Candy Alexander, CISSP CISM

Candy-Alexander-3As an industry recognized expert and hall of fame member, Candy Alexander has profound experience in performing many aspects of information security which she obtained through various information security roles. She has over 25+ years in the security industry working for companies such as Digital Equipment, Compaq Computer Corporation, and Symantec. Candy is often requested to present at various conferences. Her most memorable to date is the session at the United Nations where she was a featured speaker for the IT Security Symposium and running in close second is an invitation to the Offices of the White House to speak on the importance of security awareness to the President’s “Cyber-Czar” staff. In her ongoing commitment to “give back” Ms. Alexander volunteers as a Director on the ISSA (Information Systems Security Association) International Board where she is the chief architect for the Cybersecurity Career LifecycleTM. She is also the past President and current Board Member of the ISSA Education and Research Foundation. She has also served as Vice President of Education and Vice President of International Relations for the ISSA. She remains a loyal member at the local level with the New England Chapter and the ISSA-New Hampshire Chapter. Ms. Alexander has received numerous awards and recognition, including that of Distinguished Fellow of the ISSA ranking her as one of the top 1% in the association and she was inducted into the ISSA Hall of Fame in 2014. Candy has held several positions as CISO (Chief Information Security Officer) for which she developed and managed Corporate Security Programs. She is now working as a virtual CISO and Cybersecurity consultant.

Anthony Bellezza, CPA

T-Bellezza-3Anthony J. Bellezza is currently the Senior Vice President and Chief Compliance Officer (COO) at Rite Aid. He also serves as the Chief Ethics & Risk Officer for the company. Prior to joining Rite Aid, Mr. Bellezza was a Partner at Ernst & Young. While there, he served as the Mid-Atlantic Business Risk Services Leader, responsible for developing and growing the BRS practice. Mr. Bellezza also served as the Chief Audit Executive for a multinational Fortune 500 Company. With his combined experiences, Mr. Bellezza has created a leading practice integrated Governance, Risk & Compliance (GRC) framework. This integrated framework covers all aspects from Executive Management and Board oversight to the elements of Risk Management, Compliance and Regulatory Matters, Ethics, Investigations and Fraud Reporting, along with the important monitoring component. The goal of the integrated framework is to institutionalize GRC within an organization and make it a critical component for operating the business.

Steve Biskie, CISA, CITP, CPA, CGMA

Biskie-Steve-3Steve Biskie is co-founder of High Water Advisors, a consultancy that helps organizations improve governance, risk management, compliance (GRC) and audit processes. He specializes in transforming inefficient, outdated, and compartmentalized processes and technologies to optimize GRC and audit performance and generate tangible value. A leader in the audit and compliance space for more than 20 years, Mr. Biskie has become most well-known for his work helping Fortune Global 500 organizations understand and manage the risks within the SAP ERP system. Additionally, he is a thought leader and strategic expert on implementing high-value, sustainable analytics and continuous auditing programs. Steve started his career as an external auditor for Deloitte & Touche (Deloitte), where he was first exposed to both ERP system implementations and data analytics. He has since redesigned the global IT risk consulting practices for several large firms, led the compliance program for a multi-billion dollar insurance organization, and overhauled the consulting and training offerings and delivery model for a major provider of technology for audit and compliance professionals. Mr. Biskie was first exposed to SAP in the mid-90s, while working as an external auditor for Deloitte. He has been involved with SAP systems in a variety of roles, including as an external auditor, internal auditor, consultant, implementation team member, compliance team lead, and SAP Steering Committee Chair. Mr. Biskie worked directly with SAP as part of the SAP Influence Council for the Management of Internal Controls (MIC) tool, the first iteration of what is now the SAP GRC suite. He was the keynote speaker at the first Sarbanes-Oxley for SAP Customers event. A much sought-after trainer on SAP governance, audit, and control topics, Mr. Biskie has taught thousands of business, IT, and audit professionals about dealing with the intricacies of SAP. He is consistently rated as a top speaker at the SAP GRC conference (a collaboration between SAP and SAP Insider). Mr. Biskie was an Expert Reviewer for the 2009 publication Security, Audit, and Control Features: SAP ERP (3rd and 4th Editions), and in 2010 authored Surviving an SAP Audit (SAP Press). Mr. Biskie was also first exposed to data analytics while with Deloitte, where he was a part of the team that developed Deloitte’s first statistical inventory cycle- counting applications. He became proficient with Easytrieve, SAS, MS Access, and ACL during the period, and eventually developed Deloitte’s first extensive data analysis routines for SAP system audits. Always a proponent of smarter auditing through the use of data analysis, Mr. Biskie has been speaking on the topic of continuous auditing and monitoring for more than a decade. Prior to starting High Water Advisors, Mr. Biskie had a five year relationship with ACL, where he re-designed ACL’s training and consulting strategy, led numerous sessions and interactive events on developing sustainable analytics programs, and managed many of ACL’s largest and most strategic client consulting initiatives within many Fortune 100 clients.

Jerod Brennen, CISSP

J-Brennen-3Jerod Brennen is an information security consultant with over a decade of IT, information security, and compliance experience. He has extensive experience in performing security assessments, penetration tests, and security architecture reviews, as well as evaluating security technologies on behalf of his clients. He applies his hands-on experience in support, management, and budgeting roles to help clients identify and implement reasonable and appropriate security controls to meet their security and compliance obligations. Previously Jerod was the CTO and Principal Security Consultant with Jacadis, an award-winning security solutions and services provider. Prior to joining Jacadis, Jerod spent years as an Information Security Specialist with American Electric Power, one of the largest electric utilities in the U.S., before moving to Abercrombie & Fitch (A&F), a multibillion dollar international luxury retailer. At A&F, Jerod built out and managed the information security program. His team was tasked with security operations, PCI and SOX compliance, and identity and access management. Jerod’s approach to information security has two key tenets: you shouldn’t be afraid to void warranties, and you shouldn't need to bypass security to get your work done.

