ONE-ISAC Mission
ONE-ISAC serves as a central point of coordination and communication to aid in the protection of exploration and production, transportation, refining, and delivery systems of the oil and natural energy industry, through the analysis and sharing of trusted and timely cyber threat information, including vulnerability and threat activity specific to ICS and SCADA systems.
ONE-ISAC Leadership
Executive Director
Angela Haun
ONE-ISAC Executive Director Angela Haun is a retired FBI Special Agent with extensive experience in cybersecurity and protecting critical assets. Since joining the ONE-ISAC, she has expanded the ONE-ISAC’s membership with a Strategic Partnership Pilot Program, bringing new organizations, expertise, resources and funding to support the ISAC’s efforts. In addition, Angela has been a subject matter expert speaker, organizer and participant in numerous energy-related conferences, briefings, exercises, meetings, webinars and other events. Ms. Haun is actively pursuing upgraded technologies and additional benefits for ONE-ISAC member analysts and executives.
Chairman’s Message
January 2025
I am thrilled to share a significant milestone in our journey of collaboration and innovation. As part of our commitment to staying ahead in the ever-evolving energy landscape, ONG-ISAC has rebranded to ONE-ISAC—the Oil and Natural Energy Information Sharing and Analysis Center. This rebranding is more than a name change; it represents a strategic evolution, broadening our scope to include alternative fuel and renewable energy companies alongside our traditional focus on oil and natural gas.
This expansion comes at a critical juncture as the energy sector transforms, emphasizing sustainable and alternative energy sources. By welcoming companies involved in renewable energy—such as solar, wind, and hydrogen—ONE-ISAC is embracing a diverse and inclusive approach to protecting the entire energy spectrum. This aligns with the projected growth of the renewable energy market to $1.9 trillion by 2030, ensuring that our members are well-prepared to meet both challenges and opportunities.
As always, our core mission remains unchanged. ONE-ISAC will continue to provide trusted, timely cyber threat intelligence to safeguard the infrastructure critical to energy production, transportation, refining, and delivery. However, our new scope enhances our ability to facilitate cross-industry collaboration, fostering resilience across both traditional and emerging energy sectors.
I am confident that this evolution will strengthen our collective defense capabilities and drive innovation in how we address cyber threats together. Your participation and engagement have always been the cornerstone of our success, and I invite you to join me in embracing this exciting new chapter for ONE-ISAC. Together, we can set the standard for cybersecurity collaboration across the global energy industry.
Thank you for your unwavering support and commitment towards our common goals. I look forward to working with you as we shape the future of energy cyber security.
Warm regards,
Octavio Herrera
Chairman, ONE-ISAC
Meet the Board of Directors
The board of directors and the officers are responsible for the stewardship of the corporation and are elected to ensure the ONE-ISAC has the critical capabilities needed to achieve its objectives.
Octavio Herrera
Chair
Octavio Herrera, a cum laude graduate from Norwich’s University MSIA program and proud CISSP member has held a number of information security positions within Fortune 500 companies. During his 25+ years career he has led the regulatory compliance program at Alcoa’s largest business unit, managed the IT Security program for American Family Life Assurance Company of Columbus (AFLAC), served as Information Security Officer (CISO) for the Houston Independent School district – the seventh largest district in the nation and the largest in Texas – an since 2013, he leads the cyber security practice for Occidental Petroleum Corporation (OXY). Mr. Herrera has been honored as one of the “Top 40 Hispanics under 40” by Hispanic Engineer & Information Technology magazine and featured in Fortune Magazine’s March 2009 article, “How to Get a Job”. During his off time, Mr. Herrera is an avid tennis player and enjoys fostering Dogs for “Rocio’s Rescues”, a non-profit animal shelter dedicated to re-locating Texas dog to their forever homes in northern states.
