CV

A brief bio and head shot is available here.

Work Experience

Wolf & Company, P.C. June 2013 – Present

IT Assurance Senior Consultant

Lead QSA responsible for carrying out PCI DSS audits, as well as cybersecurity team lead responsible for developing and executing technical assessments. Additionally, as an IT Auditor in the IT Assurance Group I directly assist Senior Managers with designing, developing and executing audit procedures to test controls for the firm’s clients automated environment including operating systems, service bureau applications, and communication software products. Also responsible for developing and utilizing audit software to improve the efficiency of the audit process as well as acting as a security and controls consultant for the firm’s clients.
Staff Consultant – June 2013 to September 2016

Education

Bentley University

Bachelor of Science, Information Systems Audit and Control (ISAC) – May 2013 Activities: Football (Team Captain), Bentley Leadership Society (Executive Board Member)

SANS Technology Institute

Master of Science, Information Security Engineering (MSISE) – Candidate

Certifications

Listed in order of attainment

• CISA (Certified Information Systems Auditor) – View on Acclaim
• QSA (Qualified Security Assessor) – View on PCI SSC
• PCIP (Payment Card Industry Professional)
• CISSP (Certified Information Systems Security Professional) – View on Acclaim
• CCSP (Certified Cloud Security Professional) – View on Acclaim
• GSEC (GIAC Security Essentials Certification) – View on GIAC
• GCIH (GIAC Certified Incident Handler) – View on GIAC
• GCIA (GIAC Certified Intrusion Analyst) – View on GIAC

Articles

• 18.SEP.2015 – Reducing Risk for Contactless Payments (Wolf & Company, P.C.)
• 10.FEB.2016 – How Data Tokenization Can Help Helathcare Entities Improve Their Data Security (Wolf & Company, P.C.) (Contributing author)
• 14.NOV.2016 – Combating the Rising Threat of “Smart” Devices(s) (Wolf & Company, P.C.)
• 28.SEP.2017 – My CISSP Success Story (Advanced Persistent Security)
• 25.OCT.2017 – What to look for in a QSA (Wolf & Company, P.C.)
• 28.NOV.2017 – DerbyCon 7.0 Legacy Round Up (Wolf & Company, P.C.)
• 09.FEB.2018 – Active Directory Passwords – Who is Right? (Wolf & Company, P.C.)
• 17.APR.2018 – ATM Jackpotting is Just a Symptom (Wolf & Company, P.C.)
• 22.MAY.2018 – Meet the NCUA ACET (WolfPAC Solutions)
• 31.JUL.2018 – Vulnerability Scanning vs. Penetration Testing: What is the difference, and what is right for me?
  • Also re-published in the Fall 2018 edition of the New Jersey Banker Magazine

Speaking Events

• 09.NOV.2017 – HIMSS New England Chapter – Northern Maine Educational Event | SlideShare
• 29-31.MAR.2019 – BloomCon 0x04 “No one Secures it Alone” | SlideShare
• 13.MAY.2019 – NYBA TCRM “Cybersecurity Assessments Workshop”
• 10.JUL.2019 – AmerstSec Meetup “Deploying Security Onion for Monitoring HIDS”

Webinars

• 11.APR.2017 – Preparing for the FDIC’s Information Technology Risk Examination (InTREx) Program (Wolf & Company, P.C.) | Slides and Video Recording
• 13.APR.2017 – PCI DSS: What It Is and Why You Should Care (SCIP.org) | SlideShare
• 24.APR.2018 – How to Use PCI DSS for a Stronger IT Security Posture and Streamline Your Compliance Efforts | Slides and Video Recording
• 1.JUL.2019 – Detecting Malicious Activity on a Budget

Other Media

• May 2019 – CISOs vs. the Board – SCMagazine | Web Link
• July 2019 – SANS Institute Information Security Reading Room “Attackers Inside the Walls: Detecting Malicious Activity”
• July 2019 – July 12 Episode SANS Internet Storm Center Daily Stormcast
• August 2019 – August Edition of the ISSA Journal ” Attackers Inside the Walls: Detecting Malicious Activity” | PDF
• August 2019 – Developing personal OPSEC plans: 10 tips for protecting high-value targets – CSO Online

Industry-Relevant Volunteer Experience

• Eastern Massachusetts (ISC)2 Board Member
• US Cyber Patriot Mentor – Available for coaching
• InfoSec Mentors – Available to mentor

Industry Memberships

• High Technology Crime Investigation Association (HTCIA)
• International Information Systems Security Certification Consortium (ISC)2
• InfraGard – Boston Members Alliance
• Information Systems Audit and Control Association (ISACA)
• GIAC Advisory Board Member
• SANS Security Awareness Community Member

Industry Conference Attendance

2016

• SecureWorld Boston
• ISACA New England Conference
• DefCON 24

2017

• BSides Boston
• BSidesCT
• DerbyCon 7.0 (Remote)

2018

• ISACA New England IT Audit, Security, and Risk Expo
• North America PCI Community Meeting
• Wild West Hackin’ Fest

2019

• SecureWorld Boston
• BloomCon 0x04 (Speaker)
• NYBA Technology, Compliance & Risk Management Forum (Speaker)
• Layer 8 Conference
• DefCON 27
• DerbyCon 9
• Wild West Hackin’ Fest