Jason Claycomb, CISA, CISSP


JClaycomb-3Mr. Claycomb is the founder of INARMA LLC, where he helps clients build and maintain IT and enterprise GRC policies and processes. He is a 30-year veteran in cybersecurity, IT governance, and audit. Mr. Claycomb brings a realistic approach to GRC to comply with laws, federal regulations, and industry best practices, utilizing NIST as a foundation for risk assessment. He is proficient in IT governance, planning, systems development and installation, data analysis and reporting, and in evaluating logical and physical controls. Prior to founding INARMA, he served as National Director of IT Services at Experis, and a Manager at PricewaterhouseCoopers (PWC). Mr. Claycomb also served as the Director of IT Services at CrossCheck Compliance LLC, and as an IT Auditor at a Chicago based bank holding company. He is a member of ISACA and ISSA. Mr. Claycomb has particular experience working with highly regulated companies in the banking, financial services, and insurance industries. He has helped many SEC regulated firms to analyze risk, develop, and manage GRC and cybersecurity programs.

Dennis Cox, BSC, FCA, FISI

Dennis-Cox-3Dennis Cox is the Founder and Chief Executive of Risk Reward Ltd, where he oversees all consulting and training projects. A recognized financial services risk management and internal audit expert, he specializes in Basel Accord challenges surrounding credit, market, and operational risk, as well as other business and regulatory requirements. Mr. Cox has more than 25 years of experience in the areas of risk, banking, audit, and accounting. He has held senior management positions within the banking and accountancy profession as Director, Risk Management at HSBC Insurance Brokers Limited, and Director, Risk Management, Prudential Portfolio Managers. Formerly he held a number of roles within the audit profession, including Senior Audit Manager (Compliance) at HSBC Holdings PLC and Senior Manager (Banking and Finance) at both BDO Binder Hamlyn and Arthur Young. Mr. Cox is a Fellow, co-founder and chairman of the Risk Forum for the UK Chartered Securities and Investment Institute and administers the Risk Reward Global Risk Forum on LinkedIn. A Fellow of the Institute of Chartered Accountants (FCA), he has also been a National Council Member for 15 years. A much in-demand speaker and trainer, Mr. Cox is the author of Banking and Finance: Accounts, Audit and Practice. He is currently writing two books, An Introduction to Money Laundering Deterrence and The International Handbook of Money Laundering Deterrence. He is the co-author of The Mathematics of Banking & Finance, and is the senior editor and author of several chapters in The Frontiers of Risk Management.

Kathleen Crawford

Kathleen-Crawford-3Kathleen Crawford is a Senior Consultant for MIS Training Institute. She has more than 25 years' experience in internal audit and fraud investigation. Ms. Crawford is a consultant, specializing in assurance, investigative and advisory projects. Previously, she was an Internal Auditor for Vinfen Corporation, a private, nonprofit human services organization. There she assisted management in the standardizing operations, developing policies and procedures and improving processes. Ms. Crawford also investigated suspected financial crimes, collecting evidence to support successful prosecution and recovery of assets. She created unique methodology to detect and document fraud while complying with unique requirements of MA and CT human services regulations. Ms. Crawford began her career as a bank auditor, first with Bank of New England, then Eastern Bank and State Street Bank. In all three institutions, she was responsible for both internal audits and fraud investigations. Ms. Crawford holds an MBA from the University of Phoenix, attended Babson College Graduate School of Business, and holds a BA in English from Boston College. A member of the Institute of Internal Auditors, she is a past President of the Greater Boston Chapter of the IIA. She is also a member of the Association of Certified Fraud Examiners and the Association for Talent Development. Ms. Crawford serves as Treasurer of the Board of Trustees of the Foxborough Regional Charter School and its foundation, Friends of FRCS. She is also Chair of Vinfen Corporation's Family Advisory Council, a group that consults on issues important to persons with intellectual and developmental disabilities.

Ken Cutler, CISSP, CISA, CISM, Q/EH, Security+, CASP

Ken-Cutler-3Cutler is President and Principal Consultant of Ken Cutler & Associates (KCA) InfoSec Assurance. He is the Director – Professional Certification Programs for Security University. Mr. Cutler is also a Senior Teaching Fellow at CPEi (CPE Interactive), specializing in Technical Audits of CyberSecurity and related IT controls. He is an internationally recognized consultant and trainer in the CyberSecurity and IT Audit fields. He is both certified as and has conducted courses for: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), CompTIA Security+, and CompTIA Advanced Security Practitioner (CASP). Mr. Cutler is a Qualified Ethical Hacker (Q/EH), and both teaches and performs vulnerability/penetration testing around the world. In cooperation with Security University, he recently was featured in two full length training videos on CISSP and Security+. Mr. Cutler is a frequent and much-in-demand speaker on a wide array of CyberSecurity and IT Audit topics. He has delivered numerous hands-on CyberSecurity and outsourced IT Audit consulting projects through KCA and under various former MISTI affiliated professional services divisions, including the Information Security Institute (ISI) and Advanced Information Management (AIM)..

