Kevin J. Owens | Critical Infrastructure Cybersecurity and Resilience

Kevin helps utilities and infrastructure leaders translate complex risk into decisions they can fund, train, and execute. His work is grounded in engineering, response operations, and the reality that essential systems must keep running.

He serves as lead consultant and engagement principal for Systems Risk Advisory. When a project requires additional depth, he coordinates qualified specialists in technical, operational, physical security, emergency management, planning, and training roles.

Principal-led engagements

Kevin provides direct leadership on Systems Risk Advisory engagements. He frames the risk questions, guides the assessment approach, reviews findings, and helps convert technical issues into clear priorities for executives, boards, operators, IT teams, engineers, emergency managers, and public-sector leaders.

The firm uses a principal-led model. Clients receive senior attention from the start, with additional subject-matter support added when the work calls for more technical, operational, physical security, emergency management, or training capacity.

Critical infrastructure focus

Kevin focuses on organizations that operate essential services. That includes water and wastewater utilities, electric power, local government, public works, and other infrastructure organizations that depend on control systems, field operations, facilities, vendors, and continuity of service.

His work connects cyber risk, physical security, engineering judgment, emergency planning, and operational decision-making. That combination is important when an incident affects both information systems and real-world service delivery.

Water and wastewater utility experience

Kevin's strongest sector focus is water and wastewater. He supports utilities with AWIA Risk and Resilience Assessments, Emergency Response Plan updates, SCADA and OT security reviews, ransomware readiness, physical security reviews, incident response planning, and tabletop exercises.

He has contributed to water-sector cybersecurity guidance, training, and committee work through the American Water Works Association. His work with AWWA committees includes cybersecurity, emergency preparedness, security practices, and risk and resilience standards activity.

OT/ICS, SCADA, and cyber-physical risk

Kevin brings an electrical engineering background to cybersecurity and resilience work. That matters in environments where control systems, remote access, telemetry, field devices, vendors, and operating procedures affect public health, safety, and continuity.

His OT/ICS and SCADA work helps clients examine remote access, vendor access, network segmentation, control system exposure, incident response procedures, recovery assumptions, and the operational consequences of cyber and physical events.

Leadership background

Kevin has more than 30 years of experience across cybersecurity, engineering, consulting, research, training, and critical infrastructure protection. His background includes private-sector consulting, industrial control and power systems experience, Department of Defense engineering leadership, and senior technical work related to cybersecurity and mission systems.

He has led technical teams, directed security and engineering work, managed incident-focused efforts, and supported organizations that had to make decisions under pressure. Systems Risk Advisory applies that experience to the practical needs of utilities and infrastructure owners.

Selected credentials and professional activity

Kevin combines professional certifications, technical training, standards work, and field experience. The profile below is selective and focused on areas most relevant to critical infrastructure clients.

CISSP
ISA/IEC 62443 Expert
AWWA Utility Risk and Resilience training
CompTIA ITF+, A+, Network+, Server+, and Security+
CEH
FEMA emergency management training
AWWA Cybersecurity Committee leadership
AWWA standards-related activity involving risk, security, emergency preparedness, and resilience
Published and presented on water-sector cybersecurity, ransomware readiness, OT/ICS risk, and resilience planning

How clients use Kevin's role

Assessment leadership

Lead cyber, physical, OT/ICS, SCADA, and resilience assessments with clear findings and practical priorities.

Executive and board briefings

Explain risk, consequences, options, and resource needs in terms leaders can act on.

AWIA RRA and ERP support

Support Risk and Resilience Assessment updates, Emergency Response Plan updates, and related readiness work.

Tabletop exercise facilitation

Design and facilitate exercises that test decisions, coordination, continuity, communications, and recovery.

Incident readiness planning

Help define roles, escalation paths, containment steps, recovery assumptions, and public-facing coordination needs.

Specialist coordination

Lead selected technical, operational, emergency management, physical security, and training specialists when an engagement requires added depth.

Working style

Start with the mission and the consequences of service disruption.
Respect operators, engineers, IT staff, emergency managers, and executives.
Separate urgent exposure from long-term improvement work.
Write findings in language leaders can understand and practitioners can use.
Tie recommendations to ownership, priority, cost awareness, and readiness.
Help clients train, exercise, revise, and improve over time.

The goal is to help critical infrastructure leaders understand what could fail, what matters most, who needs to act, and what can be improved before an incident becomes a crisis.

Need principal-level support for a critical infrastructure risk or resilience issue?

Systems Risk Advisory can help assess current conditions, prioritize improvements, update plans, brief leaders, and prepare your organization for cyber-physical incidents that affect essential services.

Contact Systems Risk Advisory View Services