CV

A brief bio and head shot is available here.

Work Experience

Wolf & Company, P.C. June 2013 – Present

IT Assurance and Security Manager

Sean is a Manager in Wolf’s IT Assurance and Security group. This role entails developing security reviews, managing projects including security reviews (e.g. Active Directory, firewall configurations, etc.), vulnerability assessments, and penetration tests. Sean is also Wolf’s Lead QSA responsible for carrying out PCI DSS audits and mentoring Associate QSAs.

Staff Consultant – June 2013 to September 2016

Senior Consultant – October 2016 – September 2019

Supervisor – October 2019 – September 2020

Education

Bentley University

Bachelor of Science, Information Systems Audit and Control (ISAC) – May 2013 Activities: Football (Team Captain), Bentley Leadership Society (Executive Board Member)

SANS Technology Institute

Master of Science, Information Security Engineering (MSISE) – Candidate

Certifications

Listed in order of attainment

• CISA (Certified Information Systems Auditor) – View on Acclaim
• QSA (Qualified Security Assessor) – View on PCI SSC
• PCIP (Payment Card Industry Professional)
• CISSP (Certified Information Systems Security Professional) – View on Acclaim
• CCSP (Certified Cloud Security Professional) – View on Acclaim
• GSEC (GIAC Security Essentials Certification) – View on GIAC
• GCIH (GIAC Certified Incident Handler) – View on GIAC
• GCIA (GIAC Certified Intrusion Analyst) – View on GIAC
• GCWN (GIAC Certified Windows Security Administrator) – View on GIAC
• GCCC (GIAC Critical Controls Certification) – View on GIAC
• GCUX (GIAC Certified Unix Security Administrator) – View on GIAC
• GCPM (GIAC Certified Project Manager) – View on GIAC
• GDAT (GIAC Defending Advanced Threats) – View on GIAC

Articles

• 18.SEP.2015 – Reducing Risk for Contactless Payments (Wolf & Company, P.C.)
• 10.FEB.2016 – How Data Tokenization Can Help Helathcare Entities Improve Their Data Security (Wolf & Company, P.C.) (Contributing author)
• 14.NOV.2016 – Combating the Rising Threat of “Smart” Devices(s) (Wolf & Company, P.C.)
• 28.SEP.2017 – My CISSP Success Story (Advanced Persistent Security)
• 25.OCT.2017 – What to look for in a QSA (Wolf & Company, P.C.)
• 28.NOV.2017 – DerbyCon 7.0 Legacy Round Up (Wolf & Company, P.C.)
• 09.FEB.2018 – Active Directory Passwords – Who is Right? (Wolf & Company, P.C.)
• 17.APR.2018 – ATM Jackpotting is Just a Symptom (Wolf & Company, P.C.)
• 22.MAY.2018 – Meet the NCUA ACET (WolfPAC Solutions)
• 31.JUL.2018 – Vulnerability Scanning vs. Penetration Testing: What is the difference, and what is right for me?
  • Also re-published in the Fall 2018 edition of the New Jersey Banker Magazine
• 04.DEC.2020 – PCI Network Segmentation: Key Findings & Insights (Wolf & Company, P.C.)

Speaking Events

• 09.NOV.2017 – HIMSS New England Chapter – Northern Maine Educational Event | SlideShare
• 29-31.MAR.2019 – BloomCon 0x04 “No one Secures it Alone” | SlideShare
• 13.MAY.2019 – NYBA TCRM “Cybersecurity Assessments Workshop”
• 10.JUL.2019 – AmerstSec Meetup “Deploying Security Onion for Monitoring HIDS”
• 12.MAR.2020 – Wild West Hackin’ Fest
• 23.SEP.2020 – 2020 Business Continuity and Cybersecurity in a New World, Seminar OKC
• 24.MAY.2021 – Oklahoma Bankers Association
• 21.SEP.2021 – Wisconsin Bankers Association – WBA Secur-I.T. & BSA/AML Conference
• 13.OCT.2021 – New York Bankers Association – Technology, Compliance, and Risk Management Conference
• 04.NOV.2021 – WolfPAC User Conference
• 05.NOV.2021 – Wolf & Company’s 2021 Financial Services Leadership Annual Summit – Preparing to Mitigate and Respond to Ransomware
• 14.NOV.2021 – Pennsylvania Bankers Association – Digital Banking Conference
• 30.NOV.2021 – FMS Boston Chapter – Technology Update – Ransomware

Webinars

• 11.APR.2017 – Preparing for the FDIC’s Information Technology Risk Examination (InTREx) Program (Wolf & Company, P.C.) | Slides and Video Recording
• 13.APR.2017 – PCI DSS: What It Is and Why You Should Care (SCIP.org) | SlideShare
• 24.APR.2018 – How to Use PCI DSS for a Stronger IT Security Posture and Streamline Your Compliance Efforts | Slides and Video Recording
• 1.JUL.2019 – Detecting Malicious Activity on a Budget
• 16.OCT.2019 – DEF CON 27: Major Conclusions and Key Concepts (Wolf & Company, P.C.) | Notes | Recording
• 22.SEP.2021 – Western Bankers Association: Practicing Data Privacy in an Age of Sharing

Other Media

• May 2019 – CISOs vs. the Board – SCMagazine | Web Link
• July 2019 – SANS Institute Information Security Reading Room “Attackers Inside the Walls: Detecting Malicious Activity”
• July 2019 – July 12 Episode SANS Internet Storm Center Daily Stormcast
• August 2019 – August Edition of the ISSA Journal ” Attackers Inside the Walls: Detecting Malicious Activity” | PDF
• August 2019 – Developing personal OPSEC plans: 10 tips for protecting high-value targets – CSO Online
• February 2021 – 5 Ways to Combat Audit Fatigue – CSO Online
• March 2021 – SANS Institute Information Security Reading Room “Remote Workforce Impact on Threat Defenses”
• October 2021 – Wisconsin Bankers Association – What Community Banks Need to Know About Ransomware Attacks
• Stumbling Through Security podcast – https://podcasts.apple.com/us/podcast/stumbling-through-security/id1460066606
• Security Without Obscurity podcast – https://anchor.fm/sec-without-obscurity

Industry-Relevant Volunteer Experience

• Eastern Massachusetts (ISC)2 Board Member
• US Cyber Patriot Mentor – Available for coaching
• InfoSec Mentors – Available to mentor
• Mass Cyber Center – Mentor Fall 2021

Industry Memberships

• High Technology Crime Investigation Association (HTCIA)
• International Information Systems Security Certification Consortium (ISC)2
• InfraGard – Boston Members Alliance
• Information Systems Audit and Control Association (ISACA)
• GIAC Advisory Board Member
• SANS Security Awareness Community Member

Industry Conference Attendance

2016

• SecureWorld Boston
• ISACA New England Conference
• DEF CON 24

2017

• BSides Boston
• BSidesCT
• DerbyCon 7.0 (Remote)

2018

• ISACA New England IT Audit, Security, and Risk Expo
• North America PCI Community Meeting
• Wild West Hackin’ Fest

2019

• SecureWorld Boston
• BloomCon 0x04 (Speaker)
• NYBA Technology, Compliance & Risk Management Forum (Speaker)
• Layer 8 Conference
• DEF CON 27
• DerbyCon 9
• Wild West Hackin’ Fest

2020

• Wild West Hackin Fest – San Diego (Speaker)
• Layer 8 Conference
• Wild West Hackin Fest – South Dakota
• PCI North American Community Meeting

2021

• SANS Purple Team Summit
• Wild West Hackin Fest – Way West
• SANS Security Awareness Summit