Greg Duckert, MBA, CRMA, CRISC, CIA, CISA, CPA, CMA

Greg-Duckert-3Greg Duckert is the Founder of Virtual Governance Institute LLC and is a Senior Consultant for MIS Training Institute. Mr. Duckert is an internationally recognized expert in the field of Enterprise Risk management. He is the author of the Wiley publication Practical Enterprise Risk Management: A Business Process Approach. He is Certified in Risk Management Assurance, Certified in Risk and Information Systems Control, a Certified Public Accountant, a Certified Information Systems Auditor, and is a Certified Internal Auditor. Mr. Duckert was educated at the University of Wisconsin - Madison and obtained an MBA in Accounting in 1989, a BBA in Accounting in 1978, and a BA in Economics in 1971. He specializes in consulting with major organizations regarding progressive Twenty-First Century methodologies for the construction of data centric enterprise risk assessment and management models including Financial, Operational, Regulatory, and IT areas of concern that yield high business value. He also consults with his clients in all areas of ERM, as well as auditing including continuous audit / consulting platforms. Mr. Duckert is the sole developer and owner of a proprietary approach to risk assessment and management that is applied to both ERM and to enterprise risk data centric risk methodologies for Internal Auditing for organizations of all sizes. During 2012 he worked closely with the General Director - Global Automotive Audit & International Dealer Audit and the General Auditor and Chief Risk Officer of General Motors Corporation in transitioning to his proprietary audit approach known as ORCA™ (Outcome-Risk Centric Auditing). He is currently under contract with a major organization with revenues exceeding the multi-billion $ threshold to build risk based audit and ERM data centric models using his proprietary approaches. In addition, in depth hands on consulting is also performed in the areas of operational analysis and process improvement methodologies. He has developed extensive risk assessment metric inventories for evaluating risks in all organizational areas including operations, IT application systems, IT operations, regulatory and financial areas. Mr. Duckert has addressed the Permanent Undersecretary for Military Affairs of Parliament and the Defense Audit Board of the Ministry of Defense – United Kingdom on the subject matter of creating a risk based business approach to governmental oversight. He is involved in the building of or consulting on the creation of Data Centric Risk Assessment and Management models on an ongoing basis. He conducts seminars and workshops on a global basis and is a frequent speaker at conferences in his areas of expertise. Mr. Duckert has been engaged in the professional practice of Internal Auditing and Risk Assessment and Management for over 35 years. He founded the Internal Audit function of a Fortune 500 corporation at the age of 27 and built the audit department from non-existence to a highly competent Financial, Operational, Information Technology and Regulatory audit body. He was also the General Auditor and Chief Audit Executive at two other major organizations. The audit positions were in the Manufacturing and Health Care industries. His work in Risk Assessment and Management spans virtually all key industry types

Mark Edmead, MBA, CISA, CISSP

Mark-Edmead-3Mark Edmead is the Managing Director at MTE Advisors and a Senior Instructor for MIS Training Institute. Mr. Edmead is a 30-year-veteran of computer systems architecture, information security, and project management. He has extensive knowledge of IT and application audits, IT governance, and SOX compliance auditing. He holds CISA, CISSP, DevOps, Lean IT, TOGAF 9.1 certifications, and is a COBIT 5.0 Certified Assessor. His focus is on IT Transformation, leadership, change management, process improvement, enterprise architecture, technology road mapping, strategic IT planning, IT organization analysis, IT portfolio management, and IT governance. He has worked with many international firms, and has the unique ability to explain very technical concepts in simple-to-understand terms. Mr. Edmead has authored articles in Compliance Advisor Magazine, IT Compliance Journal, IIA Insights, and The Auditor. In addition, he is an adjunct professor at the Keller Graduate School of Management.

Shawna Flanders, CRISC, CISM, CISA, CSSGB, SSBB

SFlanders-3Shawna Flanders is MISTI’s Director of Instructional Technology & Innovation. Her passion rests firmly on three pillars: 1. Enriching companies in building and improving their strategies, programs and underlying processes (primarily within technology, Technology Internal Audit, IT GRC, Technology Related Risk Management, Information Security, BCP/DR, Project Management and Process Reengineering); 2. Mentoring individuals: both in the topics above as well as aiding in their quest for ISACA certifications; 3. Enhancing and developing curriculum and other publications to improve the profession. With nearly 29 years of experience in the financial services sector, Ms. Flanders brings her real world experience to every engagement. Ms. Flanders has completed certificate programs in Risk Management from Kaplan University and Six Sigma Green & Lean/Black Belt from Villanova University, and has earned the Life Operations Management Association – Associate of Customer Service designation as well as holding certifications in CRISC, CISM, CISA and CSSGB. Ms. Flanders teaches several MISTI seminars. She designs her own course content and also has contributed and/or reviewed multiple publications including ISACA CRISC and CISM Review Manuals; Risk IT and COBIT® 5 for Risk. She has also participated in development of the Risk Management and Assurance ISACA Training Week courses.

Martin Green, Esq.

M-Green-3Martin Green is a senior instructor for MIS Training Institute. As a member of the MISTI faculty for more than 33 years, his areas of expertise include computer technology, networking, and security. Mr. Green is the principal of Martin H. Green, P.C. Mr. Green concentrates his practice on the representation of companies in matters pertaining to computer technology, trade secrets, intellectual property, and copyright law. He also maintains an active consulting practice to lawyers and other professional service businesses regarding office automation and related auditing and security challenges. Mr. Green is a member of the Massachusetts Bar, the Massachusetts Academy of Trial Attorneys, and the American Trial Lawyers Association.

Jeffrey T Hare, CPA, CISA, CIA

J-Hare-3Mr. Hare is the CEO of ERP Risk Advisors, a leading thought leadership firm providing risk advisory services for organizations running Oracle Applications. His extensive background includes public accounting (including Big 4 experience), industry, and Oracle Applications consulting experience. He has worked in the Oracle Applications space since 1998 with implementation, upgrade, and support experience. Mr. Hare has worked in several international locations, including Australia, Austria, Canada, Mexico, Brazil, United Kingdom, Ireland, Saudi Arabia, Germany, Panama, and United Arab Emirates.Mr. Hare published Oracle E-Business Suite Controls: Application Security Best Practices in 2009 and Auditing Oracle E-Business Suite: Common Issues in 2015. He has written white papers and articles, some of which have been published by organizations such as ISACA, the ACFE, and the OAUG. Mr. Hare is also a contributing author for Best Practices in Financial Risk Management, published in 2009.

Peter Higgins, CIA, CRMA


Peter Higgins 3Pete Higgins is a consultant for the MIS Training Institute and principle consultant/trainer for Boston Audit Solutions Group, which specializes in audit and risk management advisory and training services. Prior to starting Boston Audit Solutions Group, Mr. Higgins spent the majority of his career as an internal auditor in financial services, including three years as VP Corporate Audit Professional Practices at State Street Bank, where he was responsible for the research, design, implementation, and continuous improvement of audit methodologies and operating standards for approximately 200 audit professionals. Also at State Street, Mr. Higgins transitioned to the 1st-Line of Defense as VP Risk and Compliance, where he led a team (20+) to provide all facets of risk, compliance and audit/examination support for multiple business lines, geographies, and approximately 1,800 employees.

