• Services
  • Professionals

Compliance Advisory & Assurance

Key industry sectors continue to raise the cybersecurity bar for their members by developing increasingly more demanding standards and operational expectations. As the pernicious threat to organizations’ information security and the personal privacy of their customers continues to increase, and as societal impact and cost transitions – from the more benign criminal theft of intellectual property, personally identifiable information (PII) and protected health information (PHI), to far more potentially dangerous and costly destruction of industrial control systems of critical national infrastructure – Ankura expects to see compliance regimes become strengthened and penalties rendered more punitive. We anticipate that compliance audits will become tougher and post-event fines more demonstrative and draconian. Understanding organizational cybersecurity compliance should be the concern of Chief Compliance Officers, Chief Risk Officers, General Counsel, Internal Audit and members of Board Audit, Risk and Compliance Committees – especially for regulations that both require personally-signed certification of compliance and that could trigger cybersecurity Directors and Officers (D&O) liability.

Ankura’s cybersecurity and data governance professionals provide expert independent assessments of clients’ compliance with, and audit readiness for many of the most pervasive standards and regulations in key industries, as well as practical, no-nonsense roadmaps toward compliance validation and certification:

  • 23 NYCRR Part 500 (New York State Financial Services Regulation)
  • HIPAA Security & Privacy, and OCR Audit Readiness
  • PCI-DSS Audit Readiness
  • ISO 27001
  • GDPR and Sovereign Personal Data Privacy Regulations

Michelle DiGruttolo

Senior Managing Director

Ankura Consulting Group

1220 19th Street, NW, Suite 700 Washington, DC 20036
michelle.digruttolo@ankuraconsulting.com
Main: +1.202.797.1111
Mobile: +1.571.225.9312

Education

MA, National Security, Institute of World Politics (expected 2017)
MBA, University of Virginia (Darden School of Business)
MA, Political Science, University of North Carolina (Chapel Hill)
BS, International Relations, Florida State University

Affiliations

Armed Forces Communications and Electronics Association (AFCEA)
Association of Former Intelligence Officers (AFIO)
Intelligence and National Security Alliance (INSA)
Office of Strategic Services Society (OSSS)
National Military Intelligence Association (NMIA)
Foreign Area Officers Association (FAOA)
Disabled American Veterans (DAV)

Languages

Spanish (fluent)
French (conversational)

Download vCard

Michelle DiGruttolo is a Senior Managing Director at Ankura Consulting Group based in Washington, DC. She brings more than 23 years of experience in geopolitical threat analysis and national security. Ms. DiGruttolo leads the geopolitical advisory practice. She leverages her analytical tradecraft to help firms navigate the complex nuances of frontier and emerging markets in Africa, Asia, Latin America and the Middle East, and identify risks and opportunities in those regions.

Ms. DiGruttolo, an Army veteran and former White House Intelligence Briefer, has over 2 decades of experience identifying geopolitical risks and providing guidance and intelligence to executive decision makers. Her past experience includes working as a Strategic Planner for Lockheed Martin’s Information Systems & Global Solutions segment and 22 years of service in the U.S. Army, retiring as a Lieutenant Colonel.

Prior to joining Ankura, from November 2012 to May 2014, Ms. DiGruttolo served as Division Chief in the U.S. Defense Intelligence Agency in Charlottesville, Virginia where she directed the analysis and production of strategic and operational intelligence for senior defense executives and decision makers.

From January through November 2012, Ms. DiGruttolo served in the Office of the Director of U.S. National Intelligence as the White House daily intelligence briefer for President Barack Obama. In this role, she produced and personally delivered daily national security intelligence updates to the President and former White House Chief of Staff Jack Lew. She traveled with the President to provide intelligence support and produce current intelligence updates on the road. Ms. DiGruttolo served as Executive Coordinator of the President’s Daily Intelligence Brief (PDB), responsible for daily interagency coordination, production, and presentation of the PDB to the President’s National Security Staff and his Cabinet-level Advisors. Ms. DiGruttolo served as Branch Chief at the Pentagon in 2010-2011, where she supervised the production and dissemination of the Chairman of the Joint Chiefs of Staff’s Daily Intelligence Briefing. She delivered over 1,000 intelligence reports on behalf of the Joint Staff Director of Intelligence for presentation to the Chairman of the Joint Chiefs of Staff.