Annessa McKenzie
Vice-Chair
Annessa McKenzie joined ConocoPhillips in 2022 and currently serves as Chief Information Security Officer, responsible for establishing an enterprise IT and OT security strategy across all functional business units. Annessa’s focus has been establishing long-term investment roadmaps, assessing IT/OT and operational risk by business unit, and deploying value-added zero-trust security architectures to ensure resilience, cyber defense and compliance across the organization. Prior to joining ConocoPhillips, McKenzie held the role of Chief Security Officer and VP of Supply Chain at Calpine Corporation, responsible for setting cyber and physical security strategies across all functional business units as well as the overall strategy for IT compliance, business continuity, infrastructure, supply chain and facilities. McKenzie has also held the role of chief information security officer at Baker Hughes, where she was responsible for a multinational team focused on cyber-defense, securing digital oilfield operations, security of future oilfield product designs, application security and architecture, records management, data privacy and consulting with Baker Hughes’ global oilfield customers; PwC’s advisory practice; and the U.S. Drug Enforcement Administration HIDTA task force. Annessa holds an MBA and a bachelor’s degree from Louisiana State University, as well as Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC) and Certified Information Systems Auditor (CISA) certifications. She is an Adjunct Cyber Security Professor at University of Oklahoma’s Executive MBA in Energy program. She was named one of Houston’s top millennial women to watch in 2019 by the Houston Chronicle and in 2020 was nominated as Orbie awards’ 2020 Houston CIO of the Year, and in 2021 was nominated for Constellation Research’s Business Transformation 150 Award. And in 2022 “Top 100” CISO by CISOs Connect™
Mary Rose Martinez
Treasurer
Mary Rose Martinez is the vice president, chief information security officer for Marathon Petroleum Corporation. She is responsible for cybersecurity strategy, operations, and risk management, providing thought leadership and working in close alignment with enterprise leadership. With over 30 years of experience in the oil and gas industry, Mary Rose has held various leadership and strategic roles across IT, software R&D, and marketing. She serves on a number of advisory boards, has contributed to or been featured in several articles and publications, is a public speaker, and was named one of Houston’s Women Who Mean Business. Mary Rose holds an executive master in cybersecurity degree from Brown University, a master of computer science degree from Rice University, and undergraduate degrees in both computer science and mathematics.
John Driggers
Secretary
John L. Driggers possesses over 23 years of experience in Oil Field operations, IT, Security, and Risk. Prior to his current role as SLB VP, CyberSecurity John was the Cyber Security Operations Manager responsible for delivering the Next Generation Security Operations Center. John was one of the founding members of the SLB IT Security group, helping to define the standards and policies as the company grew its reliance on connected IT systems. In this role he helped create one of the first sandbox networks, designed to safely observe and monitor the actions of malicious software. John moved from IT Security research into IT Security Operations, and was responsible for leading the IT Security program integrating one of SLB’s largest global acquisitions. Following the successful integration, he became the IT Security Operations manager for the newly merged company. John later moved to the position of Global IT Security Operations Manager for SLB. John’s next role was as SLB’s Global Network Operations Manager, responsible for the terrestrial connectivity of over 1,100 physical sites across 85 countries. His security experience helped shape the direction of the network and ensuring that security was integrated into the core design. This role expanded over time to include the global VSAT network of 1500 mobile sites, and the move to a distributed security framework comprising next generation firewalls. In 2013, John returned to the US to join the SLB IT Transformation project, responsible for the SAP Infrastructure, Security, and BASIS teams. In this role, his team was responsible for the deployment, support, and security of one of the world’s largest SAP/R3 HANA projects. John’s current role of VP, Cyber Security is again part of the overall SLB Digital Transformation. SLB has grown the Cyber Security program to reflect the evolution of the products and services that the company delivers, and the role that Digital plays in the overall strategy. The Cyber Security group in SLB is now responsible for the comprehensive security stance of the company, ranging from the Digital Software and Services offerings, the traditional IT landscape, and the IIoT products deployed to the wellsite. A key part of John’s role includes the expansion and evolution of the next generation intelligence, detection and response capabilities of SLB . John has been a member of SLB ‘s Incident Response Team since 2000, and has a SANS GSEC certification.
