VP Business Continuity Services
Barbara Davi, MBCP, MBCI, PMP Barbara is a Business Resiliency Expert. She has the highest level certifications in this knowledge space. She has crafted and led numerous enterprise programs from varied business environments including those in Software and SaaS, Cloud Operations, Utilities, Finance, Retail, Hardware, Networking, Media and Health Services. She is a world class expert in developing end-to-end, audit-ready programs for industry. Her work products include developing Policies, Standards, program Frameworks, Gap Assessments, Vendor Assessments, Business Impact Analysis’ (BIA), Disaster Recovery Plans, Business Continuity Plans, Crisis Management plans, Emergency Management, and Pandemic Planning. Barbara has built and chaired Governance Steering Committees. She is familiar with multiple planning tools and the NIMS/Incident Command System (ICS) methodology. Barbara has led hundreds of tests to practice recoverability. She has presented her services to the highest levels of Executive Management and the Board. Barbara is a published author and is available for speaking engagements. Enjoy Barbara's BCP Blog PANDEMIC AND INFECTIOUS DISEASE PLANNING - New Rules for an Ongoing Threat
David has been the secret weapon in solving every major technical problem faced by EnterpriseGRC Solutions, and previously by Phoenix Business and Systems Process. As partner and founder of these companies, David is our master problem solver, first to examine alternative technologies, to "Read the Manual" and make the magic happen. With over 15 years of experience in enterprise software development, product integration, and process automation, David has earned a perfect track record for leveraging automation to solve problems in an agile, cost-effective way.
Advisory VP Security Services EMEA
James McGee came into the EnterpriseGRC family when he invited Robin to co-manage a LinkedIn group called Information Security Good News. Over 15 years experience in information security, risk management, compliance and enterprise security, James is a strong leader who provides motivation, mentoring and vision, ensuring alignment of Business and Security whilst promotion Information Security as an Enabler. Specialties: Consultant, Architect, Manager, Enterprise Security Architecture / Solutions, Governance, Risk, Compliance, ISO27001/2 - COBIT (4.1 & 5.0). Information Security Policy, Standards, Process, Risk Management, Analysis & Assessments, Application / Web Security, Cloud / Cyber Security, Endpoint and Platform Security, Network and Mobile Security, Social Media guidance, Security Awareness & Training, ITIL, Service Delivery, Service Management. CCSK, CISA, CISM, ISMS Lead Auditor, CISSP, Trend Certified Technical Consultant, WSCE, CCSPA, CCSA, CCNA, CS
We recommend you follow Jim a Rebel Mouse rebelmouse.com/infosecexpert/
Partner ERP & Business Regulatory - CEO AppWrap LLC
Jay has been an associate and colleague of EnterpriseGRC Solutions CEO for the last ten years. Fintech and RegTech expert, Jay is a Risk Management executive with extensive business, security and audit experience, and certification. Currently, Jay's new company leads a practice supporting companies in their security, compliance, and risk management efforts, with an emphasis toward business optimization across all technology and financial systems. Past Partner at SOAProjects and Past President for ISACA Silicon Valley Chapter, Jay is well known and respected across the East Bay. He is a CPA and has CISA and CRIC certifications.
Coming soon: http://www.appwrap.tech/
Business Advisor, Senior Executive, Professional Services
Margaret is known for her amazing success in closing and delivering multi-million dollar consulting, audit and compliance engagements in the public, private and governmental sectors on a global basis. Former co-owner of Control Solutions International, Inc, (CSI) which was sold to Staffing 360 Solutions, a Nasdaq company, Margaret grew the Mid –Atlantic region from a few million to $20+M. Margaret has known EnterpriseGRC Founder, Robin Basham, since 2005 when they collaborated to deliver services to Sharp, CA and The OCC. Robin brought the Facilitated Compliance Management product from Phoenix Business & Systems Process to CSI and throughout the dozen years since their business collaboration has never stopped.