Lane Hollis, MBA, CPA, CFF

Lane-Hollis-3Lane Hollis works as a Corporate Manager, Internal Audit at Jacobs Engineering, Inc. She serves as the lead auditor and investigator on many engineering projects including: aerospace, technology, infrastructure, transportation, pharmaceutical, and many other types of engineering projects. She also serves as the Lead Investigator on many in-house investigations. Before joining Jacobs’ internal audit department, she served as the Finance Manager within the Program Control department at Cape Canaveral Launch Operations and Support Contract for Delta, Titan, and Atlas unmanned rocket launches and payload processing for the International Space Station contract. Prior to Jacobs, she was an Audit Manager at Ernst & Young, LLC. She has also worked as an auditor for Coopers & Lybrand, LLC, and Peat, Marwick and Mitchell, LLC. She has also worked as an instructor at Keiser University, Melbourne, Florida and Southeastern Oklahoma State University, Durant, Oklahoma. She has conducted audits and investigation services, delivered seminars, and made numerous presentations for internal auditors, as well as academic and government agencies in North America and Europe.

Ken Jaworski, CISSP, CIPP, CIPM

Ken-Jaworski-3Ken Jaworski is a Data Security Specialist for Lochbridge Professional Services specializing in the fields of Data Security, Data Privacy, Business Continuity and Records Retention. He is responsible for a variety of assignments in both the public, private and educational sectors. Mr. Jaworski's present assignment is “Data Security Manager”, supplying enterprise wide expertise in Data Security, Data Privacy and Business Continuity for the City of Detroit. He has implemented his skills both as a practitioner and an instructor. Areas of expertise include: Data Security, Gap Analysis, Business Continuity including Data Centers, Workspace and Workforce recovery Data Privacy, Security Metrics, Project Management, Risk Management, Policy and Procedure Development, Configuration and Change Management, Insuring Secure Outsourcing, Insuring Safe Cloud Computing, Training and Awareness. Many of Mr. Jaworski's accomplishments have been through self-developed tools that assist in Risk Analysis, Privacy Impact Assessments, Business Impact Analysis and Gap Analysis. Prior to joining Lochbride, he had a 31-year career with Detroit Edison. While at Detroit Edison, he worked in the Information Protection organization and helped build the 1996 Information Protection Program of the Year. Prior to entering the Data Security field, Mr. Jaworski spent 18 years as an application developer/supervisor on a variety of systems the most important of which assisted in the operations and maintenance of a Nuclear Power Plant. As an instructor for MISTI since 1996, he has conducted numerous Management Level data security, data privacy and business continuity courses. Besides teaching course in the US, Mr. Jaworski has lead courses in Muscat, Hong Kong, Nigeria, Moscow, Singapore, Mexico, London and Amman. Recently, he was the lead consultant for the development, implementation and eventual maintenance of a nationwide awareness program in the country of Oman.

Stephen Kost

Stephen Kost is the Chief Technology Officer for Integrigy Corporation, which specializes in the securing mission critical databases and ERP applications. He has worked with Oracle products since 1994 in many roles including database administrator, technical architect, IT security auditor and applications administrator. Mr. Kost has been writing about and presenting on Oracle security and auditing since then. Prior to founding Integrigy, Mr. Kost worked at Ernst & Young and Price Waterhouse.

Joel Kramer, CPA

Joel-Kramer-3Joel F. Kramer is Managing Director of the Internal Audit Division of MIS Training Institute. Mr. Kramer joined MIS in 1982, and introduced its highly respected Internal Audit curriculum. In addition, his Audit Managers' and Directors' Symposium, SuperStrategies Conference, and The Audit Leadership Institute executive program are highly acclaimed throughout the internal audit community. Prior to joining MIS, Mr. Kramer was Director of Internal Audit for Instrumentation Laboratory, Inc. He also worked for both The Gillette Company and Coopers & Lybrand. Mr. Kramer was inducted into the Institute of Internal Auditors' American Hall of Distinguished Practitioners in 2013. He is a recognized speaker at international, national, and regional audit conferences. Mr. Kramer has written several articles for The Internal Auditor and Protiviti's KnowledgeLeader. He is a past member of the Board of Governors of the Greater Boston Chapter of the IIA, and currently serves on the Advisory Board of the Louisiana State University Center for Internal Auditing.

Susan Landauer, CPA

Sue Landauer-3Ms. Landauer is a partner in the firm Forensic Accounting Services Group, LLC, which specializes in fraud investigations, prevention and training. Her company is affiliated with the CPA firm Wojeski and Company CPAs, LLP. She is a certified public accountant, with over 25 years of experience in the accounting and the financial services industry. Ms. Landauer has conducted numerous fraud investigations for clients in various industries, including banking, manufacturing, construction and others. She has testified as an expert witness in federal and local courts. She began her career with a big four accounting firm, where she specialized in brokerage, banking, manufacturing, credit union and healthcare clients. She then worked for seven years at one of the nations’ top ten banking institutions, where she functioned as the Vice President and Financial Controller of the Trust subsidiaries and Private Banking department. Most recently Ms. Landauer was the Senior Vice President of the New York State Credit Union League, where she oversaw the Audit Services, Strategic Consulting, Education and Training, Foundation, Business Partners, Member Services and District Relations divisions. She is also a presenter of numerous fraud topics, financial information, internal controls and board of director responsibilities for various organizations, including the MIS Training Institute, CUNA, the Association of Credit Union Internal Auditors (ACUIA), NYSCUL, the New Jersey Credit Union League, The Ohio Credit Union League, the Pennsylvania Credit Union League, the Alabama Credit Union League, the Iowa Credit Union League, and various chapters of the Institute of Internal Auditors and Association of Certified Fraud Examiners, as well as regional conferences for Board of Directors and Audit Committees. Ms. Landauer graduated from Siena College with honors, receiving a Bachelors of Arts in Accounting. She is a licensed Certified Public Accountant. She is a member of the American Institute of Certified Public Accountants, the Association of Certified Fraud Examiners and the Capital District chapter of the Association of Certified Fraud Examiners.

