Scott Goodwin

Director, PKF O'Connor Davies Advisory LLC

“As a trusted advisor in all areas of information security, I help clients across all industries build effective programs and strategies to manage cybersecurity and compliance risks.”

Scott Goodwin serves in the Firm’s Business Advisory Group and as a team member of the Cybersecurity and Privacy Advisory practice. He has extensive experience including vulnerability assessment, infrastructure and application penetration testing and social engineering. Scott’s areas of focus also include Cybersecurity Maturity Model Certification (CMMC) and Defense Federal Acquisition Regulation Supplement (DFARS) assessment, information security program development and implementation, as well as fractional Chief Information Security Officer (CISO) services.

By combining his consulting and fractional CISO experience, Scott helps organizations across multiple industries develop and achieve information security and compliance goals. He also has significant experience in the governance, risk and compliance areas within the information security industry.

Scott’s background includes a particular focus on the defense and aerospace industry. He works with large prime defense contractors to navigate DIBCAC NIST800-171A audits, as well as smaller subcontractors to understand their exposures and design solutions.

Scott has uncovered several previously unidentified vulnerabilities in commercial software during client penetration testing engagements and research. He is a frequent contributor to industry and trade publications and is a recurring guest author on the TripWire State of Security blog and regularly presents at cybersecurity conferences.

Professional Affiliations & Civic Involvement

  • Information Systems Audit and Control Association (ISACA), member
  • InfraGard, member
  • National Defense Industrial Organization (NDIA)
    • Member, New England Chapter
  • CyberAB, Candidate CMMC Certified Assessor


  • Offensive Security Certified Professional (OSCP)
  • Offensive Security Wireless Professional (OSWP)
  • TCM Security Practical Network Penetration Tester (PNPT)
  • EC-Council Certified Ethical Hacker (C|EH)
  • IBITGQ ISO 27001 Lead Implementer
  • CompTIA Security+


  • University of Massachusetts Boston, Bachelor of Science degree in Physics