Our Distinguished Staff of Network Security Consultants

Jonathan G. Gossels, President & CEO
ISACA/CISM

Jonathan is President of SystemExperts™ Corporation, a network security consulting firm specializing in IT security and compliance. He plays an active, hands-on role advising clients in compliance, technology strategies, managing complex programs, and building effective security organizations. Jonathan brings a business focus to this work, balancing all technical initiatives with business requirements and impact.

Prior to founding SystemExperts™, Jonathan built the Consulting Services operation for OpenVision Technologies (now Veritas). Before that, he was the Director of Business Development and Business Area Manager of Interoperability for the Open Software Foundation (OSF). In that role, Jonathan initiated and led the Distributed Computing Environment (DCE) project from its inception through its three major releases.

Jonathan is frequently quoted on the emerging challenges as well as best practices in information security in leading publications such as ComputerWorld, Information Week, CSO Magazine, Wall Street & Technology Magazine, and InfoWorld. He is also a regular contributor to SC Magazine, Information Security Magazine, and the ISSA Journal.

Jonathan has served on the editorial advisory board of Information Security Magazine, as technical advisor to Dateline NBC, and has been a guest on CBS news radio.

Jonathan is a graduate of Yale University and MIT's Sloan School of Management.

---

Brad C. Johnson, Vice President
ISACA/CISM, NSA/IAM

Brad Johnson is Vice President of SystemExperts™ Corporation. He is a well-known authority in the field of distributed systems and is a frequent speaker on the subjects of security standards, penetration testing, middleware, and practical intrusion detection. He has participated in seminal industry initiatives including the Open Software Foundation (OSF), X/Open, and the IETF, and has published extensively about open systems.

Brad is frequently quoted in business and technical publications such as SC Magazine, Wall Street and Technology, ISSA Journal, and IT Security Magazine. He has also served as a technical advisor or contributor to Dateline NBC, Information Security Magazine, Internet World, ISSA, WatchIT, and CNN.

At SystemExperts™, Brad has pioneered innovative methodologies and operational practices that enable our clients to use penetration testing, event management, and protocol-oriented infrastructure analysis to vastly improve their level of effective security at the lowest possible cost.

Prior to joining SystemExperts™, Brad was one of the original members of the OSF DCE Evaluation Team. He was also the engineering project manager to complete the actual integration of those technologies and the project leader for the first three major releases.

Brad holds a Bachelor of Arts degree in Computer Science from Rutgers University (Magna Cum Laude) and a Master of Science degree in Applied Management from Lesley University (Summa Cum Laude).

---

Richard E. Mackey, Jr., Vice President of Consulting
ISACA/CISM, PCI QSA

Richard E. "Dick" Mackey is regarded as one of the industry's foremost authorities on distributed computing infrastructure, compliance, and security. He has helped many organizations, from online retailers and application service providers to major manufactures assess and improve their security programs. He has advised leading Wall Street firms on overall security architecture, virtual private networks, enterprise wide authentication, and intrusion detection and analysis. He also has unmatched expertise in the Open Software Foundation Distributed Computing Environment.

Prior to joining the consultancy SystemExperts™, he was the director of collaborative development for The Open Group (the merger of the Open Software Foundation and X/Open), where he was responsible for the integration of Microsoft's ActiveX Core with DCE and DCE Release 1.2.

Mackey has been a frequent speaker at conferences and a regular contributor to major publications on topics such as regulatory compliance, security standards, identity management, and service-oriented architecture security. Mackey has a B.S. and M.S. in electrical and computer engineering from the University of Massachusetts at Amherst.

Richard was promoted to Vice President of Consulting in early 2007.

---

Philip C. Cox, Principal Consultant
ISC/CISSP, ISACA/CISM, NSA/IAM, NSA/IEM, PCI QSA

Philip Cox is currently a Principal Consultant with SystemExperts Corporation in Auburn, California. Phil is an industry recognized network security consultant, author, and lecturer and has an extensive track record of hands-on accomplishment. He specializes in TCP/IP based distributed systems security. He has performed hundreds of security and system management architectures design and reviews, application specific technology roadmaps, and solution deployments. He has also performed penetration and application testing against literally thousands of hosts, as well as emergency response to hacker attacks.

Phil is the primary author of the authoritative Windows 2000 Security Handbook (Osborne-McGraw Hill) that was published in December 2000. He was also the technical editor of Building Internet Firewalls, 2nd Edition and Hacking Linux Exposed. For the past several years, Phil's technical focus has been on Microsoft Windows; in particular, security issues related to securing Windows systems in heterogeneous environments.