Allan Cockriel
Director
Allan Cockriel is Vice President & CIO Global Functions & Chief Information Security Officer for Shell since July 2020 and is part of the IDT Executive Leadership Team. In his role Allan leads the IDT organization to ensure maximum business value delivery through complex digital transformations across all Corporate Functions; and oversees the continuous improvement of the Information Risk and Cyber Security posture for Shell. Allan is an executive IT leader with over 19 years of IT and business transformation experience. He has built and lead diverse global organizations to deliver business productivity, complex digital transformations, embedding of IT controls and cyber security rigor. Prior to joining Shell, Allan was Group CIO of Petrofac for two years. Before that Allan spent 14 years with General Electric and had a diverse career in financial, operational, and senior IT leadership roles in Switzerland, United Kingdom, United States, India, and Angola. Allan, who holds dual US/UK nationality, has degrees in Management Information Systems, Corporate Finance, and Risk Management from the University of Minnesota – Carlson School of Management. He is married to Fara, and they have two children. Outside work, he enjoys cooking, travel, hiking, and listening to TED talks.
Gina Hill
Director
Cybersecurity leader with over 20+ years in the public/private industry. Experience working with ISACs, Government Organizations & Boards. People Leader and Strategic Thinker. ONG and Energy Companion. Thought leader and change driver; developed solutions to strengthen maturity in operational cybersecurity teams. Hands-on experience working in IT/OT environments. Experience working with Executive and Board Members. Currently an affiliate board member for a non-profit Women in Cybersecurity organization (WiCyS). Trusted advisor and People leader; experience collaborating with cross functional business disciplines. Experience working in multiple industry verticals and with subject-matter experts to understand how to best posture information sharing, reduce threat exposure, and inform cyber risks. Experience working with industry leading cybersecurity vendors to improve operational challenges. Military veteran with experience working with local, state and federal agencies.
Chris Lukas
Director
Christopher Lukas is the Global Chief Information Security Officer, a role he assumed in October 2020. Christopher leads a team responsible for Chevron’s overall cybersecurity efforts that secure and protect information and assets of Chevron while ensuring overall cyber resiliency and data privacy. He is a member of Chevron’s IT Leadership Team, which is responsible for executing Chevron’s digital and technology strategies. Christopher joined Chevron in 2013 as Manager, Cyber Threat Analysis and Monitoring in Chevron’s Information Technology Company where he was responsible for establishing Cyber Intelligence Centers in Houston and Singapore which conduct worldwide monitoring, response, and intelligence operations. Prior to joining Chevron, Christopher was Chief, Cyber Threat Analysis Division for the U.S. Department of State’s Bureau of Diplomatic Security for more than 10 years. He was responsible for leading a team of special agents, intelligence analysts and network security experts in conducting intelligence analysis, network monitoring, and predictive analysis to protect the U.S. Department of State’s global networks. An 11-year U.S. Navy veteran, Christopher has extensive expertise in signals intelligence, information warfare, and cyber counterintelligence operations. He became a certified adjunct instructor for the National Cryptologic School at NSA and is the recipient of several service medals and awards for his service while in the U.S. Navy. He is a graduate of the executive program at Carnegie Mellon University – Heinz College for Chief Information Security Officer. A native of Grafton, Wisconsin, he resides in Danville, California with his wife and two children.
Scott Moore
Director
Scott Moore leads the Digital Security group for Devon Energy, a Fortune 500 oil and natural gas exploration and production company with operations focused onshore in the United States. His responsibilities include communicating cyber risk to executive management and the Board of Directors, and developing strategies to protect Devon’s information assets for both IT and operational technology. Scott oversees teams responsible for security operations, incident response, risk management and compliance, identity and access management, third-party risk management, and IT SOX oversight. His team also supports the legal and physical security technologies at Devon. Additionally, Scott manages the development and implementation of security policies, procedures, and protocols to ensure the integrity, confidentiality, and availability of information systems. Scott is a graduate of the University of Oklahoma and received his MBA from Oklahoma Christian University. He lives with his wife and three kids in Oklahoma City. Scott holds several security, risk and compliance-related certifications. He also serves on the Institute of Internal Auditors IT Knowledge Group which is responsible for issuing and updating global guidance for audit practitioners around the word.