Areas of Focus:
- Private Equity, C-Level, & BOD Decision Makers (Public, Private & Governmental)
- Evaluation & Implementation of Audit, Compliance & Risk Management Frameworks
- Solution Sales/P&L Management/Growth/Strategy/Optimizing Performance
- Building and Maintaining Client Relationships
- Building Successful Partner Alliance Channels
- Marketing & Key Talent Acquisition
- Strategic Planning/Building Pipelines
VP Security, Mid Atlantic
Advisory partner and management member to both Phoenix Business & Systems Process and EnterpriseGRC, Denny is recognized for deep understanding and commitment to Cybersecurity/information security program development and operations. Ranked #117 on ExecRank’s “Top Security Executive Rankings” for 2012, and Co-recipient of "Best Security Team" award 2007, SC Magazine, Denny Dean is known in many security and high-tech circles as a doer who is not afraid to operate at any level of the organization. Chief Information Security Officer (CISO) for The Hanover Insurance Group, Inc., Denny lead information security with responsible for risk management, policy development, awareness & education, compliance, litigation support, information lifecycle governance and security incident investigation.
VP Security & Cloud Engineering
IT Risk & Security Professional, IT Program/Project Manager, Agile Lead
Gordana is an accomplished and influential program/project management professional with over fifteen years of experience in managing software development, infrastructure, cloud deployments and IT security projects. Gordana has a diverse, international experience in working for different size companies, from startups to Fortune 500. She is an effective leader with the ability to deal with ambiguity, adapts to shifting priorities and schedules, and inspiring just the right sense of urgency. Expert in SDLC, Secure SDLC, SAFe, and Agile (Scrum/Kanban), Gordana’s experience in information systems security (SOX, PCI DSS, SAS 70, SSAE16, SAS 109 ISO 27001, EU DPA, COBIT, etc.), was gained thru IT audit consultancy and IT security and risk program management work in areas of M&A integration, Cloud/Virtualization (SaaS, PaaS), Customer and Operations Service Support (ITIL), Customer Relationship Management (CRM), Kronos Workforce Management (WFM), eComm, Retail POS, Mobile Payment (V.me, Apple Pay), Web (Order Management, Online Search/Advertising) and Banking/ Financial products. She is PMP PMI, PPM, Agile (CSM, CSPO, CSP), CISA, Oracle RDBMS Development certified.
Advisory VP Tax Services
Ruth Shirkey is a CPA with significant Big 4 experience and solid technical skills ranging from compliance to income tax accounting in federal, state, and international. Familiar with FAS 109, FIN 48, FAS 123R as well as SOX review. Strong experience in developing and working with integrated tax systems. She has supported EnterpriseGRC Solutions since its founding as a colleague and as the Tax Accounting Advisor. Experienced in North American and US Federal Tax code, and exceptional in her business acumen and understanding of consulting as a practice, Ruth continues to be a treasured advisor and collaborator.
Corporate Advisor, Partner Channels, Global Sales
Scott has a deep background in enterprise and cybersecurity spanning over 20 years from running a security practice for Coopers & Lybrand to running multiple companies focused within the networking and security space. Scott has been part of eight acquisitions in his career and focuses on developing the right strategy of how to bring security products to market globally. Scott has worked with all of the top system integrators, value-added resellers and ISVs with an eye always towards driving joint revenue.