Prior to joining SystemExperts, Phil worked as a Computer Scientist at Lawrence Livermore National Laboratory. Prior to the Lab, Phil was co-founder and Technical Information Director for Networking Technology Solutions (NTS). He Has performed numerous tutorials and workshops for SANS, Usenix, Computer Security Institute (CSI), The Internet Security Conference (TISC), Internet World, Secure-World Expo, University California Davis, and NetWorld-Interop. His topics have ranged from high level topics such as "Security in an E-Business World" to detailed advice in "Hardening Windows 2000 Lab".

Phil holds a Bachelor of Science degree in Computer Science from the College of Charleston, South Carolina. He is a Certified Information Security Manager (CISM), and holds the NSA IAM and IEM certifications.

---

Jason Reed, Principal Consultant
ISC/CISSP, ISACA/CISM, NSA/IAM

A Principal Consultant with SystemExperts™ Corporation in Charlotte, North Carolina, Jason Reed is a security professional with exceptional experience in web application penetration testing, intrusion detection, and incident response in mission critical production environments. Jason has worked on and led projects within multiple vertical markets including financial services, manufacturing, web services, on-line retail, brick and mortar retail, and the insurance industry. Jason has successfully completed projects with governmental organizations as well, including the Department of Justice, throughout the United States. Many of his past projects have included web application vulnerability assessments and the development of tools as well as methodologies to identify security weaknesses in web applications based on a variety of technologies (such as Active Server Pages, ASP.NET, Java Server Pages, JavaServer Faces, Cold Fusion, PHP, WebMacro/Velocity, PERL, and a number of other platforms).

Prior to joining SystemExperts™, Jason worked for IBM Global Services and AT&T where he developed security standards, managed corporate-wide security initiatives, and implemented some of the most practical intrusion detection mechanisms deployed at the large enterprise scale. Jason was a member of IBM's ASERT (Advanced Security Event Response Team) that provided investigative services, forensic study, and security breach remediation services to IBM and its clients which included major private and government organizations. Prior to his work in intrusion detection and escalation, Jason focused on programming system management solutions including data-flow facilities for IBM's NetView 6000, SNMP polling and reporting systems, and network statistics reporting.

Jason holds the Certified Information Systems Security Professional (CISSP) certification from the International Information Systems Security Certification Consortium (ISC)2, the Payment Card Industry (PCI) designation as a Qualified Security Assessor (QSA), and the Information Systems Audit and Control Association's (ISACA) certification distinction as a Certified Information Security Manager (CISM). He also holds the INFOSEC Assessment Methodology (IAM) certification sponsored by the National Security Agency (NSA) -- originally developed to train the U.S. Department of Defense (DoD) for security assessments and is a member of the Federal Bureau of Investigation's (FBI) InfraGard program and the United States Secret Service's Electronic Crimes Task Force (Miami Office).

Jason has taught tutorials on penetration testing and intrusion detection at major conferences around the U.S. and writes on the topics of web security, incident response management, and practical data handling techniques for intrusion detection events. He remains active in the Information Systems Security Association (ISSA), Information Systems Audit and Control Association.

Jason holds a Bachelor of Science degree from the University of Florida.

---

Cheng Tang, Senior Consultant
CISSP, ISACA/CISM

Cheng Tang is a network security consultant with SystemExperts™ Corporation. In his work over the past twenty years with academic, government, and commercial clients, Cheng Tang has honed his technical and program management skills across the entire security discipline. With his professional emphasis on very-large scale information systems security and software engineering, he played significant parts in critical programs including: one of the most technologically advanced Authentication and Encryption initiatives in the financial services industry, a roles-based access security model and verification system in academia, compartmentalized security at the Program Executive Office of Cruise Missiles and Unmanned Aerial Vehicles for the U.S. Navy, the Digital Personnel Records Imaging System-Electronic Military Personnel Records System, also for the U.S. Navy, and software engineering requirements and performance for the U.S. Army's STRICOM Close Combat Tactical Trainer.

Cheng has conducted over 100 security assessments from network profiling and white hat testing, to physical site inspections. He has also served as temporary CIO and CSO at several prominent companies. A keen advocate of standards-based security and policy, he has been involved with Sarbanes-Oxley, HIPAA, GLBA, and CoBIT.

Prior to joining SystemExperts™, Cheng was a Senior Security Engineer, Project Manager, and Assessor with SAIC and Global Integrity. In those roles, he had a wide variety of engineering and program responsibilities including risk analysis, firewalls, electronic commerce, PKI, tokens/smartcards, and development of security policy. Before SAIC, Cheng worked for Mobil Oil Corporation where he led projects involving mainframes, distributed databases, and secure transactions.

