Kal Abdalla

Principal Consultant + CTO

Mr. Abdalla has more than twenty years of industry experience in compliance, system and network security, and the development of security policy. During that time, he worked for and consulted to Fortune 500 clients deploying, testing, and managing secure infrastructures.

Since joining NST in 2004, Mr. Abdalla has focused on security for critical infrastructure. Recently, Mr. Abdalla worked on a project comprised of three NST consultants who rewrote the enterprise NERC CIP compliance documentation for one of the largest domestic power companies. In addition to collaborating with the team on CIP-002 through CIP-011 controls, criteria, and enterprise procedure documents, Mr. Abdalla wrote enterprise position papers on gray area topics such as TCA management, virtualization, and how different forms of connectivity apply to ERC and IRA.

Mr. Abdalla has also assisted numerous smaller power companies in developing their NERC CIP compliance programs. This includes building the CIP compliance program from the ground up for two entities who previously had no NERC CIP compliance documentation or expertise. Mr. Abdalla has conducted NERC CIP mock audits across three NERC regions and led NERC CIP vulnerability assessments across all NERC regions.

Mr. Abdalla’s other engagements at NST include assisting a large domestic power company’s nuclear assets in achieving compliance to NEI 13-10 and NEI 08-09. Mr. Abdalla was responsible for developing the requirements matrix for the effort, as well as consolidating, managing, and updating data from tens of thousands of asset spreadsheets, both of which were identified to be critical to the success of the engagement.

Additionally, Mr. Abdalla led an effort to conduct security assessments of critical infrastructure on behalf of a foreign national government authority. As part of that engagement, Mr. Abdalla assessed numerous infrastructure companies in oil & gas, power generation and transmission, and water desalination. Previous work engagements have included conducting a business risk assessment for distributing control centers, assisting in securing substation communications, and performing logical, physical, and social penetration testing for clients both inside and outside the energy sector.

Earlier in Career

Previously Mr. Abdalla was a Program Manager at a large consulting firm. While there, he assisted Fortune 500 companies improve the security of their operations and assets through achieving ISO17799 compliance, internal and external penetration testing, security assessments of strategic operating units, and rewriting their corporate security policies and standards. His work was critical in ensuring secure operations within each organization and the integrity of the clients’ information assets.

Prior to consulting, Mr. Abdalla spent three years with Enron between Enron Corporate and Enron Broadband Services. While at Enron Corporate, Mr. Abdalla managed Enron’s Internet infrastructure worldwide, developed their security policy, and instituted their information security program. While with Enron Broadband Services, Mr. Abdalla hired and managed the Information Systems Security team. This team was responsible for the security of both the corporate network and the customer network, which streamed real time multimedia content for clients.


Mr. Abdalla is a Certified Information Security Manager and has received a Bachelor of Science degree from The University of Texas at Austin. Mr. Abdalla has dual United States and Canadian citizenship.