Welcome Your New Expert Interview Series: Scott Crow, New Expert in the Digital Utility Group – [an Energy Central Power Perspectives™ Expert Interview]

In this Energy Central Power Perspectives Expert Interview, Scott shares his journey from the early days of cybersecurity to becoming a trusted partner for utilities striving to stay ahead of emerging threats. He offers insights into tackling the challenges posed by new technologies, the importance of visibility across IT and OT systems, and the critical role automation plays in reducing risks and freeing up high-value professionals. Scott also provides actionable advice on how utilities can align security, compliance, and operations to create a resilient grid.

Join us as we delve into Scott’s expert perspective on the intersection of technology, compliance, and security, and learn how utilities can navigate today’s challenges to build a secure and sustainable energy future.

Matt Chester: Welcome to Energy Central as one of our Featured Experts! I’d love to give you a chance to have the community get to know you, so please start by introducing yourself, sharing your role in the power sector, and maybe what your key areas of interest and expertise are?

Scott Crow: I’ve been working in cybersecurity since the early days—back when adding a password to a computer was considered cutting-edge. Over the years, I’ve watched the field evolve from simple perimeter defenses to sophisticated, layered “defense-in-depth” strategies. Today’s landscape brings powerful, intelligent technologies into play—but they come with complexity and cost. For me, it always comes back to the fundamentals: the intersection of people, process, and technology. That’s where true resilience is built, especially in the energy sector.

In my current role, that philosophy extends into regulatory compliance, internal controls, workflow design, and documentation management. The complexity isn’t just in meeting a single requirement—it’s in managing thousands of tasks and schedules at once, across overlapping standards, with absolute precision. In the NERC world especially, there’s no margin for error. You don’t get to be “mostly compliant”—you have to be ready at any moment to demonstrate exactly how and where you meet the requirements.

What’s kept me in this space is the real-world impact of the work. It’s not just about checking boxes for compliance—it’s about supporting the reliability, security, and resilience of the North American grid. That sense of purpose continues to drive me, especially as the industry adapts to new technologies and evolving threats.

MC: With increasing cyber threats targeting the energy sector, what do you see as the biggest vulnerabilities utilities face today?  

SC: Visibility is a huge challenge. Many organizations don’t have a clear picture of their footprint. Recent changes to NERC requirements have expanded the scope to include low-impact sites, like wind farms, which previously didn’t fall under medium-generation site criteria. Getting a handle on these assets is tough.

On the IT side, there are plenty of tools to help, but on the OT side, a misstep—like inputting the wrong command—can have serious consequences, like bricking a device or risking a disruption to the grid. Manual processes, spreadsheets, and SharePoint still dominate in some areas, but these methods are prone to errors. Most will agree that trying to find anything in Sharepoint is often somewhere between difficult to impossible.  When high-value professionals are tied up with repetitive tasks like copying and pasting, it’s inefficient. Automation is the key to freeing up their time and allowing them to focus on more critical work. The goal is simple: unified visibility, real-time insight, and systems that work for the people—not the other way around.

MC: Many utilities struggle with the complexity of regulatory compliance, such as is needed with NERC. How can software automation help streamline compliance efforts and reduce risks?  

SC: A lot of entities still have silos of data—systems that don’t talk to each other. Sometimes, our platform serves as the system of record for all NERC compliance, and sometimes it just connects the dots and houses the data. What matters is breaking down those silos to create a clear, cohesive picture of compliance activity across the enterprise.

People often use the term “single pane of glass.” It’s overused, sure—but accurate. We tie evidence, tasks, and controls together, and deliver that information in dashboards tailored to different roles. Executives get the high-level summaries they need to stay informed. Engineers and SMEs get detailed, actionable data. That role-based clarity minimizes noise and keeps everyone focused on what matters most.

Automation reduces the risk of missed deadlines, audit gaps, and human error by ensuring the right information gets to the right people at the right time. Instead of emailing spreadsheets around, users can see the current status of compliance in real time—and act before problems escalate. It’s not about replacing people; it’s about giving them better tools to protect the system and demonstrate compliance with confidence.

MC: What advice would you give to utilities looking to modernize their compliance and cybersecurity programs without overcomplicating operations?  

SC: There are plenty of cool tools out there, but please don’t invest in anything unless you’re willing to dedicate the time and resources to fully understand it and train up on it. Even with our platform, we see varying degrees of expertise—some users are true ninjas who can build anything they can whiteboard, while others only scratch the surface of the platform’s potential.

The key is ensuring that the tools integrate with your existing systems. Many technologies don’t talk to anything else, which isn’t helpful in the long run. It’s important to invest wisely and ensure you’re maximizing the potential of the tools at your disposal.

MC: If you could recommend one critical cybersecurity measure that every utility should prioritize today, what would it be?  

SC: Security and compliance are different things, and most of what we deal with are compliance requirements tied to cybersecurity. Compliance shouldn’t be the ceiling; it should be the foundation you build on.

A major problem I’ve seen is the disconnect between security, compliance, and operations. If these groups aren’t communicating, critical elements can get missed. Compliance is more than just checking boxes; it’s about implementing controls that enhance resiliency and reliability.

Take the name Reliability First, for example—that’s what auditors are focused on: making the grid more secure,reliable, and resilient. Compliance requirements serve as a foundation, but they must be seen as part of a larger effort to strengthen security and resilience.

MC: What are you excited about when it comes to becoming a part of the Energy Central Community? What value do you hope to bring to your peers and what are you hoping you’ll get out from it personally?

SC: What I love about the energy utility space is the transparency. Unlike other industries, there’s a willingness to share ideas because we all want the grid to be as secure as possible.

The Energy Central community is perfect for that. It’s full of opinions and expertise, and I look forward to sharing ideas, asking questions, and learning from others. I enjoy exploring simpler, more efficient ways to approach compliance—there’s no need to overcomplicate it.

At the end of the day, I want to be a part of the conversation on how we help secure the North American power grid and continue to evolve. It is fun when you help free up high-value professionals to focus on critical work rather than spending time on repetitive manual tasks.

MC: What’s your final message you’d share with our utility leader readers?

SC: At the core of every entity’s compliance program—whether for security or compliance—is internal controls. It’s all about having plans and backup plans that ensure you don’t fail.

This requires coordination among stakeholders and a thoughtful approach to processes. Strong internal controls are key to managing the complexities of compliance and security effectively

________________________________________

Thanks to Scott for joining me for this interview and providing a wealth of insights and expertise to the Energy Central Community. You can trust that Scott will be available for you to reach out and connect and ask questions as an Energy Central member, so be sure to make him feel welcome when you see him across the platform.

Other expert interviews in this series can be read here, and if you are interested in becoming an expert, you can reach out to me or  apply here.