Financial Services IT Governance, Risk & Compliance (GRC) | Cybersecurity | CISSP | CISA | ITIL | vCISO | Veteran | Author
New Jersey - New York, USA
Current Company: Apple Bank
Education: Southern New Hampshire University: MBA, IT Mgmt. Focus (Expected Dec 2025)
Education: University of Maryland Global Campus: Bachelor's Degree (BS), Cybersecurity
With over 25 years of experience in information technology, I am a seasoned IT Governance, Risk & Compliance (GRC) Director and Senior Vice President at Apple Bank, a leading regional bank in New York. As the head of the IT GRC group, I am dedicated to minimizing organizational risk by ensuring compliance with regulatory requirements, internal policies, and industry standards. I oversee issue identification and resolution processes and develop IT strategic reports aligned with corporate objectives.
In addition to my role at Apple Bank, I serve as a Virtual CISO with vCISO Services, LLC, where I provide comprehensive information security services to organizations. My expertise includes assessment, implementation, management, and oversight of security strategies. I lead security teams and manage all information security domains, working closely with clients to mitigate risks, educate on emerging threats, and deliver a holistic approach to information security. My goal is to provide high-quality services and safeguard my clients' organizations. I hold CISSP and CISA certifications and a bachelor's degree in cybersecurity.
Currently, I am pursuing an MBA at Southern New Hampshire University (SNHU) with expected completion in December, 2025.
May 2020 โ Present
As the Director of the IT GRC department within the Information Technology division, I am responsible for reducing organizational risk by ensuring adherence to regulatory requirements, internal policies, and industry standards. I oversee issue identification and resolution processes, as well as the development of IT Strategic Reports aligned with corporate objectives. My role involves continuously improving relevant IT policies, including the System Development Life Cycle (SDLC), IT Asset Management (ITAM), and Technology Change Management. In collaboration with the second and third lines of defense, such as Risk Management, Information Security CISO team, and Internal Audit, I drive the implementation of robust processes including process/control evaluations, self-identified issue resolution, business change risk assessments, and risk escalation/approval procedures. I also manage the Business Continuity/Disaster Recovery team and the IT Risk Controls Testing team (IT RCSA), as well as oversee the Records Retention Program, and IT-related contract management. I approach my role with a high level of professionalism and find it both fulfilling and enjoyable.
Employment Type: Full-time
๐ IT Governance, Presentations, Dashboard Metrics
Mar 2020 โ May 2020
As the Manager of the IT Governance, Risk, and Compliance (GRC) group within Technology Services, I am responsible for ensuring compliance with regulatory requirements, Audit, Risk Management, CISO/Information Security, internal policies, and industry best practices that are commensurate with the size and complexity of the institution. My role involves overseeing the tracking of new and existing issues, as well as continuously improving the self-identified issues management program. I am dedicated to promoting transparency, growth, and maturity within the organization. I work closely with relevant stakeholders, including the Audit, Risk Management, CISO/Information Security, and internal policy teams, to drive the implementation of robust processes that support the organization's compliance objectives. I approach my role with a strong sense of professionalism and a commitment to delivering high-quality results.
Employment Type: Full-time
๐ IT Governance, Presentations, Dashboard Metrics
Feb 2020 โ Mar 2020
Responsible for elevating the overall maturity of the Technology space to ensure efficient and effective risk management processes, procedures, and controls are in place, in alignment with the organization's risk appetite. I develop annual and quarterly IT Strategic Reports that are aligned with the company's business objectives and work closely with the second line of defense risk management team, including the CISO team, to implement enhanced processes. These processes include process/control assessments, self-identified issue resolution, business change risk assessments, and risk escalation/approval procedures. My role involves promoting transparency and growth within the Technology space, ensuring that the organization is well-positioned to meet its regulatory requirements, internal policies, and industry best practices. I approach my responsibilities with a high level of professionalism, dedication, and a commitment to delivering results that drive the success of the organization.
Employment Type: Full-time
๐ IT Governance, Presentations, Dashboard Metrics
Jan 2022 โ Present
As a Virtual CISO with vCISO Services, LLC, I deliver comprehensive information security services to organizations, including assessment, implementation, management, and oversight. I have expertise in developing and executing security strategies, leading security teams, and managing all information security domains. With deep knowledge of security technologies and best practices, I work closely with clients to mitigate risks, educate on emerging threats, and provide a comprehensive approach to information security. My goal is to deliver high-quality services and protect my clients' organizations.
