About the Instructors
Richard James Hollis, CISM, CRISC, Payment Card Industry (PCI), Qualified Security Assessor (QSA), has extensive hands-on skills and experience in designing, implementing, managing and auditing information security programs. He has served as Director of Security for Phillips, Paris, and Deputy Director of Security for the U.S. Embassy Moscow Reconstruction Project, as well as a variety of sensitive security positions within the U.S. government and military. In addition to his work with Risk Factory, Richard serves on several security technology company boards and security industry advisory councils. An experienced trainer and celebrated public speaker, he has presented to audiences across the world on a variety of information risk management topics and techniques. He has published numerous articles and white papers, and has also appeared on national and international broadcast news, as well as being cited in the press including the BBC, MSNBC, Radio 4, the Financial Times and Time magazine.
Shawna Flanders, CRISC, CISM, CISA, CSSGB, SSBB. Shawna’s passion rests firmly on three pillars: Enriching companies in building and improving their strategies, programs and underlying processes; mentoring individuals as well as aiding in their quest for ISACA certifications; and enhancing and developing curriculum and other publications to improve the profession. Shawna serves as a regular onsite and chapter trainer for ISACA with nearly 29 years of experience in information technology, information security, IT and systems risk management, IT governance, IT internal audit, and six sigma process improvement in the financial services sector. She has completed certificate programs in risk management from Kaplan University and Six Sigma Green & Lean/Black Belt from Villanova University, and earned a Life Operations Management Association—Associate of Customer Service designation. Shawna also served on the 2013 advisory boards for Pinellas Saving for Classrooms and Tampa Bay IT Apprenticeship Program and currently serves as the Director of Research and the CISM/CRISC Certification Chair for West Florida ISACA.
Barry D. Lewis, CISM, CGEIT, has more than 40 years of experience in information technology, specializing in Information Security and IT Governance for more than 30 years. He began work in the consulting field in 1987 and worked for two major audit firms before starting his own company in 1991 and joining Cerberus in 1993. He was awarded the John Kuyers Best Speaker/Conference Contributor Award in 2008. He is co-author of numerous books, including Computer Security for Dummies, Teach Yourself Windows 2000 Server in 21 Days and Wireless Networks for Dummies. His books have been translated into numerous languages around the world. He is co-developer of the COBIT 5 PAM and Assessor Guides and is Foundation accredited. Barry lectures and consults worldwide.
Daisy Lui, MBA, CISA, CIA, CISSP, CRMA has more than 15 years of experience in Information Technology (IT), internal audit, compliance, IT risk management, and IT governance. She is responsible for leading technology oriented business risk control reviews and managing internal audit outsourcing projects for clients. Daisy also assists her clients in adopting the COBIT framework and meeting internal controls certification requirements. She has led technology enabled business process reviews, controls reviews and risk identification/mitigation engagements (general environmental reviews, security reviews, change management reviews, application control reviews, and business continuity management reviews) in a wide range of entities including financial institutions, organizations in the public sector and companies in the consumer business industry. Other than client services delivery, Daisy has obtained the Foundation Certificate for COBIT and ITIL and is an accredited COBIT facilitator. In 2012, Daisy led a team of professionals in reviewing the COBIT 5 exposure draft and provided comments to ISACA on the framework.
Albert J. Marcella Jr., Ph.D., CISA, CISM, provides IT management consulting, IT audit and security reviews, and training for an international clientele. Dr. Marcella is an internationally recognized speaker, researcher, and seminar leader with 30 years of experience in IT audit, security and internal controls. He also authored numerous articles and 26 books on various IT, audit and security-related subjects. Dr. Marcella was named the Institute of Internal Auditors’ Leon R. Radde Educator of the Year in 2000.
Craig R. McGuffin, CPA, CA, CISA, CISM, CGEIT, CRISC, has more than 30 years of experience in information systems management, governance, control, security, and audit. He has a background in computer science, coupled with direct experience in all types of computing and networking platforms. Craig provides advisory services to senior management, as well as hands-on management of IT organizations, projects, and operations. He also helps IT assurance professionals conduct required internal and regulatory compliance assessments. Craig is the co-author of two books on networking technology, as well as an award-winning and popular speaker. As an adult educator, he covers the governance, management, and use of information technology, delivering core knowledge and practices through training seminars and conferences on six continents.