In her military career, Ms. DiGruttolo held various intelligence roles of vital importance to national security. In her capacity as a strategic intelligence officer, she developed subject matter expertise in a number of areas that include counternarcotics, counterterrorism, counterinsurgency, and counter threat finance.

Ms. DiGruttolo received a Masters in Business Administration from the University of Virginia Darden School of Business in 2016. She received a Masters in Political Science from the University of North Carolina-Chapel Hill in 2012. She received her commission in 1992 from Florida State University as a Distinguished Military Graduate. Initially commissioned as a tactical intelligence officer, she cross-trained as a Latin America Foreign Area Officer and later became a Strategic Intelligence Officer. Her overseas assignments included tours in Panama, Venezuela, El Salvador, South Korea, Iraq, and Afghanistan where she served as a watch officer, intelligence analyst, attaché, collection manager, commander, executive officer, and operations officer.

View PDF

Gary Wingo

Senior Managing Director

Ankura Consulting Group

1220 19th Street NW, Suite 700, Washington, DC 20036
gary.wingo@ankuraconsulting.com
Main: +1.202.721.0939
Mobile: +1.202.360.0010

Education

MS, Management, Massachusetts Institute of Technology
BS, Engineering, US Military Academy at West Point

Certifications

Certified Fraud Examiner
Certified Professional Engineer
Certified Internal Controls Auditor

Affiliations

Association of Certified Fraud Examiners
American Society of Civil Engineers
National Society of Professional Engineers

Languages

French

Download vCard

Gary Wingo is a Senior Managing Director at Ankura Consulting Group based in Washington, DC. He has over 30 years of experience in the application of quantitative analysis to business problems, resolutions of mass tort settlements, and other legal matters. Mr. Wingo is the practice leader in the claims audit area and has assisted in the design, startup and operation of claims settlement facilities.

Mr. Wingo was instrumental in the startup and ongoing claims processing activities for both the General Motors ignition switch matter as well as the Volkswagen emissions settlement. In this capacity, the claims review involved both engineering and financial expertise. Mr. Wingo also provided support in the development of claims processing protocols and valuation methodologies for claims arising from the BP oil spill.

Mr. Wingo has served as a financial advisor for many large mass tort trusts, as well as provided claims auditing services. He has developed methodologies for forecasting future cash flows of the trusts to ensure equity of treatment to claimants over time. This work involves insurance coverage modeling, as well as the overall balancing of assets and liabilities. The claims audit practice involves the review of both personal injury exposure data and medical records. The medical portion involves the supervision of physicians – both pulmonologists and pathologists.

Mr. Wingo has testified in an insurance arbitration, a trademark case, and before the Virginia State Legislature regarding a tax matter. He has supported numerous legal matters in a support mode, employing advanced analytical techniques and in some cases, geospatial modeling. As a Fraud Examiner, Mr. Wingo has participated in several cases that required tracing and tracking assets in cases involving divorce, mortgage, and massive corporate fraud.

Among his business-related project work, Mr. Wingo developed a market research practice at KPMG Peat Marwick, LLP that involved the design, development, and analysis of research studies for both nonprofit firms and corporations. The practice developed the firm’s first large-scale sales forecasting model for companies within the consumer markets arena. These clients included Mobil Oil Corporation, the Smithsonian Institution, US Postal Service, Carvel Ice Cream, and DuPont.

Over the course of his corporate operating career, Mr. Wingo has been a corporate planner for two major oil companies, an executive in a Fortune 30 IT distributor, and a president/CIO of an internet technology company.

Mr. Wingo was awarded a Master of Science in Management from the Sloan School of Management at the Massachusetts Institute of Technology. He also received a Bachelor of Science in Mechanical Engineering from the US Military Academy at West Point. He is a member of the Association of Certified Fraud Examiners, American Society of Civil Engineers, and the National Society of Professional Engineers.

