Executive Managing Director
Over a 22-year career John has developed a very broad technical and business background. Prior to Practical Security Solutions he was a Principal at Carlin, Charon, and Rosen (CCR) where he managed the firm’s Information Security, Assurance, and Risk Management Practice. While at CCR he developed and delivered a broad set of information security services to a wide variety of clients including; IT audits, risk assessments, vulnerability and penetration testing, and secure system design. Before joining CCR he was a partner at CCR’s technology affiliate, Competitive Edge Services (CES). While there he developed and managed the company’s IT Managed Service and Information Security service offerings. In 1991, he founded Systems Integration Group (SIG), which he ran as managing partner until he sold the company in early 2000. During his tenure at SIG John focused on technology consulting, LAN and WAN design, customer support, service delivery, and information systems security. He also held a position as Chief Technical Officer at Cyphermint Corporation, a company that developed and implemented Internet based on-line payment systems. While there he was responsible for all IT support activity in the United States and in Eastern Europe as well as the development and implementation of the company’s information security program.
His current professional focus is on delivering information security, assurance, risk management and general IT consulting services to a wide variety of businesses. This includes the management and performance of IT audits, vulnerability assessments, penetration tests, risk assessments, and system selection and implementation projects.. He also acts in the capacity of information security officer for several New England region community banks.
John attended Central New England College and majored in Information Systems Management. He currently holds the following information security related certifications: Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM). He is an active member of ISACA (Information Systems Audit and Control Association) and CSI (Computer Security Institute). He has extensive knowledge and experience with many regulatory standards such as: FFIEC, NIST 800-53, FIPS 200, GLBA, HIPAA, Sarbanes Oxley, and PCI.