- Board of Directors, Venture Capital, Private Equity
- Enterprise Security Sales & Services
- Channel Sales Development
- M&A, Capital Raising
- Global Sales Build-out
Past Head of Information Security for Danfoss with responsibilities for more than 10K employees and serving the Engineering community, Mitchell is an Information Security-oriented/ business-aware IT Auditor with an IT operations background and a passion for computer forensics, memory/malware analysis, and incident response. With more than 15 years history collaborating with EnterpriseGRC Solutions founder, Robin Basham, Mitchell is known to continuously address business needs while explaining and raising the level of information security with clearly defined, pragmatic risk-reducing activities. Currently working in Internal Audit performing IT Audits reviewing IT General controls while performing forensics analysis of ethics cases, e-discovery and incident response tasks. He is a strong believer in continuous education that works on keeping up with the changes in InfoSec, Forensics and Incident Response. Hold and maintain various InfoSec and Forensics certifications; just completed a two-year online M.Sc. Digital Investigation & Forensic Computing at University College Dublin, graduated October 2016. Specialties: Information Security, IT Audit, Computer Forensics, Incident Response, Security Assessments
Sam Elmihi is Global Strategic Executive Advisor and a business consultant. Providing a global best practice recommendation, business portfolio management and solutions on Security Strategy, GRC, Identity and Access Governance and Risk Management. Experience in creating and managing complex programs, sales enablement and people management. He also has considerable international experience working with global clients in Europe, Middle East and Asia. Sam’s career spans over 20 years in the Information Technology and Information Security organizations. Sam has assisted global clients in Insurance, Financial Services, Banking, Retail, Telecom and Government. Sam is very knowledgeable with regard to working with E-level leadership and company Board members, defining risk management and security strategies, transforming security management and IT control programs, evaluating regulatory compliance requirements and helping Fortune 500 organizations achieve greater levels of operational excellence. He has excellent communication skills as well as Program Management and Project Management expertise.
Frank Reid, CISSP
Frank is a strategic thinking IT and Information Security leader with an exemplary record of leading multi-million dollar information technology projects in the governmental and private sectors. Recognized by the Director of the National Security Agency and the U.S. Strategic Command Chief of Staff for outstanding architectural design and team leadership in support of the GISC CEO Roundtable. Trusted partner in all areas of IT management, recognized for developing and implementing innovative solutions to meet the needs of complex business and military security challenges. International and national expertise with expert knowledge in planning, developing, and managing technology and cyber security projects, systems, operations, and personnel.
Core Competencies - Information Security - Business Continuation and Disaster Recovery - New Technology Evaluation and Selection - Sarbanes-Oxley - Enterprise Resource Planning - P&L Responsibility - Budget Management - Policy Creation - IT Strategy - Seasoned Change Agent - Global Delivery - Change Control - Governance and Risk Management - Risk Management - Infrastructure, Processes, Services - Systems Integration and Migration - Developing or Reorganizing IS/Organization and Infrastructure
Security Architect / Solutions Engineer
- Cyber Security: Successfully design, implement, recommend and deploy network, cloud and host based IT security technologies including UTM, SIEM, Firewalls, malware/email. APT, Network Access Control (NAC), Encryption / PKI, E-Discovery, Data Leakage Protection, wireless, IPS/IDS to name just a few.
- Governance, Risk, Compliance & Auditing: Extensive knowledge of all current compliance and regulatory standards and frameworks including ISO 27001, SOX, PCI DSS, FISMA, NERC CIP, HIPAA, Basel II, GLBA, SB 1386, COBIT, IT-GRC, ITIL / ITSM, SOC / SSAE 16, NIST 800-53, STIG, etc. I have managed and overseen all aspects of auditing and pen-testing. Performed datacenter/system site reviews and developed GRC, Disaster Recovery / Business Continuity and Incident Response Plans
- Sales & Sales Engineering: Consistently reach sales goals (in Millions). Key player in presenting technological, financial and ROI advantages versus competitors. Sold to all levels of key decision-making including C level staff. Responsible for sales, reseller relationships, forecasting as well as technical presentations, RFP’s and POC’s.
- Critical Infrastructure Protection: Designed, oversaw and approved the security architecture for the rollout of a multimillion dollar EMS / OMS system and newly built fiber and cellular backbone to support it. The system design encompassed all areas including substations, control centers, SCADA components, backend systems, front end systems, data in transit and at rest as well as tie-ins into GIS, call center and other critical systems such as natural gas and hydro monitoring (which I also oversaw the security for also).