Cheng holds a Bachelor of Science degree in Computer Science from George Mason University, a Masters degree in Computer Science from the University of Virginia, and is currently completing his Ph.D. in Information Technology. He formally held a security clearance of Secret/DoD.

---

Keith Royster, Senior Consultant
CISSP, ISACA/CISM

Keith Royster is a senior network security consultant with SystemExperts™ Corporation based in Charlotte, North Carolina. With over fifteen years of career experience in consulting, government, e-commerce, brick and mortar retail, and the financial services industry, Keith is a seasoned security professional with deep technical and business risk knowledge of web application security, system and network security, fraud detection and prevention, and physical security. Keith has successfully lead numerous web application vulnerability assessments, fraud analysis, and technology audits.

Prior to joining SystemExperts™, Keith worked for Bank of America where he lead several high profile international technology audits, and performed in-depth manual penetration testing of flagship applications, including online banking and VOIP. As a senior member of the Application Vulnerability Assessment team, Keith provided ethical hacking training for other Information Security teams, and implemented an enterprise vulnerability risk scoring methodology for objectively ranking and targeting applications for vulnerability assessments. Prior to his work with application vulnerability assessments, Keith was a senior member of the international technology infrastructure audit team where he created custom scripts to automate the analysis of UNIX system baseline compliance, as well as providing code analysis and forensics for phishing, carding, and other fraud investigations.

Keith holds the Certified Information Systems Security Professional (CISSP) certification from the International Information Systems Security Certification Consortium (ISC)2, as well as the Certified Information Systems Auditor (CISA) certification from the Information Systems Audit and Control Association (ISACA). Keith is also a member of the Federal Bureau of Investigation's (FBI) InfraGard program, which was developed as an effort to gain support from the information technology industry and academia for the FBI's investigative efforts in the cyber arena.

Keith holds a Bachelor of Science degree from the University of Florida.

---

Denny Deaton, Senior Consultant

Denny Deaton is a senior network security consultant with SystemExperts™ Corporation based in Charlotte, North Carolina. With over nine years of career experience in consulting, software development, e-commerce, and the financial services industry, Denny is an experienced security professional with vast technical and business risk knowledge of web application security, source code analysis, system and network security, fraud detection and prevention, social networking, and physical security. Denny has successfully lead development teams, numerous web and network application vulnerability assessments, social networking reviews, and technology audits.

Prior to joining SystemExperts™, Denny worked for Verizon Business where he lead an array of security reviews, and performed in-depth manual penetration testing of prime applications, including online banking for Citibank Corporation. In addition to his work on the Citibank Vulnerability Assessment team, Denny was a senior member of the Verizon Business Professional Services consulting team where he performed network penetration testing, application vulnerability assessments, source code analysis and social engineering assessments. Prior to working in security, Denny was a lead software developer, primarily in the web space. He has extensive expertise in tiered web applications, databases and supporting infrastructure for enterprise-scale systems.

Denny holds a Bachelor of Science degree in Information Systems from the University of North Carolina at Wilmington.

---

John Rogers, Senior Consultant

John Rogers is a Senior Consultant with SystemExperts™ in Charlotte, North Carolina. John is a highly motivated information security professional with specialized experience in the financial services industry leading small teams and projects. His primary focus at SystemExperts™ is security penetration testing (both network and application), security architecture reviews, and compliance auditing. His past projects included risk assessments of critical infrastructure, security policy reviews of newly acquired companies, access control system design, compliance audit reviews and subsequent remediation projects. John is also recognized as an expert in Unix and Linux security, and has authored corporate security policy documents and engineering designs in that area.

John is the President of the Information Systems Security Association (ISSA) Charlotte-Metro Chapter, is a Certified Information Systems Security Professional (CISSP), and has authored IEEE-published work related to reliable and security computing.

Prior to joining SystemExperts™, John worked for Bank of America, where he was a Vice President and Information Security Specialist.

John holds a Bachelor of Science degree in Electrical Engineering from Purdue University with a concentration in computer networking and information security. He also holds a minor in Economics; focusing on the financial services industry.

---

Peter S. McLaughlin
Director, Business Development

Pete McLaughlin joined us from Accenture, where he was the North America Sales Director for its security practice. This is his second tour with SystemExperts.