View PDF

Pascale C. Siegel

Managing Director

Ankura Consulting Group

1220 19th Street NW, Suite 700, Washington, DC 20036
pascale.siegel@ankuraconsulting.com
Mobile: +1.571.594.6453

Education

ABD Political Science, Université des Sciences Sociales, Toulouse, France
MA, Security Studies, Université des Sciences Sociales, Toulouse, France
BA, Political Science, Institut D’Etudes Politiques, Toulouse, France
BA, History, Université des Sciences Humaines, Toulouse, France
AA, Journalism, Institut Universitaire de Technologie, Tours, France

Affiliations

Women In International Security
Global Association of Risk Professional
Association of Old Crows

Languages

French (fluent)
Spanish (working knowledge)

Download vCard

Pascale C. Siegel is a Managing Director at Ankura Consulting Group based in Washington, DC. She brings 20 years of experience in international affairs analysis specializing in socio-political and cross-cultural communications issues. Ms. Siegel joins the Geopolitical Advisory Practice where she helps firms untangle international challenges to evaluate threats, risks, and identify new opportunities.

Ms. Siegel’s professional experience includes:

  • Lead a DHS public-private partnership program designed to find ways to foster cross-pollination between the public and private sector in support of counter-terrorism communications efforts.
  • Participated in, developed, and led strategic simulations to help clients weigh options and chart the optimal course of action in response to complex security challenges. Topics have included: terrorism and transnational criminal networks, regional stability, Brexit, Libya, Syria, extremist ideologies, the Pope, and the resurgence of nationalisms.
  • Led the qualitative analysis of political, security, economic, social, and communications issues in Afghanistan and Iraq to enhance clients’ situational awareness. In support of this effort, she designed research instruments and analyzed the results of individual and focus groups interviews.
  • Developed a field and web-based monitoring system of Iraqi Sunni insurgent propaganda and provided analysis of the material collected to deepen client’s understanding of the threats.
  • Co-authored two strategic communications campaign concepts designed to counter hostile propaganda in the Middle East and in Afghanistan. One called “Divide and Prosper” sought to turn the target audience into stakeholders and increase buy-in for counter-terrorism efforts throughout the Middle East. The other project “Countering the Taliban Narrative” sought to undermine popular support and tolerance and promote the work of the Afghan National Government.
  • Drew NATO information activities and civil-military relations for the Bosnia lessons learned program. She identified lessons and provided recommendations to improve effectiveness that resulted in changes to NATO and U.S. military doctrines.

Ms. Siegel is ABD in political science from the University of Social Sciences in Toulouse, France. She also holds a MA in security studies from the same university. Her undergraduate studies focused on political science, history, and journalism (France).

View PDF

Luke Tenery

Senior Managing Director

Ankura Consulting Group

1 North Wacker Drive, Suite 1950, Chicago, IL 60606
luke.tenery@ankuraconsulting.com
Main: +1.312.252.9514
Mobile: +1.224.277.4147

Education

BS, Information Systems Management, David Lipscomb University

Certifications

Certified Information Systems Security Professional (CISSP)
Certified Information Systems Manager (CISM)
Global Information and Assurance Certified (GIAC) Penetration Tester (GPEN)
Network Plus Engineer (N+)

Affiliations

International Information Systems Security Certification Consortium (ISC2)
Information System Security Association (ISSA)
Information Systems Audit and Control Association (ISACA)
Association of Information Technology Professionals (AITP)

Download vCard

Luke Tenery is a Senior Managing Director and the Cybersecurity Practice Leader at Ankura Consulting Group, located in the Chicago, IL office. He has more than 15 years of experience in handling complex cyber issues covering investigations and forensics, data privacy and security, and security management. Mr. Tenery has an extensive background in leading cyber incident response and investigations into a wide array of active and emergent cybersecurity threats while leveraging industry best practices and relevant threat intelligence capabilities. He also has extensive experience in applying cybersecurity risk management leadership in threat and incident management, cybersecurity operations, security policy development, and IT project management and implementation, among others.

