People

Thomas DeMayo

Principal

Thomas DeMayo

Thomas DeMayo is a Principal in the Cyber Risk Management Group of the Firm and is responsible for the implementation and design of the Firm’s cybersecurity service client offerings, internal and external audit programs and testing procedures. His cybersecurity services relate to threat and vulnerability management, governance, privacy, incident response, business continuity, disaster recovery and computer forensics.

He has extensive experience with securing and managing information risk across a wide range of industries including commercial entities, hospitality, not-for-profit, governmental, healthcare, private schools and higher education. He is also a computer forensic specialist and can assist with the acquisition and analysis of data in a forensically sound and legally-approved manner

Tom specializes in the areas of information threat and vulnerability management, PCI-DSS compliance, SOX 404 IT Controls, HIPAA, COBIT, and ISO 27001. He has helped many organizations achieve their compliance obligations through intensive and meaningful compliance gap analysis, cyber and information security risk assessments, privacy assessments and penetration tests. He has also made numerous presentations on cybersecurity before client and industry groups and has written extensively in this area.

Professional Affiliations & Civic Involvement

  • Information Assurance Certification Review Board
  • Information Systems Audit and Control Association
  • International Association of Privacy Professionals
  • International Council of E-Commerce Consultants (EC-Council)
  • International Information Systems Security Certification Consortium (ISC2)
  • New York State Society of Certified Public Accountants – Digital Assets Committee and Cybersecurity Committee

Accreditations

  • CISSP – Certified Information Systems Security Professional
  • CISA – Certified Information Systems Auditor
  • CRISC – Certified in Risk and Information Systems Control
  • CIPP/US – Certified Information Privacy Professional
  • MCSE – Microsoft Certified Systems Engineer
  • CEH – Certified Ethical Hacker
  • CCFE – Certified Computer Forensic Examiner
  • CHFI – Certified Hacking Forensic Investigator
  • CPT – Certified Penetration Tester

Education

  • Wagner College, Bachelor of Science degree, magna cum laude in Computer Science with concentrations in Mathematics and Accounting