implement effective compliance strategies.
  • Supported Registered Entities in the hydroelectric, wind, solar, and geothermal sectors with the design and execution of comprehensive NERC compliance programs, integrating operational realities with regulatory expectations.
  • Led and facilitated internal audits, mock audits, and audit preparation activities, including RSAW development, evidence review, and interview readiness, resulting in successful engagements with NERC Regional Entities.
  • Developed and enhanced Internal Controls, compliance procedures, and documentation frameworks to build sustainable, defensible programs aligned with risk-based compliance principles.
  • Advised on technical and compliance aspects of SCADA systems, inverter specifications, AMI, substation protection schemes, and asset classification efforts under CIP-002.
  • Supported clients through compliance gap assessments, self-reports, and mitigation plan development, with a strong focus on reducing risk exposure and enhancing regulatory posture.
  • Helped clients understand and navigate the NERC CMEP (Compliance Monitoring and Enforcement Program) and stay ahead of evolving regulatory trends and expectations.
  • Collaborated with multi-disciplinary teams including engineering, cybersecurity, legal, and operations to ensure seamless compliance integration across utility functions.

Information Technology Specialist

Heber Light and Power
  • Served as the sole Information Technology and Cybersecurity professional for the utility, responsible for managing all IT operations, infrastructure, cybersecurity, and regulatory compliance initiatives across the organization.
  • Acted as the company’s Compliance Program Manager, leading the design, implementation, and ongoing management of the utility’s entire NERC Compliance Program, including both Critical Infrastructure Protection (CIP) and Operations and Planning (O&P) standards.
  • Created and documented the utility’s first formal CIP and O&P compliance programs, including the development of internal controls, policies, procedures, workflows, and control mechanisms to meet NERC and Regional Entity expectations.
  • Built a culture of compliance by providing training, conducting internal reviews, managing RSAWs, tracking evidence, and preparing the organization for regulatory audits and self-certifications.
  • Administered and maintained essential operational technology systems including SCADA, Advanced Metering Infrastructure (AMI), and the Outage Management System (OMS), ensuring secure, reliable operations.
  • Managed network architecture and infrastructure including servers, switches, workstations, firewalls, and fiber optic copper network cabling, while implementing access controls and ensuring system hardening.
  • Supported and enforced electronic and physical access controls, access management, PCI compliance, patch management, and incident response processes in alignment with CIP-003.
  • Installed, configured, and programmed relays, RTUs, and SEL RTACs for grid and SCADA operations, ensuring reliable integration with field devices and centralized control systems.
  • Provided real time support to system operators and served as a fill-in operator, contributing to situational awareness, event response, and grid reliability.
  • Worked hands on with the utility’s hydroelectric generation facilities, performing turbine startup/shutdown procedures and supporting field equipment with SCADA system integration.
  • Developed enterprise-wide support, including technical helpdesk, system troubleshooting, and training for field personnel, operators, and administrative staff.
  • Acted as a bridge between operations, compliance, IT and Cyber ensuring utility functions were aligned with regulatory requirements, operational needs, and cybersecurity best practices.

Senior Consultant / Compliance Program Manager

Grid Subject Matter Experts (GridSME)
01.2024 - Current
  • Serve as a Senior Consultant and Compliance Program Manager managing multiple client NERC Compliance Programs, covering both Critical Infrastructure Protection (CIP) and Operations and Planning (O&P) regulatory standards across diverse electric sector entities primarily Generator Owner (GO), and Generator Operator (GOP) entities in the Renewable Energy vertical.
  • Recognized as an industry-proven Subject Matter Expert (SME) in NERC Compliance, cybersecurity, electric power systems, SCADA, AMI, OMS, Metering, and system operations.
  • Solve complex industry challenges by delivering tailored guidance and actionable solutions to ensure full regulatory alignment and operational reliability.
  • Oversee the end-to-end design, implementation, and maintenance of comprehensive compliance programs, including policy and procedures development, internal controls, RSAWS, evidence management, and audit readiness.
  • Conduct in-depth compliance assessments, risk analysis, and program gap reviews to proactively mitigate potential violations and improve program maturity.
  • Provide direct support for audit engagement with Regional Entities, registration, registration updates, mitigation plans, and self-reporting efforts.
  • Collaborate with client’s teams across Compliance, Operations, IT, Cybersecurity, and Legal to embed compliance into daily operations and processes.
  • Customize compliance tracking and reporting systems (e.g., SharePoint, SmartSheets, Sigmaflow, Foxguard, and Tripwire to streamline workflows and improve transparency.
  • Serve as a mentor for junior consultants and compliance program manager’s and contribute internal knowledge development through training and best practice sharing.