Prior to joining Ankura, Mr. Tenery served at a global risk management and investigations firm where he most recently rose to deputy cyber practice leader, as well as leading another cyber practice group covering incident response. He was regularly called upon to mitigate complex computer intrusion and breach matters through investigation and to devise strategies to contain and eradicate threats in client networks and systems. Mr. Tenery was also responsible for aligning and developing practice capabilities and offerings to respond to and mitigate current and emergent cyber risks and threats.

In addition to his deep leadership experience in cyber incident response and investigations, Mr. Tenery led many significant matters covering cyber risk management and information security management. Among several achieved industry leading certifications, Mr. Tenery is a certified network penetration tester where he was regularly engaged to ethically compromise the security of client systems and simulate attacker computer intrusion activities. Further, he proactively assisted clients in incident and breach preparedness exercises such as table top exercises and specialized security awareness training. Mr. Tenery regularly applied information security leadership functions for his clients, conducting risk assessments, compliance and security standard reviews (PCI-DSS, ISO, NIST, GLBA, FFIEC), GAP analyses, and security policy development, among others.

Some of the more notable information risk management engagements included threat identification and compromise assessments highlighting active or previously unidentified computer intrusions or threat actors on client systems. In his prior role, Mr. Tenery developed the primary methodologies and delivery capabilities for the execution of these compromise assessments on a global basis.

Through his experience, Mr. Tenery has been privileged to manage a variety of highly sensitive cybersecurity risks associated with a myriad of threats. Some of his more notable engagements include the following:

  • Persistent Threat Investigation – A global company had been compromised by a foreign attacker. Mr. Tenery identified the tactics, techniques and procedures (TTPs) that the attacker used to ex-filtrate data and quantify what data was exposed. Mr. Tenery also identified the indicators of compromise (IOCs) so the client could continue its containment efforts to lockout the attacker.
  • Organized Crime Attack – FIN4 Bio-Pharma – Mr. Tenery identified the organized crime group FIN4 in a bio-pharma’s Cloud environment. The attacker was successfully identified and removed while also determining what data was affected.
  • Payment Card Incidents – While previously certified as a QSA, Mr. Tenery was regularly sought out on a privileged basis to assist clients in responding to payment card breach matters by identifying various payment card information theft methods including point of sale (POS) memory scraping malware and e-commerce system compromise. Mr. Tenery’s analyses would confirm the timeline of compromise and advise on containment strategy.
  • Global Risk Assessment and Intellectual Property Protection – Mr. Tenery assisted a global energy firm in assessing the risks of sending critical intellectual property (IP) out to third parties in developing countries. Following the risk assessment, he developed a security policy for protecting the IP and then conducted global audits of the vendors receiving the IP to ensure compliance with the IP protection security policy.
  • Targeted Destructive Cyber Attacks – Mr. Tenery has responded to a wide array of targeted cyber-attacks including ransomware and cyber extortion. He has assisted firms in containing malware and ransomware incidents by confirming the damage, assisting in the recovery, and mitigating the infection.
  • Data Breach Analysis – Mr. Tenery has assisted in the quantification of a variety of data breach exposures. He assisted a firm that had a secure file transfer site containing patient information exposed to the Internet. He assisted in confirming what information was accessed and crawled by public search engines.
  • White Collar Intellectual Property Theft – Mr. Tenery assisted a global engineering firm in investigating the theft of source code. Mr. Tenery conducted forensics on digital evidence to identify the transference of the source code to removable media by third party contractors.
  • Root Cause Analysis – Mr. Tenery has investigated the cause and source of systems outages including denial service attacks and failures of critical IT infrastructure devices.
  • Third-Party Unauthorized Access – Mr. Tenery has been regularly engaged to audit and assess the impact of access by third parties to client systems as a result of government inquiry, threat intelligence or contract disputes.