Pete has helped organizations of all sizes identify solutions to their specific challenges and scope engagements that meet their unique needs. He sees himself as an extension of his clients' teams, prides himself on being easy to work with, and knows that responsiveness, thoroughness, and consistency are cornerstones of trusted relationships.

Pete's sales career started in the S/390 world at Amdahl Corporation where he was responsible for all new accounts in Georgia. From there, he opened the Northeast territory for angel backed start-up INSUREtrust, the first company globally to provide Electronic Information Error and Omissions Insurance Policies (Breach of Security Insurance) combined with security risk assessments.

Pete lives in New Hampshire, has three boys including identical twins. He was drafted by the National Hockey League's Pittsburgh Penguins, won the 41st annual Beanpot, and toiled in the minor leagues for the Detroit Vipers and Baton Rouge King Fish.

Pete has a BA in History from Harvard University.

---

Landon Curt Noll, Principal Project Consultant
ISACA/CISM, RHCE

Landon Curt Noll brings over 30 years of Internet, Unix and System security experience to the table. Among his several areas of specialization are security risk evaluation, Unix system and infrastructure hardening, Linux firewalls, security incident response, and cryptographic security. Landon's underlying philosophy of security is that it is an enabler.

Prior to joining SystemExperts™, Landon was the Principle Architect for Certive. Prior to that he spent five years with SGI in a variety of roles working consultatively with both SGI customers and SGI engineering teams. His SGI security responsibilities encompassed cryptography, PKI, Linux development, and networking.

Landon Curt Noll is the co-author of the SMail mail transport system and is the 'N' in the widely used FNV hash. He is also the founder and judge of the International Obfuscated C Code Contest. He was an active member of working group that developed the initial drafts of the IEEE POSIX P1003.1 and P1003.2 standards. He serves as a Co-operative Computing Award advisor to the Electronic Frontier Foundation and has been a key contributor to Usenet.

Landon has significant experience in Number Theory, Cryptography, and Cryptology including PKI design, secure protocol development, and key management. He is also co-inventor of lavarand: a method of cryptographically strong seeding pseudo-random number generators using chaotic systems. Landon has developed or co-developed several high speed computational methods. In addition to his publications, Landon has held or co-held 8 world records related to the discovery of large prime numbers.

Landon graduated from Linfield College with a B.A. in Math/Physics. He is a member of the American Mathematical Society. He is a Certified Information Security Manager (CISM) and is a certified Linux Engineer (RedHat Certified Engineer - RHCE).

---

Scott Thorne, Principal Project Consultant

Scott Thorne has an extensive background in Client Server development and is currently Information Architect for MIT and a network security consultant for SystemExperts™. At MIT he is responsible for organizing MIT's information so that it can be used and maintained in an efficient way. Scott is responsible for the design and development of MIT's data warehouse. He was also the designer of MIT's centralized authorization service which is a role based approach for fine grained access control in use across the Institute. He is a member of the Integration Team, a group of senior IT professionals that decides on software products, computing standards, and IT infrastructure for the Institute.

Scott's specialty is data architecture. He is well known for designing data structures to support the often conflicting goals of ease of operation and flexibility and ease of use of data query. At SystemExperts™, Scott has worked on projects for major financial institutions and leading network equipment manufacturers covering databases, datamarts, authorization services, ERP, content management, and data analysis and reduction.

---

Matt Uyboco, Principal Project Consultant

During his 6-year tenure with PeopleSoft, Inc., Matt Uyboco was responsible for security specific training and advising PeopleSoft end-users and business partners in HRMS, Financial/SCM, CRM, EPM, and Student Administration applications. He has extensive PeopleSoft 8 Technology experience and was a regular contributor to PeopleSoft's Security and Enterprise Portal training and workshop sessions. Matt has played a significant role in building SystemExperts™' PeopleSoft Applications Security services.

His expertise includes defining the scope of PeopleSoft security projects, rollout strategies, and supporting activities. He consistently has helped his clients achieve their business goals related to PeopleSoft utilization while doing so in a prudently secure manner. Additionally, he has been instrumental in helping clients understand the value of security to different audience groups such as executive sponsors, eBusiness managers, department heads, webmasters, technical IT staff, and developers. Matt also has performed numerous PeopleSoft Application Security reviews.

In addition to his PeopleSoft-specific knowledge, Matt has over 15 years of comprehensive experience in all aspects of information systems projects with various US government agencies. This includes IT security management, security policy implementation, risk management assessment and security awareness training. He also has held a Top Secret Clearance.

Matt attended California State University, Pomona where he earned a Master's Degree in Electronics Engineering and also minored in BioMedical Engineering.

---

Visit our blog