- Project Management: Have managed software development and security projects in areas such as custom application development, web, front-end and backend development, SaaS, B2B / B2P, e-payments, e-commerce, WAP / WEP, connectivity, security compliance, DLP. etc. Have overseen systems, network, and infrastructure and security product/application rollouts. Completed coursework towards PMP certification.
- Networking & Telecom: Working knowledge of all major platforms vendors including Cisco, Checkpoint, Juniper, Fortinet, etc. Configured routers, switches, firewalls, web servers, load balancers, proxies. Strong background in networking and telecom including wired, wireless, cellular, carrier networks, and data/voice/video over IP-based technologies and the need to design geo-dispersed HA networks. Well versed in routing protocols and OSI model.
- Systems Hardware & Administration Experience: Working knowledge of all major hardware platforms including IBM, UNIX, Wintel, Apple, etc. Performed systems tasks such as administration, configuration, capacity planning, break-fix, monitoring disaster recovery, etc.
- Software Development / Life Cycle Management: Working knowledge of all major OS’s. Knowledge of design and functional roles of a wide range of software applications, databases, web applications, and development languages. Have overseen major development projects and implemented lifecycle management, regression testing, software patching, and deployment. Working knowledge of programming and languages including C, C #, Java, XML / HTML, OOP, Visual Basic, etc.
- Training & Education: Have trained clients, internal staff and the general public in wide a range of security and compliance areas including CISSP, GRC, SSH, threat response / mitigation, forensics, fraud, identity theft, compliance, networking, auditing, accounting fraud, email security, physical and cyber threats, surveillance and regulatory topics. Have developed mock GRIDEX and active shooter scenarios that won board level accolades.
Global technologist focused on cyber security, threat analysis and prevention, secure design, global services, virtual honeypots, incident response, software defined networking, encryption key management, privacy, infrastructure reliability, and successful technical implementation of industry leading cyber security strategy. Highly effective at recognizing and nurturing talent, improving an organization's security posture to increase revenue, and advising on security technologies to further customer and operational confidence.
Cyber Intelligence • Trusted Cloud • Software Defined Networking (SDN) • SDLC • Cryptography • Secure Design and Architecture • Cross-Platform Computing • Risk Management • Incident Response • BCP • Information Protections • Privacy • Resilient Operations • Governance, Risk & Compliance (GRC) • Effective Change Management • Flawless Global Security Certifications • Contractual Security Requirements. CAAP • CSA STAR • ITAR • FIPS 140-2 • ISO/IEC 27001:2013 • FedRAMP • PCI DSS ROC • COBIT 5 • SOC • C&A • FISMA • HIPAA • NIST
Founder, Lead Analyst at Unified Compliance Framework (UCF), Dorian is responsible for three very important US patents -Compliance framework database schema, United States US8661059 B1, Methods and systems for a compliance framework database schema, United States 20140129593 and United States 9009197. "Generating a compliance framework. The compliance framework facilitates an organization's compliance with multiple authority documents by providing efficient methodologies and refinements to existing technologies, such as providing hierarchical fidelity to the original authority document; separating auditable citations from their context (e.g., prepositions and or informational citations); asset focused citations; SNED and Live values, among others." Among the many cool reasons that we work with Dorian is his contribution and oversight to Compliance Dictionary, a website to help everyone in the compliance space clearly define terms, and then leverage those terms in communicating shared compliance needs. Learn more about UCF
Mr. Villegas is Vice President for K3DES, a technology consulting firm focused on the security of electronic payments systems. Mr. Villegas is a QSA, PA QSA, Certified Information Systems Auditor (CISA), a Certified Information Systems Security Professional (CISSP), a GIAC Security Professional (GSEC), and a Certified Ethical Hacker (CEH). He was the 2010-2012 President of the ISACA Los Angeles Chapter and the 2005-2006 President of the ISACA San Francisco Chapter. He has been Co-Chair for the SF ISACA Fall Conference since 2002 through 2008. He is currently Certification Chair for the ISACA Los Angeles Chapter, member of the LA Spring Conference Committee and COBIT Technical Review Committee for LA ISACA. He is also a member of ISSA, ISC2 and OWASP. Mr. Villegas is currently a contributing writer for SearchSecurity - TechTarget. Specialties: IT Risk Management, IT Regulatory Compliance, IT Audit, Information Security (mainframe, C/S and web infrastructures), PCI DSS, HIPAA, ISO 27001.