View PDF

William Bray

Managing Director

Ankura Consulting Group

1220 19th Street NW, Suite 700, Washington, DC 20036
william.bray@ankuraconsulting.com
Main: +1.571.245.5862
Mobile: +1.571.594.6453

Education

MS, National Resource Strategy, National Defense University
MS, Strategic Intelligence, National Intelligence University
BS, United States Naval Academy

Affiliations

National Military Intelligence Association
Naval Intelligence Professionals

Honors & Awards

2012 National Military Intelligence Association Vice Admiral Rufus L. Taylor Award for Leadership
1998 Proceedings magazine Author of the Year

Languages

Spanish (novice)
Italian (novice)

Download vCard

William Bray is a Managing Director at Ankura Consulting Group based in Washington, DC. He brings more than 25 years of experience in geopolitical threat analysis and national security. Mr. Bray is the research director for the geopolitical advisory practice. He leverages his leadership experience, analytical tradecraft expertise, and years of overseas service to ensure firms receive incisive, objective analysis on risks and opportunities in emerging markets.

Mr. Bray, a Navy veteran who retired as a Captain, has over 25 years of experience in the U.S. Intelligence Community, primarily in military and geopolitical risk analysis and production, and senior executive level support.

Prior to joining Ankura, from 2014 Mr. Bray served as a Chief of Naval Operations Strategic Studies Fellow in Newport, Rhode Island where he was part of a small, select group responsible to the Chief of the Navy for forecasting the operational and strategic environment the Navy will face in 2030 and beyond.  From 2012 to 2014 Mr. Bray lived in Italy and served as the Navy’s Senior Intelligence Officer in Europe, leading a large team of professionals responsible for geopolitical analysis of Europe, Russia, Eurasia, the Levant countries, and North and Sub-Saharan Africa.

From 2010 to 2012, Mr. Bray was in charge of the Navy’s largest Intelligence Center with over 500 full-time professionals. Mr. Bray’s Center provided expert global maritime and geopolitical threat analysis to senior National Security leaders across the government.  From 2009-2010 Mr. Bray served as a Senior Military Fellow to the Director of U.S. National Intelligence where he led a comprehensive study of U.S. foreign intelligence sharing policy.

From 2007 to 2009, Mr. Bray served as a division chief in the Pentagon where he supervised the production and dissemination of the Chairman of the Joint Chiefs of Staff’s Daily Intelligence Briefing. He also supervised the Chairman’s 24-hour Intelligence Watch. Mr. Bray delivered over 2,000 intelligence reports on behalf of the Joint Staff Director of Intelligence to the Chairman of the Joint Chiefs of Staff, the Secretary of Defense, the National Security Advisor, and the Secretary of State.

In his military career, Mr. Bray has served in numerous intelligence roles of vital importance to national security.  He has developed subject matter expertise in a number of areas to include Russian maritime and strategic forces, Levant and East African geopolitics, counterterrorism, counterproliferation, and counternarcotics.  He has lived in both Italy and the United Kingdom, and has served in the Philippines, South Korea, Japan, Bahrain, the United Arab Emirates, Oman, Djibouti and Kenya.

Mr. Bray received a Masters in National Resource Strategy from the National Defense University in 2007, where he was a distinguished graduate. He received a Masters in Strategic intelligence from the National Intelligence University in 1993, where he was also a distinguished graduate.  Mr. Bray received his commission in 1988 from the United States Naval Academy where he majored in Political Science.

View PDF

Prashant Lamba

Managing Director

Ankura Consulting Group

1220 19th Street NW, Suite 700, Washington DC 20036
prashant.lamba@ankuraconsulting.com
Main: +1.301.785.1093
Mobile: +1.301.785.1093

Education

MBA, Darden Graduate School of Business Administration
M.Eng. in Computer Engineering, University of Maryland College Park
B.Eng. in Electronics and Telecommunications, Pune University, India

Languages

Hindi

Download vCard

Prashant Lamba is a Managing Director at Ankura Consulting Group based in Washington, DC. Mr. Lamba has 14 years of success in program management, product engineering, consulting, strategy and technology. He has extensive experience in building and leading large cross-functional teams globally to define product strategies, build roadmaps and deliver systems. He is skilled in assessing, conceptualizing, developing, and implementing complex systems, and partnering with business leaders, clients and vendors.