Robert McDonough, CRP, CIDA

Robert-McDonough-3Rob McDonough is the Senior Research Manager of Angel Oak Consulting Group, a risk management consultancy serving the investment, risk management, and capital markets needs of financial institutions. He leads engagements which include investment portfolio performance and risk assessments, financial model validations, and strategic/regulatory stress testing implementations. Mr. McDonough also develops and delivers technical training and executive education for financial professionals in banking, investments, asset management, insurance, and regulation.Mr. McDonough was previously the Chief Risk Officer for Angel Oak Capital Advisors, LLC, an SEC-Registered Investment Advisor (RIA) with over USD 6 billion in assets under management. His responsibilities included developing risk monitoring systems to assess market, credit, and operational risks associated with multiple public and private investment funds. He worked closely with Angel Oak’s trading operations to implement controls for fixed income trade settlement processes including clearing, custody, counterparty due diligence, and collateral/margin management. He was also responsible for managing the internal policy compliance and external SEC regulatory compliance processes for Angel Oak. He is also the President and CEO of Strategic Financial Solutions, Inc., a financial services consultancy specializing in risk management consulting and training for institutions managing market, credit, operational, and other risks. Rob has co-sourced with many internal and external audit groups to develop programs and manage audit engagements for firms with significant investment and derivative trading operations. Mr. McDonough was with the Federal Reserve System for 12 years as an economic analyst and a capital markets safety and soundness examiner. His primary focus was regulatory policy development as well as assessing the condition of large complex domestic and international financial institutions. He has an MBA in Finance and Economics from Georgia State University and a BBA from Emory University in Business Administration. He has completed the CFA level I exam and will be sitting for the Level II exam in 2017. Mr. McDonough has delivered capital markets and risk management seminars and consulting services to financial institutions, trading organizations, central banks, and regulatory agencies across the U.S. as well as in Albania, Argentina, Azerbaijan, Bermuda, Brazil, Canada, Croatia, Denmark, the Republic of Georgia, Hong Kong, India, Ireland, Jamaica, Jordan, Kuwait, Lebanon, Malaysia, Mexico, Morocco, the Netherlands, Nigeria, Poland, Portugal, Romania, Russia, Singapore, South Africa, Trinidad and Tobago, the U.K., and Zimbabwe.

Dr. Hernan Murdock, CIA, CRMA

HMurdock3Dr. Hernan Murdock is Vice President, Audit Division for MIS Training Institute. Before joining MIS Training Institute he was the Director of Training at Control Solutions International, where he oversaw the company's training and employee development program. Previously he was a Senior Project Manager leading audit and consulting projects for clients in the manufacturing, transportation, high tech, education, insurance and power generation industries. Dr. Murdock also worked at Arthur Andersen, Liberty Mutual and KeyCorp. Dr. Murdock is a senior lecturer at Northeastern University where he teaches management, leadership and ethics. He is the author of Operational Auditing: Principles and Techniques for a Changing World, 10 Key Techniques to Improve Team Productivity, and Using Surveys in Internal Audits. He has also written articles and book chapters on whistleblowing programs, international auditing, mentoring programs, fraud, deception, corporate social responsibility, and behavioral profiling. He has conducted audits and consulting projects, delivered seminars and invited talks, and made numerous presentations at internal audit, academic and government functions in North America, Latin America, Europe and Africa.

William Nealon, CIA, CFE, MBA

W-Nealon-3William J. Nealon is a Senior Consultant for MIS Training Institute. A former Audit Manager for the New York State Comptroller’s Office, Mr. Nealon was responsible for identifying, planning, and overseeing financial, operational, and programmatic audits and studies in the Higher Education, Tax and Health areas of government. His experience includes audits of the State University of New York, the City University of New York, New York State Department of Taxation and Finance and the New York State Lottery. He was the on-site audit supervisor during the $1.5 billion construction of the Nelson A. Rockefeller Empire State Plaza. During his career, Mr. Nealon was also the Chief Auditor of Refunds for New York State where he was responsible for the audit and approval of all personal and business tax refunds issued by the State. A 30-year audit veteran, Mr. Nealon’s career includes extensive experience in planning and designing audits to detect fraud and identify poor controls that increase fraud opportunities. He was involved in fraud scenarios that resulted in convictions, and he is currently developing a college-level fraud audit course. In addition, Mr. Nealon was an Adjunct Professor of Management at the Graduate College of Union University for 15 years, and an Adjunct Instructor at Rensselaer Polytechnic Institute’s Lally School of Management and Technology. He taught courses in accounting and auditing at the graduate and undergraduate levels. Mr. Nealon is a member of the Institute of Internal Auditors and the Association of Certified Fraud Examiners.

Tom O'Reilly

Oreilly T 3Tom O’Reilly is the Vice President and General Manager of Internal Audit at MISTI, where he is responsible for the strategic direction and oversight of all internal and IT audit related programs. Prior to his role at MISTI, Mr. O’Reilly was the Director of Internal Audit and Chief Audit Executive at Analog Devices, a global designer, manufacturer and distributor of semiconductors and integrated circuits with annual revenues exceeding $3 billion. He was responsible for developing and carrying-out a risk-based internal audit program, overseeing an internal audit team to plan, conduct and report on internal audit projects, and share the team’s analysis with senior management and the Audit Committee. While working as a CAE at Analog Devices, Mr. O’Reilly founded the CAE Leadership Forum, a New England-based group of 200+ CAEs and internal audit leaders that meet bi-monthly to learn from internal audit subject matter experts, share best practices and to network with other internal audit leaders with the goal of using internal audit as a tool to enable positive change within their organization. Preceding his role at Analog Devices, Mr. O’Reilly was an Internal Audit Manager in EY’s Risk Advisory practice, where he had the opportunity to work with two internal audit departments of different Fortune 100 companies.

