Scott is a Manager in the firm’s Business Advisory Group and a team member of the IT Risk Assurance & Advisory practice. He has extensive experience including vulnerability assessment, infrastructure and application penetration testing and social engineering. Scott's areas of focus also include CMMC and DFARS assessment, information security program development and implementation and fractional CISO services.
Scott has achieved his Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP), and Certified Ethical Hacker (CEH) certifications, allowing him to discover previously unidentified vulnerabilities in commercial software during client penetration testing engagements.
By combining his consulting and fractional CISO experience, Scott helps organizations across multiple industries develop and achieve information security and compliance goals. He also has significant experience in the governance, risk, and compliance areas within the information security industry. Scott works with clients to implement many industry standard control frameworks including NIST 800-171, NIST 800-53, NIST CSF, CIS Top 20, ISO 27001/2, and AICPA SOC2.
Scott’s background includes a particular focus on the defense and aerospace industry. He engages organizations across the United States Defense Industrial Base to understand and implement DFARS and CMMC security and compliance requirements. Scott works with large prime defense contractors to navigate DIBCAC NIST800-171A audits, as well as smaller subcontractors to understand their exposures and design solutions.
Scott graduated from the University of Massachusetts Boston magna cum laude with a degree in Physics and a heavy focus on computer science. He also holds other certifications including Security+, Microsoft Security Technology Associate and ISACA CSX.
Information Systems Audit and Control Association Member
National Defense Industrial Association - New England Chapter Member