Mr. Lamba led the Product Strategy and Management teams for a healthcare-billing product at Oracle. At Oracle, he defined and launched a new product line into healthcare vertical, in which he analyzed the customers’ needs and the competitive landscape and drove the product development. He worked very closely with the professional services; marketing and sales teams, to develop a go-to-market strategy.

Prior to his work at Oracle, Mr. Lamba worked with Sapient Nitro providing consulting services to retail and telecommunication clients. In this role, he led the strategy and implementation of various e-commerce, analytics fulfillment and Machine-to-Machine projects for fortune 500 clients. He also has strong experience in the field of predictive analytics – Recommendation engine, Clustering and Classification. He has helped clients to get meaningful insights from their massive unstructured data.

Mr. Lamba is a seasoned entrepreneur and has started entrepreneurial ventures in the e-commerce space – establishing a localized e-commerce solution (prodzer.com) for the fragmented Indian retail market. He grew this venture within two cities, boarding almost 250 vendors and achieved 100% month-month vendor growth rate.

Mr. Lamba received a Master of Business Administration (MBA) Degree from the Darden School Of Business, University of Virginia, a Master of Engineering from University of Maryland, College Park and a Bachelor of Engineering Degree in Electronics & Telecommunication from Pune University, India.

View PDF

Duane Lohn

Senior Managing Director

Ankura Consulting Group

14747 North Northsight Boulevard, Suite 111-125, Scottsdale, AZ 85260
duane.lohn@ankuraconsulting.com
Mobile: +1.602.321.9818

Education

BS, Business Administration, University of Phoenix
AAS Marketing, Austin College

Affiliations

Brokerslink Global Brokerage Network
URMIA – University Risk Management Insurance Association
International Association of Emergency Managers
Association of Finance Professionals
Risk & Insurance Management Society
Disaster Recovery Institute International (DRII)

Download vCard

Duane Lohn is a Senior Managing Director at Ankura Consulting Group, based in Phoenix, AZ. He has extensive experience in business continuity planning, continuity of operations, information technology/disaster recovery, emergency and crisis management, cyber and information security, and the related technology solutions across numerous industry sectors. Mr. Lohn has led large global engagements for large multi-national organizations and companies. He participated and led engagements in key industry sectors including local, state, federal, non-profits, higher education institutions, oil & gas, healthcare, retail and manufacturing.

Mr. Lohn’s professional experience includes:

  • Global Business Continuity Program Roll Out – led a global team in the roll out of HiltonAlert. A mobile app to manage emergency, crisis management and BCP at Hilton’s 4,700 locations in 101 countries.
  • Global Publically Traded Insurance Company ($7.2 Billion) – Led and participated in the rapid Assessment Diagnostic for the IBM Enterprise Data Warehouse Assessment presentation for Senior Management. During this time Mr. Lohn led a team in Tabletop exercises at 4 major companies. He managed a team on global Business continuity implementation at all 52 companies. Additionally, he led disaster recovery and Information technology initiatives across all companies. Mr. Lohn participated in Data center selection for LATAM marketplace.
  • Major non-profit ($1 Billion) – implemented web-based BCP platform along with emergency and crisis management tools.
  • Large Global Retailer ($9 billion) – implemented BCP web-based incident and business continuity management tool. Conducted risk assessment of distribution center and headquarter office.
  • Global Fashion Company ($5 billion) – implemented a North American BCP program and conducted Senior Executive tabletop exercise.
  • State of Nevada – Led and participated in the implementation of www.nevadacontiuty.com to all agencies, counties (17) and cities statewide. This included McCarran International Airport, City of Las Vegas, Las Vegas Metropolitan Police Department and several tribal organizations as part of statewide program roll out. This was grant funded through the Department of Homeland Security.
  • Financial Institution – worked with team to conduct an information security assessment related to compliance and governance. Presented findings and recommendations to Senior Management and Board.
  • Brokerslink Global Desk – manage the global business desk for Ankura Consulting Group with Brokerslink.

Mr. Lohn has a Bachelor’s of Science Business Administration Degree from the University of Phoenix and an Associate Applied Science Marketing Degree from Austin College.

