About Systems Risk Advisory | Critical Infrastructure Risk and Resilience

Systems Risk Advisory is a focused consulting firm built for organizations that operate essential infrastructure. We help owners, operators, executives, boards, and public-sector leaders understand risk, reduce exposure, and prepare for incidents that affect real-world operations.

Our work connects cyber risk, physical security, engineering judgment, emergency planning, and operational decision-making. The result is practical guidance that utilities and infrastructure organizations can use, not shelfware.

Built around critical infrastructure operations

Many organizations are asked to improve cybersecurity, resilience, and compliance with limited staff, limited time, and aging systems that still have to run. Systems Risk Advisory focuses on that reality.

We work across the areas where cyber, physical, and operational risk meet. That includes IT systems, OT/ICS and SCADA environments, remote access paths, facilities, field sites, vendor access, response plans, leadership decisions, and recovery procedures.

A firm model with specialized depth

Systems Risk Advisory is structured as a specialized firm, not a single-service practice. Each engagement is shaped around the client environment, the risk questions, and the expertise required.

We bring principal-level leadership to each project and draw on specialized support when the work requires additional technical, operational, emergency management, physical security, or training expertise. Clients receive focused attention and the right mix of experience for the assignment.

What we help clients do

Cybersecurity Assessments

Evaluate security controls, exposure, policies, access paths, and practical risk priorities.

OT/ICS and SCADA Security

Review control system exposure, remote access, segmentation, vendor paths, and operational risk.

Emergency Response Planning

Update plans so leadership, operators, responders, and partners know what to do under pressure.

Incident Response Planning

Define roles, decisions, communications, containment, recovery, and escalation steps.

Physical Security

Assess facilities, sites, access control, field assets, and cyber-physical dependencies.

Tabletop and Operational Exercises

Test decisions, coordination, continuity, and recovery before an actual incident.

On-Site Training and Workshops

Prepare staff, managers, executives, and boards with focused, practical training.

Primary clients and sectors

Our strongest focus is water and wastewater utilities, where cyber incidents, physical threats, regulatory expectations, emergency planning, and public health consequences intersect.

We also support electric power, local government, public works, and other critical infrastructure organizations that depend on control systems, field operations, facilities, vendors, and continuity of service.

Practical by design

Our recommendations are written for the people who have to make decisions, fund improvements, operate systems, and respond under pressure. We avoid generic reports that ignore staffing, budget, operational limits, and the need to keep service running.

The goal is to help clients answer direct questions: Who has access? Where can they move? What could they control? What would fail first? Who decides? What must keep operating? What can be fixed now?

Questions we help answer

Who has access?
Where can they move?
What could they control?
What would fail first?
Who decides?
What must keep operating?
What can be fixed now?

Leadership and experience

Systems Risk Advisory was founded by Kevin J. Owens, a cybersecurity and engineering professional with more than 30 years of experience across critical infrastructure, OT/ICS, cybersecurity, physical security, emergency preparedness, and resilience planning.

His work includes water-sector cybersecurity leadership, AWIA-focused risk and resilience work, incident response planning, tabletop exercises, OT/ICS and SCADA security, public-sector consulting, Department of Defense engineering leadership, and standards-related activity through AWWA committees.

Read the Kevin J. Owens leadership profile

Our standard

Clear findings.
Practical priorities.
Respect for operations.
Plain language for leaders.
Technical accuracy for practitioners.
Plans that can be exercised, trained, and improved.

Ready to discuss your risk, resilience, or readiness needs?

Systems Risk Advisory can help assess current conditions, prioritize improvements, update plans, and prepare your organization for cyber-physical incidents that affect essential services.

Contact Systems Risk Advisory View Services