Thomas Tierney

Principal Consultant

Mr. Tierney has over 20 years of experience in software development and architecture, information security, and IT risk management.  

Since joining NST in 2017, Mr. Tierney has led mock audits and worked on the redevelopment of an enterprise-level NERC CIP compliance program for one of the country’s largest electric utilities, including documentation of controls and enterprise procedures for CIP-002 through CIP-013.

Earlier in Career

Previously, Mr. Tierney spent over six years with the Midwest Reliability Organization (MRO), initially as a CIP Audit Specialist and later as the Vice President of Compliance and the Vice President of Enforcement. While at MRO, Mr. Tierney managed a team of nine auditors and support staff responsible for Reliability Standards related to both Operations and Planning and Critical Infrastructure Protection. Mr. Tierney initiated and led efforts to improve processes and procedures for CMEP-related activities, both within MRO and across the Electric Reliability Organization, ranging from consideration of registered entities’ inherent risk and evaluation of internal controls to codified audit steps and standardized data requests.

Prior to his time at MRO, Mr. Tierney spent over 15 years in software development and consulting organizations. Mr. Tierney spent four years with Forward Hindsight as the IT Regulatory Compliance Practice Manager. Additionally, Mr. Tierney has worked for a number of smaller software and consulting companies focused on the Energy industry, emphasizing natural gas trading systems; pipeline scheduling; and environmental, health, and safety performance and risk management. Mr. Tierney spent two years with Paydirt, LLC, providing sustainability consulting services to various corporate clients.

Education

Mr. Tierney received a Bachelor of Science degree in Aeronautics & Astronautics from the Massachusetts Institute of Technology (MIT) and holds the Certified Information Systems Security Professional (CISSP), Certified Information System Auditor (CISA), and Certified in Risk and Information Systems Control (CRISC) certifications.