Welcome Your New Expert Interview Series: Jonathan Kitchin, New Expert in the Utility Management Group – [an Energy Central Power Perspectives™ Expert Interview]

As the latest addition to the Energy Central Network of Experts (in the Utility Management Group), Jonathan joined us for a Featured Expert interview. In this conversation, he shares his insights on why risk management in the utility space is uniquely challenging, how boards are evolving their cybersecurity oversight, the pitfalls of prematurely trusting new tech like AI, and which regulatory trends energy leaders need to keep a close eye on. More than anything, he brings a refreshingly human perspective to a field often dominated by acronyms and dashboards.

Let’s dive in.

Matt Chester: Welcome to Energy Central as one of our Featured Experts! I’d love to give you a chance to have the community get to know you, so please start by introducing yourself, sharing your role in the power sector, and maybe what your key areas of interest and expertise are?

Jonathan Kitchin: I’m Jonathan Kitchin, and I help energy companies turn regulatory chaos into something calm, clear, and actually usable.

I lead product and service delivery at Karta, where we design compliance systems that fit, and hopefully not ones that make people roll their eyes and reach for a spreadsheet. I’ve spent the last 20 years helping, guiding and teaching a wide variety organizations to align governance, tech platforms, and actual day-to-day operations.

Since I joined Karta in January 2022, I’ve been laser focused on the utility space, specifically with simplifying NERC compliance via technology.

MC: You’ve supported Integrated Risk Management (IRM) strategies across different sectors. What makes IRM particularly complex or unique when applied to utilities and energy infrastructure?

JK: IRM in energy is a contact sport. Unlike other sectors, you’re not managing hypothetical risk scenarios. The risks my current customers navigate deal with include physical assets, legacy systems, critical infrastructure, and customers where you supply an essential service. The complexity isn’t the risk framework. Much of the complexity is rooted in coordination. It’s the sheer number of stakeholders, handoffs, and systems trying to talk to each other without crossing wires.

MC: Cybersecurity is no longer just an IT concern—it’s a boardroom issue. How are energy companies evolving their approach to security governance to meet this reality? 

JK: The best utilities are realizing that cybersecurity isn’t a checkbox. This echoes the classic line, “compliance is not security.”

Don’t get me wrong. Compliance is essential as it provides assurance that the culture and rhythm of the organization is built on the strongest fundamentals. The shift I’m seeing is from “who owns this control” to “how do we make it stick across IT, OT, and compliance?” It’s less about buying dashboards and more about finally agreeing who resets the password and who reports when it fails. Boards want to know that cybersecurity is at the forefront of daily activity and not just a scheduled review every 90 days.

MC: As new technologies like AI and edge computing become more widespread, what new vulnerabilities should energy companies be preparing for?

JK: The real threat isn’t the tech. I believe it’s the threat is the temptation to trust it too quickly. AI can hallucinate, edge devices multiply the attack surface, while most orgs are still debating asset inventories. If you don’t have clarity around ownership and access, all AI does is confuse you faster.

 I find it interesting that on topics where I have deep experience and firsthand knowledge, AI always gets some odd details completely wrong. But if I explore a topic where I’m less fluent, I’m amazed at AI’s “wisdom and breadth of knowledge.” There’s a lesson in there. AI might be a possible way to start exploring a topic, but it should not be the last mile of any process. For the foreseeable future, experts will play a very important role guiding the outputs of AI to ensure we don’t hallucinate our way into a mess.

MC: Are there any upcoming regulations, frameworks, or industry trends that you think energy executives and compliance leaders should be watching closely?

JK: Watch the auditor’s interpretation of new CIP-004 and CIP-011 standards closely, especially as they evolve around data-in-cloud protections. Also keep an eye on the slow but steady rise of audit maturity expectations, where regulators want to see not just whether you passed, but how well you knew what you were doing when you did pass.

Cloud storage of sensitive data is still in its infancy. Just this past month, the CISO of JP Morgan Chase published a very thought-provoking letter directed at SaaS providers urging product companies to start with security. Slow is smooth, and smooth is fast. Companies, particularly those that protect mission critical infrastructure, need to re-evaluate their release cadences to ensure key systems are released only when ready.

MC: What are you excited about when it comes to becoming a part of the Energy Central Community? What value do you hope to bring to your peers and what are you hoping you’ll get out from it personally?

JK: Honestly? I’m here to listen first. Energy Central has people who’ve been doing this work for decades. That’s one of the industry components I really respect. I’m excited to be part of a space where real experience beats marketing buzz, and where the messes are shared and solved together.

In terms of what I’ll bring, hopefully clarity. Maybe a metaphor or two that helps someone reframe and unravel an ugly or lingering problem. I’m always trying to make complex things digestible. My original career was as a teacher, and I’ve taken that mindset into every role I’ve had. Personally, I’m looking for honest peers who can sharpen my thinking and challenge assumptions.

MC: What’s your final message to our audience?

JK: Good compliance doesn’t start with software. It starts with coordination, accountability, and a shared understanding of why the rules exist in the first place. The technology can help, but only if the humans align first. That’s the work I care about.

________________________________________

Thanks to Jonathan for joining me for this interview and providing a wealth of insights and expertise to the Energy Central Community. You can trust that Jonathan will be available for you to reach out and connect and ask questions as an Energy Central member, so be sure to make him feel welcome when you see him across the platform.

Other expert interviews in this series can be read here, and if you are interested in becoming an expert, you can reach out to me or  apply here.