Risk Assessment Engineer

Western Electricity Coordinating Council (WECC)
01.2023 - 01.2024
  • Led the development of Inherent Risk Assessments (IRAs) and customized Audit Scopes for Registered Entities across the Western Interconnection, aligning oversight activities with system-specific risks and operational realities.
  • Created and maintained Compliance Oversight Plans (COPs) tailored to utility size, system impact, compliance history, outreach engagements, and asset configuration to support risk-informed monitoring.
  • Oversaw and implemented the Self-Logging review and approval process, assessing Registered Entity compliance culture, internal controls, and event response processes to ensure proper use of self-logging privileges.
  • Evaluated risk across CIP and O&P standards, leveraging working knowledge of key utility technologies including SCADA, Energy Management Systems (EMS), Outage Management Systems (OMS), system protection, modeling, and real-time operations.
  • Conducted assessments of cybersecurity and physical security programs, including field deployments and control center environments, to identify vulnerabilities and compliance gaps.
  • Utilized regulatory tools such as NERC Align and the Secure Evidence Locker (SEL) to support documentation review, audit preparation, and risk tracking.
  • Collaborated directly with utility compliance and technical teams to provide transparent expectations and practical recommendations that improve compliance posture and reliability.
  • Authorized detailed risk summaries and technical reports to guide enforcement strategy and support entity engagement across the compliance lifecycle.
  • Worked cross-functional within WECC and with NERC to enhance oversight methodologies and promote consistency and clarify in regulatory processes.

Enforcement and Mitigation Engineer (CIP & O&P)

Western Electricity Coordinating Council (WECC)
01.2020 - 01.2023
  • Served as a Senior Level Subject Matter Expert (SME) in electric power system operations and NERC Reliability Standards within WECC’s Enforcement and Mitigation team, supporting the integrity and reliability of the Bulk Electric System (BES).
  • Reviewed and processed compliance submissions including Self-Reports, Self-Logs, Self-Certifications, and Periodic Data Submittals, ensuring regulatory alignment with NERC’s Compliance Monitoring and Enforcement Program (CMEP).
  • Provided detailed mitigation assistance, including review and validation of Mitigation Plans and Confirmations of Completion, ensuring plans addressed root cause and included sustainable corrective actions.
  • Delivered training sessions and CMEP process education to Registered Entities, helping them navigate enforcement processes, understand compliance obligations, and improve self-reporting and mitigation practices.
  • Represented WECC at industry outreach events and workshops, presenting on enforcement trends, risk-based compliance principles, and expectations for mitigation and evidence quality.
  • Provided expert guidance and consultation to Regional Entities within the Western Interconnection, supporting consistent enforcement practices and risk-based decision-making.
  • Collaborated with internal teams and Registered entities to ensure transparent, consistent, and timely resolution of potential noncompliance, using a risk-based enforcement approach.
  • Analyzed complex technical evidence across O&P and CIP standards, applying subject matter expertise in areas such as protection systems, SCADA, and operational reliability to determine regulatory risk and compliance impact.
  • Contributed to internal process improvements, promoting efficiency, consistency, and alignment with evolving NERC guidance and enforcement frameworks.

System Administrator II

Idaho Power Company
01.2018 - 01.2020
  • Administered and supported mission-critical metering infrastructure including Aclara AMI, MV90, SigmaFlow, OMS, EMS, and OSIsoft PI, ensuring system integrity, data accuracy, and regulatory compliance across the enterprise.
  • Served as Project Manager and Owner for metering systems that supported over $1 billion in annual revenue, overseeing performance, upgrades, and integration with compliance and operational functions.
  • Managed the departmental budget, aligning resources with strategic initiatives, capital improvement projects, and NERC compliance obligations.
  • Played a central role in Idaho Power’s NERC CIP and O&P compliance efforts, supporting High Impact BES Cyber Systems and ensuring effective controls under standards including CIP-003, CIP-004, CIP-005, CIP-006, CIP-007, PRC-005, FAC-008, and FAC-003.
  • Supported the cybersecurity program by implementing and monitoring technical and administrative controls, managing access rights, and coordinating with IT Security teams to safeguard BES Cyber Assets.
  • Provided support to system operators by ensuring real-time metering, event data, and SCADA-related inputs were accurate, secure, and compliant – contributing to operational situational awareness and system reliability.
  • Reviewed and approved system switching diagrams, ensuring accuracy, safety, and compliance with operational procedures for field crews and control room coordination.
  • Delivered advanced technical training and regulatory guidance to field personnel and control center staff, enhancing awareness and execution of compliance, cybersecurity, and system operation practices.
  • Supported regulatory reporting including GADS and TADS submissions, NERC Alerts, and collaborated on footprint expansion efforts with WECC’s registration department, ensuring assets and data systems met operational and compliance standards.
  • Acted as a cross-functional liaison, integrating compliance, cybersecurity, and power system expertise to improve operational resilience, risk management, and enterprise-wide NERC readiness.