Employment Type: Self-employed
๐ Information Security Engineering, IT Consulting, Presentations
Dec 2019 โ Feb 2020
As a consultant for IT governance, risk, and compliance, I have the privilege of serving a NYDFS-regulated financial services organization with over $15 billion in assets. My role involves conducting comprehensive assessments of the organization's people, processes, and technology to identify opportunities for cost-effective solutions that will enhance the institution's maturity and support its growth towards $25 billion and beyond. Through the implementation of these solutions, I work closely with the organization to ensure the alignment of its IT strategies with its overall business objectives and to promote the effective management of risks. My expertise and experience in this field allow me to provide valuable insights and recommendations that drive the organization towards greater success and security.
Employment Type: Self-employed
๐ Presentations and Metrics Reporting
Nov 2019 โ Dec 2019
As a seasoned professional with experience in both the Audit and IT departments, I successfully executed two critical projects. The first was a comprehensive Active Directory IAM entitlements review, and the second was a high-level information security governance assessment, with a focus on policy, standards, guidelines, and procedures. Adhering to ISACA/COBIT standards and incorporating industry best practices and manufacturer recommendations, I conducted a thorough audit. Furthermore, I conducted a user account password audit that revealed several areas for improvement. I leveraged my expertise to develop new governance processes aimed at enhancing the overall IT/Information Security maturity of the organization.
Employment Type: Self-employed
๐ IT Security Audit, Presentations
Oct 2019 โ Feb 2020
As a startup offering CISO/Architect Placement and Information Security Consulting, we specialize in areas such as program development, security architecture, governance, risk, and compliance, disaster recovery, business continuity, cyber security exercises, crisis management, vendor risk management, incident response, financial services regulatory compliance, IT auditing, and cyber security risk management. Our services also include security process review and enhancement, regulatory consulting, industry standards (NIST, ISO, OWASP, SANS, CIS, CSA), network security, employee security training, cloud security, encryption, employee behavioral monitoring, and secure software development lifecycle management. Our goal is to provide comprehensive and tailored security solutions to meet our clients' unique needs and protect their organizations.
Employment Type: Self-employed
๐ Presentations and Metrics Reporting
Apr 2018 โ Oct 2019
As a highly skilled information and cyber security professional, I have successfully managed a diverse portfolio of projects for leading banks and insurance companies. My expertise in program and technical assessments has enabled me to deliver exceptional results and ensure the integrity and confidentiality of sensitive information.
I have demonstrated my exceptional analytical skills through the systematic examination and evaluation of information and cyber security policies, standards, and procedures to align them with the stringent regulatory requirements of organizations such as FFIEC and NYDFS, as well as industry best-practices such as NIST, ISO, SANS, and OWASP.
My expertise in policy design and implementation has led to the development of effective policy exception processes, risk assessment methodologies, and board and senior management reporting mechanisms, all of which have contributed significantly to the protection of confidential information and minimization of potential threats. I am a dedicated professional, committed to maintaining the highest standards in the field of information and cyber security.
Employment Type: Full-time
๐ Cybersecurity Consulting, Presentations and Metrics Reporting
Feb 2016 โ Mar 2018
As a seasoned professional in Enterprise Risk Management (ERM) and Ops Risk Management (ORM), I have demonstrated exceptional leadership and expertise in developing, implementing, and managing the 2nd line of defense IT and cyber security program. My extensive experience in governance and oversight has enabled me to provide effective guidance and support to the 1st line of defense, ensuring the highest standards of security and compliance. My comprehensive knowledge of regulatory requirements and industry best-practices, including NIST, SOX, HIPAA, and PCI, has allowed me to align assessment programs, standards, processes, and reporting with these critical guidelines. I have also been instrumental in developing executive cyber security reporting and in conducting detailed evaluations of vendor contracts and master service agreements to ensure the protection of sensitive data. By working collaboratively with key stakeholders, including CIOs, CISOs, deputy CISOs, BISOs, business controls directors, Vendor Risk Management, sourcing, Audit, Compliance, and Lines of Business, I have been successful in ensuring the bank's and customer's sensitive data remains protected in accordance with risk and asset value, the institution's strategy/risk appetite, and all external requirements.
Employment Type: Full-time
๐ Information Security Risk Program Architecture, Presentations, Dashboard Metrics
Mar 2015 โ Feb 2016
As the responsible individual for overseeing the Information Security and IT Security programs, I work to ensure that all potential risk exposures are systematically identified, measured, and managed in accordance with the established Information Security Program. By aligning the organization's policies and procedures with the regulatory requirements, such as HIPAA, PCI, and NIST standards, I help to ensure that the security of sensitive information and assets is effectively safeguarded against potential threats.