Arshad Noor is the CTO of StrongAuth (http://www.strongauth.com), a company admired by EnterpriseGRC and Phoenix Business & Systems Process as a leader an innovator in enterprise key management solutions. Significant experience in enterprise-scale IT architecture, cryptography, and open-source software. A strong business background, with an uncommon ability to think outside the box. Exemplary track record in execution and delivery.
Application Level Encryption & Strong-Authentication (ALESA), FIDO Alliance protocols for strong authentication, Data Protection Infrastructure (DPI), Regulatory Compliant Cloud Computing (RC3). Enterprise Key Management Infrastructure (EKMI), Public Key Infrastructure (PKI), Symmetric Key Management Systems (SKMS), Payment Card Industry - Data Security Standard (PCI-DSS), Cryptography tokens (TPM, HSM, smartcards, etc.), Open-source software, Java/J2EE/JEE5/JCE Learn more about Arshad's companies and experience on our Partners page.
James McGee came into the EnterpriseGRC family when he invited Robin to co-manage a LinkedIn group called Information Security Good News. Over 15 years experience in information security, risk management, compliance and enterprise security, James is a strong leader who provides motivation, mentoring and vision, ensuring alignment of Business and Security whilst promotion Information Security as an Enabler. Specialties: Consultant, Architect, Manager, Enterprise Security Architecture / Solutions, Governance, Risk, Compliance, ISO27001/2 - COBIT (4.1 & 5.0). Information Security Policy, Standards, Process, Risk Management, Analysis & Assessments, Application / Web Security, Cloud / Cyber Security, Endpoint and Platform Security, Network and Mobile Security, Social Media guidance, Security Awareness & Training, ITIL, Service Delivery, Service Management. CCSK, CISA, CISM, ISMS Lead Auditor, CISSP, Trend Certified Technical Consultant, WSCE, CCSPA, CCSA, CCNA, CSE
Ashok Kumar CISSP, CISM, CEH, MCSD, ITIL is an Experienced Information Security Director with significant architecture/management experience across a number of service areas, technologies, and industries including eighteen years within the Insurance/Banking Domain. Consistently demonstrated successful implementations, having managed and executed the delivery of numerous large-scale security engagements. Viewed within the organization as a leader capable of security architecture, development, execution, growth and staff development.
Saurabh helps business gain value and maximize their return on investment in risk management solutions. He is experienced IT/GRC and a researcher with over 9 years of experience in diverse technical, leadership, advisory and Consultancy positions. Certified as ISO 27000, ISO 22301, ITIL and many others with experience in IT Service Management, information Security, Business Continuity Management, Disaster Recovery, Risk Management, ISO27001, CobiT, ISO20000, Digital Forensics and investigations, Fraud Investigations, Audit and implementations, Compliance & Governance. He has managed PMO's, audit / fraud investigations / compliance efforts. Saurabh has traveled extensively across major cities in India and has led and executed several engagements across diverse industry segments – Banking, Financial, Insurance, IT and IT Enabled services, Telecom Manufacturing and Oil & Gas.