Dave Sohmer
Director
Dave Sohmer is the Director – Information Security at Valero Energy. His primary responsibility is the security of Valero’s business network to include HRIS, their Credit Card Center and all cloud applications and services. He also chairs Valero’s Information Security Committee. This committee is responsible for the day to day security operations for all of Valero’s networks, IT and OT. Its members include representatives from Refining, Renewables, Pipelines & Terminals, HRIS and the Credit Card Center. Dave has been with Valero since 2013. He has served on the ONG-ISAC Board of Directors since August of 2021 as an at large member. He is also Chairman of the Member Benefits Committee. He was previously Director – Security at General Dynamics Armament and Technical Products in Charlotte, NC from 2004-2013. He oversaw all security operations, both physical and IT, for General Dynamics – ATP to include their Armaments, Advanced Material and AxleTech International business units. He served as General Dynamics – ATP’s Information Security Manager, Data Privacy Officer and Information Systems Security Officer. Before joining General Dynamics, he was on active duty for over 20 years in the US Navy where he held several senior enlisted leadership positions onboard submarines, submarine squadrons and at the Naval Manpower Analysis Center. He retired in 2004 as a Chief Petty Officer. He earned a Bachelor’s degree (BS) in Management Computer Information Systems from Park University and a Master’s degree (MS) in Operations Management from the University of Arkansas. He is also a Certified Information Systems Security Professional (CISSP). Dave and his wife Gina have been married for 32 years. They have two sons, Zachary and Devin.
Committees and Groups
With the participation and engagement of our members and volunteer staff provided by member companies, the ONE-ISAC can continue to create value for its members and the entire oil and natural energy sector. While there are many ways to volunteer and help the ONE-ISAC succeed, our committee member positions require individuals who are committed to the protection of the energy sector and to making the oil and natural energy industry stronger and safer.
The Membership Committee’s primary responsibility is to evaluate all member applications. Each membership request goes through a due diligence process to ensure eligibility according to bylaws and to determine membership level.
Committee Chair: Octavio Herrera
The Benefits Committee helps the Board to ensure the benefits provided by ONE-ISAC will create value for the members and the entire oil and natural energy sector. The Benefits Committee is comprised of member companies’ representatives who meet to provide input on benefit programs, vendor relationships and other issues affecting the ONE-ISAC.
Committee Chair: Chris Lukas
The Information Sharing Committee works with members and strategic partners to build relationships and identify areas where more effective information sharing can be utilized. In addition, the Information Sharing Committee sets the scope for types of threats on which the organization should focus its research and analysis efforts. When necessary, the Information Sharing Committee serves as a key resource for the ONE-ISAC’s staff when coordinating actions during a crisis or incident affecting members.
Committee Chair: Annessa McKenzie
The Operation Technology Task Force (OT Task Force) is dedicated to solving cyber security challenges in the operational technology space in the safest, most efficient manner. The roundtable discussions provide an opportunity to connect and exchange ideas with peers in the energy industry on various topics, including patching ICS systems, threat actors targeting OT, talent recruitment, and more.
Vulnerability Management Working Group launched in April 2022 for members to connect with their peers who focus on vulnerability and risk management for their companies. Their objective is to learn best practices from each other, share successful measures for identifying and reducing risk, and alert each other to emerging threats and vulnerabilities, as well as mitigation strategies.
The Small-Medium Business Working Group (SMBWG) provides a forum for small to medium cybersecurity teams to build trusted relationships, as well as share best practices, lessons learned and mitigation strategies among peers.
Topics for discussion will include allocating resources, wearing many hats, business email compromise, and awareness training.