Charles Pask, CISSP, M.Inst.ISP

Charles-Pask-3Charles V. Pask is the Managing Director of ITSEC Associates Ltd, responsible for delivering global IT Audit and IT Security consultancy services. He was a founding member of the Institute of Information Security Professionals (IISP) and recognised globally as a thought leader in Information Security and IT Controls.Mr. Pask has over 30 years’ experience in IT, IT audit, and IT security, and has previously held Senior IT Auditor positions at Forward Trust Group (subsidiary of HSBC) and Alliance & Leicester Bank plc, and also Group Head of Information Security for Alliance & Leicester (10 years). Mr Pask was the Global Head of Strategy, Development and Globalisation for the BT Business Continuity, Security and Governance Practice. He was previously a Director with MIS Training, and Director of Information Security Institute (ISI) European and Middle East e-Security Services (2000-2). Mr. Pask has been a member of the ITSEC Common Criteria team working with the UK Government, and a committee member of the APACS Security Advisory Group and the LINK Security Group helping to regulate the UK Financial systems. Mr Pask provides IT Audit and Information Security related consultancy services as well as public training courses, in-house training courses, conferences and symposiums. He is recognised as an industry expert on the ISO27000 standards, COBIT, SP800-53, ISO22301, Risk Management, ISC2 CBK, PCIDSS, NIST standards and other Information Security related legislation, regulation and compliance requirements. Mr Pask’s clients includes a number of well-known organisations: Royal Court Affairs, Oman; United Nations (Geneva, New York, Brindisi, Nairobi); Lloyds TSB Bank; KPMG; Unisys; and Intrum Justitia. Mr Pask has Chaired and Co-chaired the prestigious Chief Information Security Officers (CISO) conferences in Europe, Africa and in the Middle East. He has spoken at a number of conferences, including CISO, WebSec, Compsec, the International Security Managers Symposium, and various ISACA events. Mr Pask delivers a number of MIS Training Institute’s IT Audit and Security training program in USA and EMEA. He has also previously been a Senior Instructor for ISC2 in EMEA for CISSP exam training classes. Mr Pask has personally helped over 400 students globally achieve the CISSP training exam.

Keith Pennifold, ACDA

Keith-Pennifold-3Keith Pennifold has been an ACLTM Certified Trainer since 1999 and became a Certified Master Trainer in 2004. As an ACLTM Certified Master Trainer, he has developed new trainers and helped them achieve their ACLTM Certified Training designation. Keith has delivered ACLTM training and consulting to multi-national, government, and financial clients worldwide. Prior to that, Keith worked as an Internal Auditor for a natural gas company where he was introduced to, and gained extensive experience in, the advantages of using ACLTM as an audit tool. Keith has over twenty years of experience in accounting and audit. He has held senior positions in both the US and Europe, including roles as Controller and Vice President of Finance. Keith is an ACLTM Certified Data Analyst (ACDA).

Tony Redlinger, CIA, CISA, CISSP, CFE

Keith-Pennifold-3Tony Redlinger, CIA, CFE, CISA, CISSP, has more than 20 years of IT audit experience in industries ranging from financial services to nuclear science. He is currently a Senior Audit Manager for IHS Markit, a global information company headquartered in London, where his primary responsibility is management of the IT audit function. Over the course of his IT audit career, Mr. Redlinger has participated in a wide variety of audit activities, including multiple acquisitions and data center consolidations, Y2K readiness assessments, annual information security assessments based upon British Standard 7799 (ISO/IEC 27002), internal audit quality assessments, managing a SAS 70/SOC 1 initiative, launching anti-fraud program, and serving as a member of a security steering committee. He has presented on audit and security topics for IIA, ISACA, IMA, and PMI chapters as well as at conferences for the MISTI. He is a graduate of the University of Iowa.

David Richards, CIA, CPA

David-Richards-3David A. Richards is the former President of The Institute of Internal Auditors (IIA) and served as a member of The IIA International Board of Directors for more than 17 years. After holding various vice chairman positions on the board, he was elected the 2001-2002 IIA chairman of the board. In 2004, he was recognized for his extraordinary service to the association with The IIA’s prestigious Victor Z. Brink Award for Distinguished Service. Prior to his tenure as President of The IIA, Mr. Richards was Chief Audit Director at FirstEnergy Corp., the seventh largest investor-owned electric utility serving over four million customers in the Ohio, Pennsylvania and New Jersey areas. As CAE for FirstEnergy, he oversaw the planning, performance, resolution, reporting and implementation of the work of 30 auditors. During his 33 years at FirstEnergy, Mr. Richards served in a variety of capacities, including Supervisor of Accounts Payable, and Accountant in General Auditing, Project Team Leader for three merger transition teams, Y2K Project Leader and SOX Project Team Leader. He also oversaw the annual compliance process for the FirstEnergy Code of Conduct, initiated a Corporate Compliance Program and assisted in the development of the FirstEnergy’s Enterprise Risk Management Program. In addition, Mr. Richards served five years as a member of the COSO Board of Directors during the period when the COSO documents on Enterprise Risk Management Integrated Framework (2004), Internal Control over Financial Reporting Guidance for Small Businesses (2006) and Guidance on Monitoring of Internal Control Systems (2009) documents were issued. He served two years on the Audit Board for the City of Orlando and was a member of the Edison Electric Institute Internal Auditing Committee for more than 24 years, including one year as chair.

Rita Roberts, ACDA, CISA

Rita-Roberts-3Rita Roberts is an ACLTM Certified Master Trainer and has been instrumental in helping clients apply ACLTM to meet their data analysis requirements throughout North America, specializing in the banking & finance and healthcare industries. Rita has many years of Information Systems’ audit experience with organizations in healthcare, hospitality, financial services, and public accounting. Rita has a Bachelor of Science with concentration in Finance from the McIntire School of Commerce at the University of Virginia, and was previously named in Who’s Who in the Computer Industry. She is a Certified Information Systems Auditor (CISA) and is also an ACLTM Certified Data Analyst (ACDA).

