Scott Goodwin

Scott Goodwin serves in the Firm’s Business Advisory Group and as a team member of the Cybersecurity and Privacy Advisory practice. He has extensive experience including vulnerability assessment, infrastructure and application penetration testing and social engineering. Scott’s areas of focus also include Cybersecurity Maturity Model Certification (CMMC) and Defense Federal Acquisition Regulation Supplement (DFARS) assessment, information security program development and implementation, as well as fractional Chief Information Security Officer (CISO) services.

By combining his consulting and fractional CISO experience, Scott helps organizations across multiple industries develop and achieve information security and compliance goals. He also has significant experience in the governance, risk and compliance areas within the information security industry.

Scott’s background includes a particular focus on the defense and aerospace industry. He works with large prime defense contractors to navigate DIBCAC NIST800-171A audits, as well as smaller subcontractors to understand their exposures and design solutions.

Scott has uncovered several previously unidentified vulnerabilities in commercial software during client penetration testing engagements and research. He is a frequent contributor to industry and trade publications and is a recurring guest author on the TripWire State of Security blog and regularly presents at cybersecurity conferences.