Steve Crutchley – Founder and Chief Executive Officer
Steve is a recognized leader and foremost authority in the GRC arena. With more than 25 years of experience in Business Protection, combined with an extensive knowledge of the industrial, commercial, government and financial areas, Steve has dedicated his career to maintaining a highly focused emphasis on risk, governance, compliance, information security and information assurance.
A serial entrepreneur, Steve’s string of successes include the sale of his previous venture, 4FrontSecurity, to Symantec. He also sold Systems Solution to AST in South Africa which culminated in the listing of the respective company and the subsequent acquisition of a number of local and international businesses.
Steve has held senior positions in government as well as corporate and private businesses for many years and has a solid track record of prior achievements. In a sector where the noise is mixed and confusing, Steve is able to help organizations navigate through the business protection (security) and compliance maze and assist them in selecting and delivering the processes and solutions that will mitigate risk and support corporate governance. Steve has extensive experience, knowledge and a deep understanding of various standards and control structures such as ISO/IEC 20000, ISO/IEC 27001, ISO 22301, COBIT, ISF, COSO, GLBA, HIPAA, NERC, PCI to mention just a few. Steve is an accredited PECB Trainer for ISO/IEC 27001, ISO 20000 and ISO 22301, in addition, Steve is an accredited registration auditor for ISO 27001, ISO 20000 and ISO 22301 and a renowned Lead Auditor and implementer for ISO 27001, ISO/IEC 20000 and ISO 22301. Steve is also CISM and CGEIT and has a Bachelor of Science in Management Information Systems (B.Sc. Management Information Systems) degree with concentration on Information Security
Larry Candler – Chief Compliance Officer
Larry is an accomplished governance, risk and compliance professional with over 35 years of experience in information technology, communications strategy, information assurance, program management, business continuity, and training programs. He has focused on the strategic application of technology and associated controls to achieve business objectives.
Larry has been involved in several successful startup ventures including 4FrontSecurity, Network Equipment Technologies, and new lines of business at AT&T and IBM Eastern Europe. Larry has extensive experience in assessing and leading ISO/IEC 27001 Information Security Management System certification efforts. He has consulted with several IT and information security professional services firms and previously led the systems engineering functions for three telecommunications/network services firms. He has held responsibility for Policy and Compliance with a major professional services firm and served as Chairman of their Information Security Management Committee providing governance and oversight to the enterprise information security program. He served in this capacity through the firm’s IPO and assured the firm’s compliance with Sarbanes Oxley and HIPAA. He has advised clients across multiple industries and geographies on compliance with several legal and regulatory requirements including GLBA, FDCRA, FFIEC, GAPP, global privacy regulations, NERC, FERC, PCI and several others for both commercial and government accounts. Larry has provided subject matter expertise by commenting on proposed changes to NIST and ISO standards on several occasions. Larry holds the CRISC professional certification and is a Certified ISO 27001 Lead Auditor, Lead Auditor instructor, and implementation instructor. He has a Bachelor of Arts degree in Economics from the University of Michigan.
E. Brian Alexander, Esq. – Chief Legal Officer
Brian brings over 20 years of experience in evaluating and mitigating business risk, and in maintaining regulatory compliance. He has vast experience advising mid to large-size healthcare, energy, financial services, construction and development organizations regarding governance, risk and compliance matters. His work in this area has spanned various roles, including as outside attorney and consultant, and as an internal risk manager.
Brian has worked in private law practice and as a consultant for over 10 years counseling clients regarding corporate and transactional risk and compliance matters. His clients have included companies working in the energy and utilities, mechanical/electrical manufacturing and automation, industrial process, banking, insurance, healthcare/medical technology, and software technology sectors. Brian has significant experience with environmental laws such as the CAA, CWA, CERCLA and RCRA, and has handled environmental regulatory matters for utility clients. Through his various legal and consulting roles, Brian also has gained an in depth understanding of NERC, FERC, state PUC, DOE, EPA and state environmental agency laws and regulations. He also assisted in the development of a tool to assess risk and compliance of power utilities across NERC-CIP, NIST and ISO frameworks.
Brian’s primary focus in attaining his J.D. degree was on corporate, finance and banking law, including the Securities and Securities Exchange Acts, Investment Advisor and Investment Company Acts, Gramm-Leach-Bliley Act and Sarbanes-Oxely Act. He counsels banks, investment companies and insurance companies regarding regulatory compliance matters. Brian also assists businesses with healthcare regulatory compliance and best practices, including compliance with the Affordable Health Care for America Act, and privacy regulations and best practices such as HIPAA and GAPP. Prior to graduating from law school, Brian worked for over 10 years in construction/development management, most of that time as a manager of large hospital and healthcare development projects. He was responsible for identifying and avoiding or mitigating project financial, operational and legal risks on such projects.
Brian has a J.D. degree from the Catholic University, a B.S.M.E degree from Florida International University, and expects to complete an LL.M. degree (energy and environmental law)at George Washington University in 2014.