Fred Roth, CISA

Fred-Roth-3Fred C. Roth is Vice President of MIS Training Institute’s IT Audit Division, where he facilitates and coordinates its IT Audit and Sarbanes-Oxley IT Audit curriculum. Mr. Roth also provides extensive direction and training to organizations worldwide in planning and assessing IT risk areas. Previously, Mr. Roth spent more than 25 years in system development and information technology audit and security with Eastman Kodak Company. As Corporate Audit Project Manager, he had worldwide responsibility for planning and coordinating Kodak’s IS/IT audits in the United States, Asia, Europe and South America. Mr. Roth was a key player in Kodak’s successful worldwide SAP implementation, where he was responsible for the Corporate Audit partnership on the project and for assessing controls during system design and implementation. He is a frequent speaker at international conferences and does IT control and security training on a worldwide basis.

Thomas Salzman, CISA, ITIL

Tom-Salzman-3Thomas Salzman is IT Audit Manager for Illinois State University, where he manages all computer audits conducted by the University. His responsibilities include working with educational and administrative departments throughout the University to prepare and streamline IT policies and procedures, improve operational processes and controls, and develop methodologies for managing computer resources. His work requires him to be skilled in telecommunications controls, application management, computer intrusion, security management, and application design and development. A much in-demand speaker, Mr. Salzman teaches a variety of computer management and audit topics worldwide. He has presented numerous IT courses throughout the world, including the USA, Panama, Canada, Argentina, England, Hungary, Indonesia, Turkey, United Arab Emirates, Kuwait, Singapore, Japan, Guam, Puerto Rico, Cyprus, Trinidad and Tobago, and Guyana. Mr. Salzman develops and conducts IT audit courses for MIS Training Institute. Most recently, he also has been conducting IT audit and control webinars with MIS Training Institute. Mr. Salzman is the recipient of the College and University Auditors Excellence in Service Award and is honored to be an original member of the Association of College and University Auditors Faculty. He also has served on the faculty of DePaul University in Chicago. Mr. Salzman has assisted a number of financial institutions, manufacturing concerns, universities, government agencies, and energy companies with building new IT and IT audit functions from scratch. Previously, Mr. Salzman was Director of Professional Services for the Information Systems Audit and Control Association (ISACA) where he was responsible for establishing and supporting its worldwide network of educational programs, conferences, and special events. He also served as editor and co-author of the ISACA CISA Review Manual. Prior to joining ISACA, Mr. Salzman was with Coopers & Lybrand, heading their Technical Training & information Security practices. Mr. Salzman has been President of the Institute of Internal Auditors NW Chicago Chapter, and Treasurer of the IIA Central Illinois Chapter.

Mary Siero, CISSP, CISM, CRISC

MSiero-3Mary G. Siero is an executive level Information Technology Consultant with experience in several industries in both IT and business departments. Her diverse background has provided her with a unique perspective about IT's role and the value it can bring to the businesses it supports. Ms. Siero has over 30 years' experience in engineering and technology from industries such as Gaming and Hospitality, Healthcare, Consumer Products, Manufacturing and Education. Over her career, Ms. Siero has developed and managed IT security, risk, compliance and operational environments for multiple organizations. She was honored as the CISO of the Year and has provided testimony for the State of Nevada Information Technology Board regarding The Current and Future Cyber Threat. She is a frequent speaker at national conferences on the topics of IT security and risk management and is the author of several journal articles and "Safeguarding Your Organization's Data: A Call to Action" published in 2013.

Marilyn Stanton

Marilyn-Stanton-3Ms. Stanton is the Managing Partner of Illuminated Consulting LLC a leadership coaching, strategic change, and people development firm based in San Francisco She specializes in coaching global leaders on reaching their full potential and in customized consulting partnering with worldwide clients on implementing strategic change, aligning their organization to achieve business strategy, and on building productive workplaces with effective cross-functional and intact teams Ms. Stanton’s 25 plus years of international and North American experience includes working on management and infrastructure strengthening, implementing a systems-wide internal controls framework (COSO) and Talent Management Strategy at the 12th District Federal Reserve Bank, and consulting to Fortune 500 firms in the manufacturing, retail, high-tech, and bio-tech sectors on strategic change initiatives such as SOX implementation, private payments network installation, global supply chain redesign, off-shore outsourcing, drug commercialization process, and IT systems implementation. Her firm also specializes in assessing and developing intercultural leadership competencies to reduce business risks associated with miscommunication and mistrust in critical international or domestic multicultural business relationships. Ms. Stanton has also been an instructor at the college and university level for 20 years where she taught various courses on organizational change and doing business globally. She holds a MSOD (Masters of Science in Organization Development), certified Leadership Coach trained by ICC and CTI, and is a member of both the US and European Organization Design Forum (ODF).

Alan Sugano

Alan-Sugano-3Mr. Sugano attended California State University, Northridge (CSUN) and graduated with a double major in Management Information Systems (MIS) and Management Systems Analysis (MSA). After graduation, he worked at Coopers & Lybrand (now Price Waterhouse Coopers) for several years in their Microcomputer Advisory Services Group (MAS) as a consultant. Mr. Sugano is now the President of ADS Consulting Group, Inc. (ADS). Founded in 1991, ADS specializes in Networking, Server Virtualization, Workstation Virtualization, Application Virtualization, Security, Exchange, Custom Programming, PCI Compliance, Web Development, SharePoint and SQL Server Development. He has given talks on Virtualization, Storage, Network Audits/Security, Troubleshooting, Server Selection, Network Documentation, Network Management, Network Design and Topologies, SQL Databases, Disaster Recovery and Cloud Migration. He speaks at IT/DevConnections Conferences (http://www.devconnections.com) sponsored by Windows IT Pro Magazine. Mr. Sugano is a Contributing Editor for Windows IT Pro and has articles published in the magazine several times a year. He wrote a book titled the Real-World Network Troubleshooting Manual, which is a practical guide to network troubleshooting. He was a Microsoft Most Valuable Professional (MVP) in Connected System Developer from 2004 to 2008. Mr. Sugano Alan teaches Virtualization and Active Directory Security Classes for MISTI several times a year. ADS has launched ADS Cloud, a private cloud service that is based on VMware’s vCloud Directory Architecture.