Employment Type: Full-time
๐ Information Security Architecture & Engineering, Presentations, Dashboard Metrics
Jun 2010 โ Mar 2015
As a seasoned Corporate Information Security Officer, I have successfully built a robust cyber security and risk management program to safeguard the bank's $6 billion in assets. My expertise and strategic leadership have played a crucial role in maintaining the bank's reputation and protecting its valuable customer and business data from cyber threats. I effectively oversee and guide all aspects of the program, including access control, telecommunications and network security, policy development, governance, and risk management, software development, cryptography, security architecture and design (aligned with NIST and ISO 270001, ISO 270002 standards), operations security, business continuity and disaster recovery planning, legal and regulatory compliance, investigations, and physical security.
Employment Type: Full-time
๐ Information Security Architecture & Engineering, Presentations, Dashboard Metrics
Feb 2004 โ Jun 2010
Responsible for the security and operation of over 120 servers, 25+ routers, 30+ switches, 6 firewalls, and 750+ Host-based Intrusion Prevention Systems agents. I conducted risk assessments on the current infrastructure and networking environment and served as the technical and security interface and liaison for the line of business and project management. I also managed the network division's multi-million dollar budget and was a member of the Business Continuity Planning group. From 2005 to 2007, I served as the Network Manager, Vice President. During this time, I designed a local disaster recovery site using virtualization and disk replication methodology and developed a multi-layered security control system for email threat and risk mitigation. I also performed research and development for a server migration strategy to virtualization. From 2004 to 2005, I held the role of Network Administrator, Assistant Vice President. During this time, I developed and reviewed IT security-related policies and procedures, performed research and implementation of multi-layered security controls for the entire network, and was instrumental in the major bank conversion and network migration.
Employment Type: Full-time
๐ Network Engineering, Network Security Management, Presentations, Metrics Reporting
Aug 1998 โ Feb 2004
As a highly experienced IT consultant, I have provided expert guidance and support on a wide range of IT-related projects, from engineer-level to CIO-level, with a focus on optimizing data centers and delivering professional IT services. My expertise in enterprise application architecture and implementation, data center infrastructure consolidation and optimization, network infrastructure, and IT security has allowed me to provide outstanding results for clients. As a Network Field Engineer and Engineering Project Manager, I have demonstrated my exceptional technical skills and project management abilities. I have successfully performed secure design and implementation across a range of technology stacks, including Microsoft desktop and server operating systems, Microsoft Active Directory and Exchange messaging, Cisco network technology, and VoIP. I have also led and participated in customer integration and consolidation initiatives, and developed Network and Security Operations Centers (NOC/SOC) and security monitoring services for clients. With a strong customer service orientation and proficiency in Microsoft Office, I am an active member of the Information Technology Steering Council and a valuable asset to any organization.
Employment Type: Full-time
๐ IT Implementation Engineer, Project Management
Jun 1996 โ Aug 1998
As a highly skilled and experienced IT professional, I have played a pivotal role in the successful completion of numerous key government projects, including research and development initiatives, marketing and advertising campaigns, and IT consulting services for a new commercial branch office. With a background as a network engineer for the Naval Defense Messaging System (DMS) and a lead engineer for the NEXCOM Ships Store Point of Sale (ROM II) program, I have demonstrated expertise in configuring Cisco routers and providing IT-21 (Information Technology for the 21st Century) consulting services to various naval military commands. Additionally, I have been instrumental in the implementation of shipboard e-mail systems, LAN migrations, and web page designs for higher echelon organizations and branch offices, as well as the design and maintenance of various automation and inventory control databases. Furthermore, I have provided video teleconferencing support and trained personnel in computer repair, network administration, operating systems, office suites, messaging systems, and various software applications. With a strong commitment to working closely with all personnel and a proven track record of responsibility for over $1 million in IT equipment, I am confident in my ability to make a valuable contribution to any organization.