Derek J. Oliver is an Information Governance, Audit & Security specialist with almost 35 years of experience. Qualified with CISA, CISM and CRISC, he is a Certified Health Informatics Practitioner, Chartered Fellow of the British Computer Society, Fellow of the Institute of IT Service Management and a Member of the Institute of Information Security Professionals. An MSc in information technology was followed by a PhD in information security management and a Doctorate in Business Administration. He is internationally regarded as an expert in Information Governance, Audit & Security, and has presented papers at international conferences, as well as formal training courses on various information governance, security and audit topics. As a member of the CISA Certification Board he was jointly responsible for setting the annual, international CISA examination and he was the founding Chairman of the CISM Test Enhancement Committee. More recently, he chaired the Committee responsible for developing the Business Model for Information Security (BMIS); co-chaired the COBIT 5 Task Force and was a member of ISACA’s Framework Committee.
Zachy Olorunojowon, BSC, MBA, is the past president of ISACA Victoria Chapter, British Columbia, and a member of ISACA since 2004. He holds the following certifications: PMP, CISA, CGEIT and COBIT Foundation (versions 4.1 and 5). He has been an ISACA accredited COBIT 4.1 trainer since 2010 and is an Accredited COBIT 5 trainer. Zachy has written exam items for ISACA CGEIT certification, and has more than 15 years of IT experience spanning Systems development, Enterprise Information Systems Implementation, Strategic Project Management, Governance and Management of Enteriprise IT. He is a Project Director with the Ministry of Health, British Columbia, Canada, and has been a Chief Information Officer and a Head of IT with financial institutions in Nigeria. Zachy has delivered COBIT and Risk IT courses in Lagos Nigeria, Victoria and Vancouver, British Columbia, as well as at the ISACA Training week in Boston, U.S. The delegates at these trainings are from public, private and the big four audit organizations. Zachy has conducted on-site COBIT training for Ministry of Finance, Internal Audit Division, Ontario, Canada. He holds BSc. Information Systems and Management from University of London, UK and MBA from University of Victoria, BC Canada.
Vernon Poole, CISM, CGEIT, CRISC is Head of Business Consultancy responsible for addressing information governance and best practice standards on information security management and associated areas (ISO27000 series; ITIL; COBIT; Val IT; New Business Model for Information Security, Continuous Auditing and BCP). Vernon has worked with many organizations in developing tailored information security governance models to enable clients to benchmark their information security improvements. Vernon is a member of ISACA’s COBIT 5.0 Task Force, Information Security Management Committee and IT Governance Institute, a CRISC, CISM and COBIT trainer and a frequent speaker at ISACA global conferences. He is a thought leader for developing the new Business Model for Information Security (BMIS). He has over 20 years of experience in information security management consultancy and training. He has also worked in the public sector and with Aid to Industry (UK audit and security training group).
Jeff Roth, CISSP-ISSEP, CISA, CGEIT, COBIT 5 has more than 27 years of experience within the IT audit, security and risk management workspace, Jeff has extensive real world experience in certification and accreditation assessments and consulting for Information system security for U.S. government, planning and managing critical infrastructure and preformed specialized security, ethics and fraud investigation in support of inside/outside legal counsel, ethics officers, corporate security. Currently he is a member of an ISACA team developing training courses, and in the past three years contributed to both the COBIT 5 and COBIT 5 for Security publications.
John Tannahill, CA, CISM, CGEIT, CRISC, specializes in information security and audit services. His current focus is on information security management and control in large information systems environments and networks. His specific areas of technical expertise include UNIX, Linux and Windows operating system security, network security, and Oracle and Microsoft SQL Server security. John is a frequent speaker in North America and Europe on the subject of information security and audit. John is a member of the Toronto ISACA Chapter and has spoken at many ISACA Conferences and Chapter Events including ISACA Training Weeks; CACS and ISRM Conferences. John was the 2008 Recipient of the ISACA John Kuyer Best Speaker/Best Conference Contributor Award.
Mark Thomas is a nationally known ITIL and COBIT expert with more than 22 years of professional experience, with leadership roles from CIO to IT Governance Consulting. Mark has led large teams in outsourced IT arrangements, conducted PMO, Service Management and governance activities for major project teams, managed enterprise applications implementations, and implemented governance processes across multiple industries. Mark's industry experience with "Big Five" type consulting spans the health care, finance/banking, manufacturing / distribution, services, high technology, and government verticals. Additionally, Mark has forged a reputable competency as a consultative trainer and speaker in several disciplines receiving exemplary evaluations.
Contact the Education/Conference Department: