Michael Toecker is a Professional Engineer specializing in the cyber security of industrial control systems, and predominately those within the electric power sector. A graduate of the University of Missouri-Rolla’s accredited Computer Engineering program, he has a focused background in the development of computer systems, hardware engineering, electronics, networking, and computer programming.
Toecker started his career at the consulting engineering firm Burns and McDonnell, working specifically for electric power infrastructure owners on cyber security and compliance projects. While at Burns and McDonnell, Mr. Toecker participated in successful penetration tests directed at Energy SCADA infrastructure, led multiple cyber security assessments of generation, transmission and control center facilities. In addition, Mr. Toecker has worked federal control system security projects, namely assessments of massive building control systems.
Later in his career at Burns and McDonnell, Toecker was recognized as the subject matter expert at Burns and McDonnell regarding control system security for electric power generation.
Toecker then moved to NextEra Energy, a sister company of Florida Power and Light. At NextEra, Toecker was part of a team responsible for ensuring the compliance and security of multiple generation facilities that had been designated NERC CIP Critical Assets. Toecker’s major activities consisted of ensuring security controls were functional and accurate, ensuring that compliance activities were conducted on a timely basis, interacting with vendors to pursue enhancements and issues, and reviewing the output of controls to meet compliance requirements. Additionally, Toecker was consistently tapped for advanced systems troubleshooting outside of cyber security, as his knowledge of the computing systems was often superior to existing NextEra personnel and field vendor personnel alike.
Toecker continues his work on ensuring the cyber security and reliability of automation systems at Digital Bond. His focus is heavily steered into navigating the dividing line between the engineering and cyber security camps, and developing recommendations that strive to preserve the availability and reliability of the infrastructure, while ensuring that adequate security is being designed to protect against threats to that infrastructure.