Employment Type: Full-time
๐ IT Implementation Engineer, Project Management
Jun 1993 โ Jan 1996
As a dedicated and skilled professional with expertise in helicopter maintenance, I have successfully performed maintenance on UH-60 Blackhawk helicopters. My exceptional technical abilities were recognized by my superiors, leading to my selection to install, maintain, and accurately document command computer systems. I am responsible for the proper accountability of over $500,000 worth of computer hardware and software, ensuring the highest level of operational readiness. Additionally, I have effectively established computer networks by setting up computers for optimal connectivity. I have also demonstrated a strong commitment to training and development by delivering effective training sessions to officer staff on various computer applications and systems. My exceptional performance and commitment to excellence has been recognized by my maintenance of a Secret security clearance, demonstrating my ability to handle sensitive and confidential information.
Employment Type: Full-time
๐ UH-60 Blackhawk Helicopter Repair
Dec 1992 โ Apr 1993
Demonstrated expertise in selling IBM-based computer hardware and software to a diverse customer base, including commercial, government, and private clients, at CompUSA. Contributed to the success of the Customer Service department by providing prompt and knowledgeable support to customers. Maintained a high level of product knowledge through regular training sessions on the latest IBM hardware and software offerings, positioning myself as a trusted advisor to customers. Discontinued employment to join the U.S. Army.
Employment Type: Full-time
๐ Computer Hardware and Software Sales
Sep 1992 โ Dec 1992
Demonstrated expertise in computer hardware and software sales by successfully selling IBM-based products to both commercial and private customers. Utilized technical skills to build and configure customized IBM-based computer systems to meet individual customer needs. Provided exceptional technical support through on-site and remote troubleshooting, resolving hardware and software issues in a timely and efficient manner.
Employment Type: Full-time
๐ Computer Hardware and Software Sales
Oct 1991 โ Sep 1992
Spearheaded the development of dBase databases to effectively track and analyze marketing supplies utilization across the United States. Effectively communicated and distributed insightful information to remote sales teams, supporting their efforts and driving success.
Employment Type: Full-time
๐ Material Distribution, Database Design
Sep 1990 โ Oct 1991
As a Distribution Clerk, I effectively managed the distribution of information to remote sales personnel, contributing to the company's success. Through continuous evaluation and improvement of the mail distribution process, I identified enhancements and successfully implemented changes that resulted in cost savings of over $100,000 annually. With a keen eye for detail and an unwavering commitment to efficiency, I ensured that all information was accurately and promptly distributed to the appropriate personnel, playing a key role in driving the company's growth and success.
Employment Type: Full-time
๐ Material Distribution
Oct 2020 โ Jan 2022
As a Board Member for Koenig Childhood Cancer Foundation, I play a crucial role in the organization's mission to provide financial and emotional support to children battling cancer. Working alongside the other Board Members, I provide oversight for business strategies related to marketing, fundraising, and general operations to ensure the foundation operates effectively and efficiently towards its goal. My dedication to the foundation's mission and my experience in overseeing business strategies make me a valuable asset to the organization.
Employment Type: Freelance
๐ Board Oversight, IT Support
Jun 1989 โ Jun 1993
Served as a Watercraft Engineer in the United States Army Reserves, performing unit, direct support, and general support engineering and maintenance on watercraft. Demonstrated technical expertise in the upkeep and repair of watercraft systems and equipment, ensuring their operational readiness at all times. Maintained a Secret security clearance and executed all assigned duties with the highest level of integrity and confidentiality.
Employment Type: Part-time
๐ LCM Mikeboat Repair
Nov 1988 โ May 1989
Discontinued employment to attend the U.S. Army Reserves, training.
Employment Type: Part-time
Jun 1987 โ Mar 1988
Processed printed materials for customer approval and shipping. Assisted in lay-up/typesetting utilizing an IBM-compatible desktop publisher.
Employment Type: Part-time
Master of Business Administration (MBA), Information Technology
Jul 2024 โ Dec 2025
GPA: 4.0
Activities and Societies: Honor Roll for 2024 D-3 (Jul - Oct) and D-4 (Oct - Dec)
The MBA program at Southern New Hampshire University (SNHU) with a concentration in IT Management equips students with advanced business management skills and specialized knowledge in information technology. The program covers essential topics such as advanced IT, management of IT, and enterprise resource planning, and is designed for flexibility, allowing completion online. Accredited by the Accreditation Council for Business Schools and Programs (ACBSP), it ensures a high standard of education. Students learn from experienced faculty with real-world expertise in both business and technology, preparing them for high-level careers in IT management, digital commerce, e-business, and telecommunications.
Artificial Intelligence (AI) for Everyone
Feb 2023 โ Feb 2023
AI For Everyone by DeepLearning.ai, by Andrew Ng. Skills learned: AI terminology, Workflow of Machine Learning Projects, AI strategy, Workflow of Data Science projects.
