As the newest addition to the Energy Central Network of Experts in the Utility Management Group, Jonathan joined us for a Featured Expert interview. In this chat, he spills the beans on why managing risk in the utility world is a bit of a headache, how boards are stepping up their game in overseeing cybersecurity, the dangers of jumping the gun with new tech like AI, and the regulatory trends that energy bigwigs need to keep an eye on. He really brings a human touch to a field that’s usually all about acronyms and dashboards. Let’s get into it.
Matt Chester: Hey there, welcome to Energy Central as one of our Featured Experts! I want the community to get to know you a bit, so why don’t you kick things off by telling us a bit about yourself, what you do in the power sector, and what you’re really good at?
Jonathan Kitchin: Yeah, sure thing. I’m Jonathan Kitchin, and I basically help energy companies deal with all the regulatory mess so that it’s not a total nightmare. At Karta, I lead the charge in creating compliance systems that actually make sense and are user-friendly. I’ve been in the game for about 20 years, guiding organizations to align their governance, tech, and day-to-day operations. Since I hopped on board at Karta in January 2022, my focus has been on simplifying NERC compliance through technology.
MC: You’ve been a supporter of Integrated Risk Management strategies in various sectors. What makes IRM so dang complicated or special when it comes to utilities and energy infrastructure?
JK: Oh man, IRM in energy is like a rough game of football. In other sectors, you might be dealing with theoretical risks. But in energy, it’s all about the real deal – physical assets, old systems, critical infrastructure, and customers relying on you for a crucial service. The real headache isn’t the risk framework itself. It’s the crazy amount of coordination needed. With so many stakeholders and systems trying to talk to each other without messing up, it’s a real circus.
MC: Cybersecurity isn’t just an IT thing anymore, it’s a big deal in the boardroom. How are energy companies changing their security game to keep up with the times?
JK: The top utilities are realizing that cybersecurity isn’t just a box to tick off. You know that old saying, “compliance isn’t security?” Well, it’s true. Compliance is important as it shows that the organization is built on solid foundations. What I’m seeing now is a shift from “who’s responsible for this control” to “how do we make sure it’s solid across IT, OT, and compliance?” It’s not about buying fancy dashboards anymore, it’s about getting everyone on the same page about resetting passwords and reporting failures. Boards want to see cybersecurity as a top priority every single day, not just every few months.
MC: With new tech like AI and edge computing taking over, what are the new risks that energy companies need to watch out for?
JK: The real risk isn’t the tech itself, it’s the temptation to trust it too quickly. AI can mess up, edge devices widen the attack surface, and most companies are still arguing about what assets they actually have. If you’re not clear on who owns what and who has access, AI will just confuse you even more. It’s funny how AI can get things totally wrong in areas where I know a lot, but seem super smart in things I’m clueless about. There’s a lesson there. AI can be a good starting point, but it shouldn’t be the be-all and end-all. Experts will still play a crucial role in making sure AI doesn’t lead us into a mess.
MC: Any upcoming rules, frameworks, or trends that energy execs and compliance leaders should keep a close watch on?
JK: Keep an eye on how auditors are interpreting the new CIP-004 and CIP-011 standards, especially as they focus on data protection in the cloud. Also, watch out for the slow rise in audit expectations, where regulators want to see not just if you passed, but how well you understood what you were doing when you did pass. Cloud storage is still growing up, and companies need to rethink how they release systems to make sure they’re secure from the get-go.
MC: What are you looking forward to as part of the Energy Central Community? And what do you hope to bring to the table for your peers?
JK: Honestly, I’m here to learn first and foremost. Energy Central has some real veterans in the field, and I respect that a lot. I’m excited to be part of a community where real experience beats out fancy marketing, and where we can tackle problems together. I hope to bring some clarity to the table, maybe a metaphor or two to help untangle tough issues. I always try to make complex stuff easier to understand. My background is in teaching, so that mindset has stuck with me in all my roles. Personally, I’m looking for peers who can challenge my thinking and push me to be better.
MC: Any final words for our audience?
JK: Remember, good compliance doesn’t start with software – it starts with people working together, taking responsibility, and understanding why the rules are there in the first place. Technology can help, but only if everyone’s on the same page. That’s the real work that matters. Thanks to Jonathan for sharing his insights with us, and I know he’ll be around to answer your questions and connect with you as an Energy Central member. Be sure to give him a warm welcome when you see him around the platform.
