Mohammed established Cyber ICS in UK in 2018 in response to the new NIS regulations that were introduced across EU. He headed up a new cyber regulatory function for UK’s Office for gas and electricity markets (OFGEM), and brokered relationships across lead government departments, Health and Safety Executive, UK’s National Cyber Security Centre, and the Centre for Protection of National Infrastructure. He influenced government policy and direction for the sector and in doing so wrote the NIS guidance and NIS inspection framework in a collaborative fashion with operators. Further Mohammed wrote the RIIO2 cyber resilience methodology, which is the main instrument to providing funding for the sector by working with senior leadership, boards, and challenge groups.
Mohammed comes from a big 4 background, having built the SCADA consultancy practice whilst at Deloitte UK in 2009. He worked for Qatar Petroleum as head of Security Strategy and became the acting CSO from the onset of the Shamoon attack which affected one of the major subsidiaries. He was deputised as Sector Authority for all industry operators, established a Cyber Security Partnership Forum, performed industry risks and compliance assessments, maturity and capability assessments, and made recommendations to boards to improve the security posture and also enable digital transformation.
Mohammed led the ICS security consultancy at GE, based in Dubai, which was previously an independent boutique known as Wulrdtech. During his tenure, he helped develop regulatory instruments and then led teams to perform assessments against Critical National Infrastructure Operators. He conducted several holistic risk and compliance assessments, writing treatment options, ICS improvement tactical roadmaps and multi-year strategies with maturity capabilities.
With Mohammed’s background from big 4 consultancy, a major oil and gas operator, a major OT vendor and having worked with the EU commission and heading up a cyber regulatory function in UK, he not only provides the compliance view, but also the organisational and national risk and opportunities view, to formulate well balanced recommendations, from a technical, management and organisational perspective from an operational, tactical, and strategic viewpoint.
Mohammed has a master’s degree in information security from the prestigious Royal Holloway University, holds ICS security certifications SANS GICSP and SANS GRID, ISO 27001 lead auditor, ISO 27001 lead implementer, SABSA, TOGAF, CISSP, CISM, Certified ethical hacker, amongst various others.
Mohammed is a member of the World Economic Forum and has contributed towards working groups such as Quantum Cryptography, Cyber Resilience in Oil and Gas, and Cyber Resilience in Electricity. He is a member of CIGRE working group, regularly presents and co-chairs events at the IET in the UK. He previously advised NARUC on their regulatory approach for Cyber, and provided feedback and commentary for the EU commission, ACER, and ENTSO-E in the development of the network code for cyber security.