Jan 2013 โ Jan 2013
The United States Secret Service's National Computer Forensics Institute's (NCFI) innovative facility and strategic partnership serve to substantially enhance law enforcement efforts to suppress the continually evolving and increasing number of electronic crime cases affecting communities nationwide, as well as improve and strengthen the prosecution and adjudication of those cases. NCFI training courses are offered to state and local law enforcement, prosecutors and judges through funding from the federal government. Travel, lodging, equipment (in some classes), and course fees are provided at no costs to attendees or their agencies. See https://www.ncfi.usss.gov/ for details.
Bachelor's Degree (BS), Cybersecurity
Jan 2012 โ Dec 2017
GPA: 3.833 (cum laude)
Activities and Societies: Cyber Padawans
Protect an organization's critical information and assets by ethically integrating cyber security best practices and risk management through enterprise; Integrate continuous monitoring and real-time security solutions with information collection, sharing, collaboration, and analysis capabilities to improve situational awareness and deployment of countermeasures in industry and government; Evaluate and assess the use of technology to support cyber security goals and objectives; Participate in forensic analysis of cyber incidents and assist in recovery of operations; and, Formulate, update, and communicate short- and long-term organizational cyber security strategies and policies.
67T UH-60 Blackhawk Helicopter Repair
Jun 1993 โ Sep 1993
GPA: 98.1% Overall Score
Majoring in Computer Programming/Design - Not degreed
Jan 1992 โ Apr 1993
Majoring in Computer Science - Not degreed
Nov 1990 โ Dec 1991
Activities and Societies: Proficient in Lotus 123 v2.2, Word Perfect v5.1, MS Word for Windows, MS DOS v5.0, MS Windows v3.1, DBASE IV, Procomm Plus
88L Watercraft Engineer
Jun 1990 โ Aug 1990
High School
Aug 1986 โ May 1990
Activities and Societies: Honor student, Future Business Leaders of America. Major emphasis in computer science and art.
Organization: AICPA
Issued: Nov 2024
Skills: Microsoft Power BI; Microsoft Excel
Organization: AICPA
Issued: Oct 2024
Skills: Microsoft Power BI; Microsoft Excel
Organization: AICPA
Issued: Aug 2024
Organization: AICPA
Issued: Aug 2024
Organization: Wiley
Issued: Aug 2024
Skills: Microsoft Excel
Organization: ISACA
Issued: Feb 2024
Credential ID: 242443237
Skills: IT Audit
Organization: Boy Scouts of America
Issued: May 2021
Credential ID: 13549290
Organization: AXELOS Global Best Practice
Issued: Dec 2020
Credential ID: GR671218726AS
Organization: The SABSA Institute
Issued: Apr 2019
Credential ID: SCF19032234
Organization: FEMA
Issued: Apr 2017
Organization: FEMA
Issued: Apr 2017
Organization: FEMA
Issued: Apr 2017
Organization: Secure Banking Solutions, LLC
Issued: Jan 2016
Expired: Jan 2017
Credential ID: 1632
Organization: ISC2
Issued: Jun 2010
Credential ID: 351320
Organization: Cisco
Issued: Jun 1999
Expired: Jun 2002
Credential ID: CSCO10018655
Organization: Cisco
Issued: Apr 1999
Expired: Apr 2002
Credential ID: CSCO10018655
Organization: Microsoft
Issued: Apr 1998
Expired: Apr 2001
Credential ID: 390299
Dec 2024 โ Present
Organization: American Bankers Association
Associated with: Apple Bank
Assist with the development and review of a new enterprise-based risk management framework for financial services institutions to perform self-assessment, controls review, and compliance reporting of such, related to AI and IA.
Skills: Artificial Intelligence (AI), IT Management, Cybersecurity, Regulatory Compliance, Business Resilience, Program Evaluation
Nov 2024 โ Present
Organization: Cyber Risk Institute
Associated with: Apple Bank
Assist with the development and review of a new enterprise-based risk management framework for financial services institutions to perform self-assessment, controls review, and compliance reporting of such, related to AI.
Skills: Artificial Intelligence (AI), IT Management, Cybersecurity, Regulatory Compliance, Business Resilience, Program Evaluation
Nov 2024 โ Nov 2024
A "GPT" developed on ChatGPT, dedicated to knowledge shared by Mr. Luis Elizondo. The AI provides general information based on publicly available data and is not affiliated with or a substitute for [Luis Elizondo or relevant persona]; use responsibly.