Information Systems Technician

Duchesne County
01.2014 - 01.2015
  • Provided technical support and IT and Cybersecurity services across all county departments, ensuring reliability and performance of desktops, servers, and network systems in a public-sector environment.
  • Installed, configured, and maintained hardware, software, and peripherals, delivering efficient end-user support and resolving technical issues to minimize operational downtime.
  • Administered user accounts, permissions, and system access, supporting Active Directory, email systems, and remote access tools.
  • Played a key role in county cybersecurity efforts, including the development of antivirus and endpoint protection tools, access control management, phishing awareness, and system patching to reduce cyber risk.
  • Monitored network activity for potential threats, assisted with firewall rules, and helped ensure compliance with local and state-level cybersecurity guidelines.
  • Assisted in maintaining secure data backup systems and disaster recovery readiness, protecting critical data from loss or compromise.
  • Supported the configuration and management of network infrastructure, including routers, switches, and wireless access points.
  • Delivered helpdesk and technical training support, ensuring county personnel understood basic cybersecurity hygiene, system use policies, and IT tools.
  • Collaborated with vendors for hardware and software procurement, warranty support, and implementation of specialized government IT solutions.

Information Technology Specialist

Moon Lake Electric Association, Inc.
01.2008 - 01.2014
  • Led the NERC regulatory compliance program for both Moon Lake Electric Association, Inc. and Deseret Power, overseeing compliance for Critical Infrastructure Protection (CIP) and Operations and Planning (O&P) standards across Low, Medium and High Impact BES Cyber Systems.
  • Designed and implemented the full suite of compliance policies, procedures, and internal controls, ensuring alignment with NERC standards, audit readiness, and long-term sustainability of the compliance program.
  • Managed and maintained evidence management systems, RSAWs, corrective actions tracking, and self-assessments, while leading internal audits, mock audits, and compliance walkthroughs.
  • Acted as the primary compliance liaison with WECC, including participation in registration efforts for the utilities generation and transmission assets.
  • Provided hands on support during NERC and WECC audits, responding to data requests, coordinating SME interviews, and ensuring delivery of high-quality, defensible evidence.
  • Developed and maintained compliance documentation and support tools across key reliability standards, including CIP and O&P standards.
  • Led efforts to strengthen compliance culture and accountability, delivering internal training, program reviews, and ongoing guidance to operations, IT, engineering, and executive staff.
  • Supported cross-functional integration of compliance into OT environments including SCADA, AMI, AMR, and station metering systems, ensuring secure design, change management, and operational alignment with NERC requirements.
  • Coordinated closely with Generation, Transmission and IT personnel to ensure operational procedures, network architecture, and filed deployments remained compliant with both cybersecurity and reliability expectations.
  • Served as the compliance program architect and owner, responsible for the ongoing maturity documentation, and performance of the entire NERC program across two registered entities.
  • In parallel with compliance responsibilities, I also performed: - Power quality analysis and engineering diagnostics - SCADA and AMI/AMR Administration - Cybersecurity and IT support, including patching, electronic and physical access control, and endpoint defense. - AutoCAD, Bently Substation, PSCAD, and PLS-CADD drafting for the facilities, transmission lines, models, and substation and substation protection design. - Relay and RTAC programming and implementation, fiber/copper infrastructure design, and protective device commissioning. - Drafting and engineering support for other Deseret Power Cooperative member entities.

Education

Bachelor of Applied Science (B.A.Sc.) - Energy Management

Bismarck State College
12-2018

Associate in Applied Science (A.A.S.) - Electric Power Technology, Specialty in Substation Engineering & Protection

Bismarck State College
12-2014

Skills

  • NERC CIP & O&P Compliance
  • Cybersecurity & Risk Management
  • SCADA & Data Acquisition Systems
  • Electric Power Systems
  • GADS & TADS Reporting & Data Analytics
  • System Security & Network Architecture
  • Compliance Training & Internal Audits
  • Automation & Process Optimization
  • Project Management
  • Team leadership & development
  • Change management
  • Consulting

Timeline

Senior Consultant / Compliance Program Manager

Grid Subject Matter Experts (GridSME)
01.2024 - Current

Risk Assessment Engineer

Western Electricity Coordinating Council (WECC)
01.2023 - 01.2024

Enforcement and Mitigation Engineer (CIP & O&P)

Western Electricity Coordinating Council (WECC)
01.2020 - 01.2023

System Administrator II

Idaho Power Company
01.2018 - 01.2020

Information Systems Technician

Duchesne County
01.2014 - 01.2015

Information Technology Specialist

Moon Lake Electric Association, Inc.
01.2008 - 01.2014

Senior Consultant

Guidehouse

Information Technology Specialist

Heber Light and Power

Bachelor of Applied Science (B.A.Sc.) - Energy Management

Bismarck State College

Associate in Applied Science (A.A.S.) - Electric Power Technology, Specialty in Substation Engineering & Protection

Bismarck State College

Similar Profiles

CREATE PROFILE