Gerard (Rod) Brennan
Dr. Rod Brennan has been an influence on all companies created by Robin, Phoenix Business and Systems Process and EnterpriseGRC, acting as a mentor and at times employing the companies to provide compliance services. Among his many accomplishments, Rod has,
Published researcher (AICPA “Pink Book”, Info Sys. Control Journal) and graduate level teaching (Rutgers MBA Program) advanced analytic methods for auditing and business process monitoring; Developed and implemented a best in class risk management and internal control process for Siemens Corp. in NA; Directed worldwide integrated continuous auditing (audit automation) practice for Siemens AG leveraging automation to increase impact, detect/prevent fraud and reduce compliance effort/costs. Established successful IT Audit Practice in North American for Siemens Corporation. Developed and helped implement continuous auditing research and technology at Siemens in cooperation with Rutgers Univ Continuous Auditing Laboratory (CAR-LAB). Created, employed and managed a successful SAP Competency Center serving the Americas for Siemens in support of Legal Consolidation and Management Reporting. Delivered functional integration and process redesign for successful SAP (FI/CO, HR, & Logistics) implementation for a fortune 500 corporation. Provided functional support for $300 million site, with 350 employees -- including process definitions for several critical legacy system interfaces. Managed Accounting and IT functions as Controller for successful business turnarounds and redesigns in manufacturing facilities around the US for a fortune 500 entity – P&L responsibility for up to $300M. Served as V.P. Finance for special projects with a startup regional jet manufacturing company. Learn more about Rod's companies and experience on our Partners page.
Specialties: EXPERIENCE: ACFE Certified Fraud Examiner • Public Reporting (US & German GAAP, IFRS • IPO’s • Continuous Audit / Monitoring / SOX support/ Fraud Prev. • IT Governance / Audit Dev, Automation • Project Manager - large worldwide project experience. • SAP R3 Implementation (FI/CO, HR, Logistics) • Business development / Planning • Building Finance Teams • Tax Planning & Compliance Federal, State, & Sales & Use • SAP Legal consolidation • Government “Earned Value” • Treasury/Risk • Operations • Turnarounds • Start-Ups
Seasoned technology, operations, and business executive with over 25 years of experience, and established information security expert. Strong software security and cloud expertise, with deep architecture and operational experience in multiple verticals. Effective leader, communicator, and visionary, with a proven ability to execute and drive change in both established and high growth, dynamic environments. Extensively networked and frequent connector for top-talent searches. Energetic, focused and driven creative rule-breaker with a well-established track record in highly trusted roles across multiple companies and industries, and a kick-ass CISO. Learn more about Barak's companies and experience on our Partners page.
Silicon Valley Accountants focuses on Financial Transformations that add significant value. This is not a traditional CPA firm; we guarantee results, savings, and complete satisfaction. We have worked extensively with public and non-public growth, technology, healthcare, and other companies and have developed a balanced approach to financial transformation that improves accounting processes, system integration, personnel training, compliance, change agility, and financial reporting. Combine training, optimization, and technology to achieve integrated continuous improvement
- Deliver better processes with increasing speed, lower effort, and reduced costs
- Sustainable and adaptive process improvement
- Quick start, low disruption customized transformations implemented based on your timing needs
- Leveraged transformations to costly manually intensive processes (tax, reporting, FP&A, audit & SOX)
- Enhance embedded controls, improve risk management and reduce compliance costs
- Leverage existing technologies with little IT involvement
A CPA with over 9 years of PwC experience in various assurance capacities, and over 7 years as Asst. controller (SEC), Controller & VP Finance, and have led over 40 transformations including complete system implementations, restructuring, and merger integration based transformation projects. Recently, we have designed a set of Financial Effectiveness Solutions and Methodologies which deliver continuous improvement to optimize financial processes. We have extensive SEC reporting experience from external audit and industry perspectives, including SOX compliance and IT controls. Specialties: Accounting Close and Reporting, Financial Statement Audit and Preparation, Merger & Acquisition Integrations, Complex Revenue Recognition, Financial and Operational Accounting, LEAN Process Improvement and Optimization, Big 4 audit, SOX, Internal audit, MAR, and ORSA. Learn more about Gabe's companies and experience on our Partners page.