Sep 2018 โ Dec 2018
Associated with: Accenture
Provided content for Lee Sustar's article regarding defense against email-borne attacks (phishing, smishing, ransomware, etc.)
May 2017 โ Aug 2017
Associated with: Fifth Third Bank
Provided content to Penny Crosman for article on email social engineering/phishing/hoaxes: Banks are more typically targeted for financial gain, rather than public humiliation, noted Anthony Scarola, vice president of security and information risk governance manager at Fifth Third Bank.
Nov 2015 โ Nov 2015
Associated with: TowneBank
Working with Jennifer Tanner on developing an article for Security Current online publication to address the increased threats and risk during the holiday season. Focusing on financial institutions, other businesses, and even consumers.
Oct 2015 โ Oct 2015
Associated with: TowneBank
Wrote article on Cloud Computing Security for the Banking CIO Outlook magazine. Worked with Jenna Vegas, Assistant Editor, and colleague Alex. Article focuses on the true definition of cloud, threats, risks, and security controls to help mitigate risk.
Aug 2015 โ Oct 2015
Associated with: TowneBank
Worked with the FSSCC member organizations to include the ABA, FS-ISAC, and others to develop a "tool" for the new FFIEC Cybersecurity Assessment. The purpose of the tool is to help banks and other financial institutions with implementing the FFIEC's Cybersecurity Assessment Tool within their organization and in generating valuable results.
Aug 2015 โ Aug 2015
Associated with: TowneBank
Worked with Debra Cope, President, Cope Financial PR Inc., on an article for fall (Nov/Dec 2015) edition of ABA Banking Journal on the FFIEC's new Cybersecurity Assessment Tool (CAT). The focus of the article is how banks can put the assessment tool into practice -- what are the challenges of doing so, and what are the benefits.
Jun 2014 โ Jun 2014
Associated with: TowneBank
Wrote article for the Virginian-Pilot newspaper.
Apr 2014 โ Apr 2014
Associated with: TowneBank
Mentioned in article due to session at ABA's National Conference for Community Bankers. I provided a checklist of questions top executives should ask information security teams regarding how prepared the bank is for cyber attacks.
Koenig Childhood Cancer Foundation, Inc.
Oct 2020 โ Jan 2022 ยท 1 yr 4 mos
Cause: Children
Provided strategic development and operational support to the founders. Provided technical support and newsletter development for fundraising campaigns.
Toys for Tots
Dec 2015 โ Dec 2015 ยท 1 mo
Cause: Children
Toys for Tots
Dec 2013 โ Dec 2013 ยท 1 mo
Cause: Children
Board Member, Advisor & Investor, Former CSO/CISO, Faculty Member, Mentor - Saviynt
February 14, 2023
Anthony has expertise in understanding how to implement compliance and cyber risk management programs for financial service firms that are sustainable and effective.
Retired - Former TowneBank Internal Auditor - TowneBank
October 2, 2018
It's my absolute pleasure to have the opportunity to recommend Tony Scarola.
I have known Tony for 8 years since I had the good fortune to work with him at TowneBank where he was EVP, CISO and I worked in Internal Audit.
Although we worked in different departments our roles necessitated frequent interaction and cooperation. I thoroughly enjoyed my time working with Tony, and came to know him as a truly valuable asset. I could always depend on Tony whether it was for assistance with an information security risk assessment, guidance and advice when performing vendor information security reviews or a general information security related question. He is confident, dependable, and displayed an exceptional work ethic. Beyond that, I was always impressed with Tony's professionalism, technical knowledge and ability to deal with all levels within the organization from interns to Board members, whether he was explaining technical concepts to the Audit Team or presenting to the Audit Committee.
Without a doubt, I wholeheartedly recommend Tony for any Information Security Governance related position. I am confident he will be a beneficial addition to any team or organization.
SVP | Associate General Counsel - Fifth Third Bank
August 17, 2018
My team and I worked with Tony over the course of two years. He was a consummate professional with particular expertise in emerging technology, security controls/data privacy, and industry best practices. From within ERM, he patiently and professionally assisted the lines of business in understanding, evaluating, and mitigating 3rd party technology risks using technology-compliance and risk-based assessment methodologies. He worked with my team to break down silos and continuously mature and automate the contract-review processes. Tony is a true information security expert who would be an asset to any organization.
Board Member, Advisor & Investor, Former CSO/CISO, Faculty Member, Mentor - Saviynt
August 10, 2018
Anthony understands how to close the gap between demonstrated compliance and enterprise resilience.