Sarah Swanson


Sarah swanson 3Trainer, Writer and Owner of Tembleweed Consulting for the past 12 years. Has provided Audit Report Writing training classes for the past 13 years.

Jim Tarantino, CISA, CRISC, ACDA

Jim-Tarantino-3Jim Tarantino is the Client Solutions Director for High Water Advisors, a consulting firm specialized in helping organizations improve governance, risk management, compliance (GRC) and audit processes. He has over 15 years of information technology, analytics, audit and GRC experience with a recognized expertise in developing solutions to enable data-driven auditing, risk assessment and investigations. Prior to joining High Water Advisors, Mr. Tarantino was a Solution Lead/Practice Manager for ACL Services, where he led the implementation of data analytic solutions for large public sector clients. He has also held a number of GRC practitioner roles including Senior Auditor at RTI International and various management positions at Nortel Networks implementing a human capital analytics program. As a member of the IIA, ISACA and ACFE, Mr. Tarantino participates in local chapter activities, including serving as an instructor for CISA certification exam preparation seminars.

Richard Tarr, CISA, CIA

Richard-Tarr-3Richard H. Tarr is an audit and information systems (IT) veteran. As an audit and information systems consultant and President of Richard Tarr and Associates, his consulting practice specializes in: the development and training of integrated internal auditing functions; internal audit quality assurance reviews; and application and general control reviews. His extensive experience includes the development, training, and evaluation of internal audit departments in government, industry and higher education with more than 100 external quality assessment reviews over the past 20 years. Previously, he was the Manager of Quality Assurance Review Services for the Institute of Internal Auditors (IIA) and was with the Walt Disney Company for 10 years.

John Verver CPA, CISA, CMC

John-Verver-3John Verver is the Global Director of Analytics Strategy with High Water Advisors. Previously, he was a vice president with ACL, with overall responsibility for ACL’s product and services strategy, as well as for relationships with key organizations in the audit, compliance, risk, and control market. His responsibilities at ACL included leadership and growth of ACL’s professional services organization, including consulting, training and technical support. John is acknowledged as an expert authority and domain thought leader on audit analytics and continuous controls monitoring and led the overall development of ACL's original CCM product suite. He is regularly asked to speak at global audit and control conferences and is an inaugural member of the Center for Continuous Auditing's advisory board. John was a key contributor to the Institute of Internal Auditor's Global Technology Audit Guide #3 on continuous auditing and controls monitoring. Prior to joining ACL, John spent 15 years with Deloitte in the UK and Canada. During his tenure, he was director of computer services, with responsibility for IT audit and security services, as well as accounting systems consulting and implementation. He subsequently became a principal, responsible for building and managing the business system development and implementation practice in British Columbia. John is a Chartered Professional Accountant, Certified Management Consultant and Certified Information System Auditor. He has served on the Council of the Institute of Management Consultants of B.C. and on a variety of committees of the Institute of Chartered Accountants of B.C. He has an honors degree from King's College, University of London, England.

Leonard Vona, CPA, CFE

L Vona-3Leonard W. Vona is the CEO of Fraud Auditing and cited by Wiley as a world- renowned authority in fraud auditing. He is the author of Fraud Risk Assessment: Building the Fraud Audit Program, The Fraud Audit: Responding to the Risk of Fraud in Core Business Systems, and Fraud Data Analytics Methodology: The Fraud Scenario Approach, published by Wiley. A forensic auditor with more than 38 years of diversified forensic auditing experience, he has provided more than 1,500 days of fraud training around the world in over thirty-seven countries and 48 states. Mr. Vona has provided fraud auditing consulting services regarding fraud risk assessment, fraud auditing, and fraud data analytics for some of the largest organizations in the world. He has provided expert witness testimony in federal and state courts and consulted with corporations around the world. His financial investigation experience includes embezzlement, economic damage, asset theft, bribery, intellectual property, and various disbursement schemes. Mr. Vona’s trial experience is extensive, including appearances in federal and state courts. He has been cited in West Law for the successful use of circumstantial evidence as establishing evidence of embezzlement. He previously has instructed for the National Association of Certified Fraud Examiners, Lally School of Management at Rensselaer Polytechnic Institute, and wrote the class ‘Auditors Responsibility for Detecting Fraud – SAS 99’, used by CPA societies across the country. His international training experience spans five continents and includes training through interpreters in the languages of Spanish, Portuguese, and Russian.Mr. Vona graduated from Siena College with honors, receiving a Bachelor of Business Administration in Accounting. He is a member of the American Institute of Certified Public Accountants and the National Association of Certified Fraud Examiners. He was the 1994 President of the N.Y. Capital Chapter of the Association of Government Accountants and the founding President of the Albany Chapter of Certified Fraud Examiners.

William Woodington, CPA, CIA

WWoodington-3Mr. Woodington is President of Woodington Training Solutions, LLC. He spent 18 years managing the Learning & Development (L&D) function for Wells Fargo Audit & Security before starting his own business, which delivers internal auditing and professional development training. He is based in Minneapolis and holds a CPA, CIA, and CRMA, with a bachelor’s degree in Accounting and a master’s degree in Finance. He is also a member of the Institute of Internal Auditors (IIA) and Association for Talent Development (ATD). Mr. Woodington spent four years as an Audit Specialist supervising audit projects prior to moving into the L&D position at Wells Fargo. Prior to that, he worked for First Bank System and Deloitte and Touche. In his position at Wells Fargo, he was responsible for teaching the core curriculum classes (New Hire Orientation, Auditor In-Charge Training, CIA Exam Review, Effective Writing, Situational Leadership, and Leadership 101) to Wells Fargo’s Audit staff. He was also responsible for developing and delivering virtual training related to audit topics, and managing Audit & Security University at Wells Fargo. Mr. Woodington has taught seminars for the Institute of Internal Auditors (IIA) and MIS Training Institute (MISTI) He is certified by the IIA to teach CIA Exam Review. He is also certified by the Ken Blanchard Companies to teach Situational Leadership II.