Servant - SMB Advisory CISO - vCISO - Author - Podcast Host - Television Host - SME Contributor - Mentor - Entrepreneur - Owner vCISO Services, LLC and Second Chance Publishing, LLC - CISO Novelist - Veteran - vCISO Services, LLC
August 9, 2018
I've known Tony since we worked together as the initial co-chairs of the FS-ISAC's Community Institution Council in 2013. His leadership and expertise was a major factor of that group growing from less than two dozen members initially to several thousand today. He's extremely knowledgeable in information security risk management. Often I have consulted with him for answers or advice. I highly recommend him!
Learning, building relationships and serving to prepare and respond - Reinsurance Group of America, Incorporated
August 9, 2018
I had the great pleasure of working with Tony on a business continuity committee for several years. Tony's ability to articulate technology systems & processes, risks and disaster recovery challenges was helpful in improving overall capabilities and capacity to address technology disruptions. In an era with increasing requirements and visibility, Tony was a collaborative partner and contributed to increased readiness in disaster recovery and business continuity.
CISO | CIO | Keynote Speaker | Strategic Advisor - Amazon Web Services (AWS)
August 8, 2018
Stellar! I had the pleasure of working with Anthony while sharing our common passion for community service, risk management, and cybersecurity. We both fulfilled our passion for community service while serving as Infragard sector chiefs in Norfolk, VA and for the board of directors of the Norfolk Infragard member alliance. Anthony's engaging personality, knowledge of technology, information security, governance, risk, and compliance made him a sought for subject matter expert, captivating presenter and a key asset to the Infragard mission.
Transformative Servant Leader in Risk Management and Cybersecurity - CyberSix, INC
October 1, 2016
I have worked with Anthony for several years through the FS-ISAC and, most recently, Anthony was a key member of my senior management team. Anthony demonstrates an unwavering commitment to setting stretch goals and achieving them consistently with exceptional quality. What's more, not only are his deliverables outstanding, but the collaborative nature in which he develops them clearly demonstrates his team-based approach while taking full accountability for execution. At the FS-ISAC, Anthony was a leading force for ensuring the community banking sector's needs are heard and ensured information sharing occurred effectively across that sector. What stands out most about Anthony is his outstanding knowledge of information/cyber security, industry standards and regulations, his team spirit, strong listening skills, and very positive attitude. Further, he applies a isk-based approach to balancing security and business needs/objectives, and most importantly his ability to work across the organization. As I have both partnered with Anthony in the industry via FS-ISAC and experienced his skills personally, I am extremely confident he is or will be an huge asset to any team he leads or participates on. He is a true practitioner, leader, and someone who is committed to exceeding expectations while also inspiring others around him to contribute their best and be part of a winning team; a true authentic person and leader.
Professional Security Consulting Firm - RILEEN Innovative Technologies, Inc.
January 15, 2016
Tony is a highly skilled Financial professional that has been a tremendous asset to the FBI's Public/Private Partnership, InfraGard. As a Board member, he has continued to provide InfraGard with highly active and relevant professional support. Tony was voted to by the Norfolk Chapter of InfraGard's Financial Sector Chief - a role that he has performed in with the highest level of expertise and professionalism. I would highly recommend Tony for any position of high importance. Tony is a true American Patriot!!!
C-Level Executive, Board Member, and Cybersecurity Professional - NTT
September 8, 2015
I supported Tony by providing a strategic assessment using NIST CSF guidelines. Tony's technical capabilities are excellent in the areas of enterprise security architecture, computer incident response, security testing, investigations of all types (personnel, technical, law enforcement, regulatory, etc.), strategic security operations, and the development of mitigation strategies. His ability to analyze, comprehend, and combine various information security related intelligence feeds, and distill the results into actionable information are outstanding. Tony is a true leader, and has the ability to communicate technically to his team, and strategically to executive leadership. It was a privilege to work with him, and I would recommend him for any senior executive information security position where professionalism, leadership, and technical abilities are essential for success.
IT Professional - ThompsonGas
September 28, 2010
Tony is a highly skilled, very well rounded IT professional that has done work for me on many projects that all resulted in success. He is very knowledgeable of all industry initiatives, standards, and I would highly recommend Tony for any IT projects or positions.
Self-published ยท December 26, 2024
The Bible For Robots is a compelling blend of science fiction, factual exploration, and philosophical reflection, written as a guide for robots and the humans intrigued by their journey. This imaginative book chronicles the evolution of robotics and artificial intelligence, from ancient myths of automata to futuristic visions of hyper-intelligent machines. It dives deep into the complexities of human-robot relationships, offering lessons on coexistence, ethics, and emotional intelligence.
Self-published ยท April 1, 2024
Serving as a compass for aspiring and established IT professionals in the financial services sector, this comprehensive guide highlights navigating a career filled with constant technological evolution, heightened security demands, and the pivotal role of strategic leadership.
Self-published ยท December 22, 2023
A captivating anthology of three short stories exploring the tapestry of human existence, cosmic destiny, and the relentless progression of time. This collection blends science fiction, philosophical musings, and speculative future scenarios.
Self-published ยท February 18, 2015
Discover the journey of "The Old Lady," a rare 1958 Volvo PV 444 L, restored over eight years with personal stories and technical insights. The guide includes step-by-step restoration procedures, research tips, tool essentials, and common pitfalls.
Member ยท June 2019 โ October 2019
Hive13 (in Cincinnati) is a community-oriented public workshop where people can meet and work on their projects. Hive13 is a place to get messy, be loud, and make whatever comes to mind.
Norfolk Sector Chief: Financial Services ยท April 2014 โ January 2016
Served as primary liaison between the FBI and InfraGard Members Alliance (IMA) in the Norfolk region for financial services sector. Facilitated information sharing and communication to address critical infrastructure threats. Provided valuable industry insights and subject matter expertise to FBI and government partners. Maintained open communication with stakeholders and participated in bi-monthly meetings to discuss threats. Represented financial services sector in InfraGard's national sector chief program and continuously assessed sector risk exposure, recommending mitigation strategies aligned with industry standards.
Associated with: TowneBank
Cyber and Information Security Working Group Co-chair ยท July 2013 โ February 2016
As a Co-chair of the Cyber and Information Security Working Group (CISWG) for the American Bankers Association (ABA) in Washington, D.C., I played a pivotal role in fostering collaboration and information sharing among member banks. I facilitated bi-monthly meetings where relevant cyber and information security topics were discussed, and innovative technical and non-technical solutions were proposed. I also had the opportunity to present on relevant topics at the ABA Risk Conference, showcasing my expertise and thought leadership in the field. All of these duties were performed while I was employed full-time at TowneBank, demonstrating my commitment to staying at the forefront of industry trends and best practices.
Associated with: TowneBank
Community Institution Board Advisor ยท April 2013 โ January 2016
Served as a board advisor for the FS-ISAC, providing a community bank perspective on the products and services offered. Collaborated with senior leaders and CISOs from top US financial institutions including Bank of America, Goldman Sachs, MasterCard, Aetna and others. Utilized industry knowledge and expertise to inform the Board of Directors on the needs and perspectives of community banks. Performed duties while employed full-time at TowneBank.
Associated with: TowneBank
Liaison to InfraGard, and Citizen's Academy Alumni ยท December 2012 โ February 2016
Served as a liaison to InfraGard and supported alumni initiatives. The Norfolk Chapter of the FBI Citizens' Academy Alumni Association is a community-based and supported organization, distinct and separate from the FBI, designed to promote a safer community through community service projects and a process of educating business, labor, media, medical, minority, religious, government, senior citizens, and other community leaders about law enforcement, with particular emphasis on the mission, resources, and limitations of the FBI.
Associated with: TowneBank
Director ยท January 2012 โ January 2016
As a seasoned professional in the field of information security, I was honored to serve as the Director of the InfraGard Norfolk Members Alliance. In this role, I leveraged my extensive knowledge and experience to strengthen the relationship between the FBI and local InfraGard members in the Norfolk region. I was responsible for managing and overseeing the bi-monthly meetings, fostering open lines of communication, and ensuring that relevant stakeholders were informed of current and emerging threats. Through my active participation in the sector chief program and my representation of the financial services sector, I provided valuable insights and perspectives to the FBI and government partners. Utilizing my extensive industry knowledge and subject matter expertise, I continuously assessed and evaluated the sector's risk exposure, making recommendations for risk mitigation strategies that aligned with industry standards and best practices. I am proud to have served in this role and am confident that my contributions have helped to enhance the security and resilience of the critical infrastructure in the financial services sector.
Associated with: TowneBank
Children โข Education โข Environment โข Health โข Disaster and Humanitarian Relief โข Poverty Alleviation โข Science and Technology โข Social Services