View PDF

Scott Corzine

Senior Managing Director

Ankura Consulting Group

750 Third Avenue, 28th Floor, New York, NY 10017
scott.corzine@ankuraconsulting.com
Mobile: +1.917.930.5300

Education

MBA (with Honors), International Marketing, Pace University in New York City
BS, Business Administration, University of North Carolina at Chapel Hill

Affiliations

Brokerslink

Download vCard

Scott Corzine is a Senior Managing Director at Ankura Consulting Group, located in the New York, NY office. He has extensive experience in providing operational risk and resilience services to a broad portfolio of private, public and education sector clients around their governance, risk and compliance initiatives and supporting their response to disruptions and crises. Mr. Corzine has conducted cybersecurity assessments, benchmarking and technical information security testing, and has delivered vulnerability remediation plans and long term InfoSec maturity roadmaps for global clients in multiple industry sectors.

Throughout his career, Mr. Corzine has conducted operational risk and business impact assessments, and has developed crisis management frameworks, recovery strategies, and business/operational continuity plans for public and private sector clients across the U.S. and other continents. Mr. Corzine has developed training curricula and led business recovery workshops for New York City and FEMA. He has conducted security and vulnerability assessments, developed comprehensive emergency management plans, and facilitated training and exercises for numerous education sector clients. Mr. Corzine was principal investigator on two research teams engaged by a unit of The National Academy of Sciences to study resilience issues in the U.S. airport sector and develop custom software to assist airports in developing their business continuity and emergency management plans.

Mr. Corzine’s professional experience includes:

  • Information Security Assessment for Asian Telecommunications Operator – Performed a detailed benchmarking and ISO 27001/2 assessment of the company’s information security posture and maturity for the Board Audit Committee.
  • Operational Resilience Regime for Multinational Insurance Underwriter – Developed business continuity, IT disaster recovery and emergency management plans for operating subsidiaries in five continents.
  • Airport Resilience Software for the Transportation Research Board of The National Academies – Served as Principal Investigator for two project teams that developed software to help U.S. airports develop business continuity and airport emergency plans.
  • Continuity of Operations Planning for the Federal Emergency Management Agency (FEMA) – Developed continuity of operations planning (COOP) curricula and facilitated business recovery workshops in FEMA Regions I, II and III, and for New York State Division of Homeland Security and Emergency Services.
  • Cyber Forensics Investigation – Conducted cyber forensic investigation around suspected misuse of telecommunications infrastructure for a global mining company.
  • Crisis Management Planning for Energy Producer – Reviewed, assessed and re-developed the corporate crisis management plan.
  • Physical and Logical Risk Assessments and Application Recovery Priority – Engaged by leading research university to conduct a physical and logical risk assessment and business impact assessment to help document and prioritize application recovery.
  • HIPAA Security Rule Assessments – Engaged by hospital systems, medical records system developers and law firms to assess compliance with HIPAA and preparedness for Health & Human Services (HHS) audits.
  • Business Continuity for Consumer Products Companies and Retailers – Global roll-out of operational risk assessments and business continuity management programs for multinational consumer products manufacturers and retailers.
  • Global Crisis Management Framework – Hired to develop and implement a model for managing crises across the properties of a leading hospitality provider – to identify, characterize, escalate and manage crisis events that threaten enterprise and brand value.
  • Operational Disruption to Heavy Manufacturing – Conducted operational disruption risk assessment and developed business continuity plans for manufacturer of heavy equipment.
  • Business Continuity in Pharmaceuticals, Biotech & Life Sciences – Developed living business continuity programs for leading pharmaceutical and biotech companies.
  • Crisis Management in Education – Assessed, developed and exercised emergency management and business continuity plans for numerous public and private universities and community colleges, and hundreds of large public school systems.
  • Continuity of Operations Planning (COOP) for Governments – Multi-year engagements to build COOP plans for entire state and local governments across their agencies, departments, and tribal areas.

View PDF

Gary Bahadur

Managing Director

Ankura Consulting Group

750 Third Avenue, 28th Floor, New York, NY 10017
gary.bahadur@ankuraconsluting.com
Main: +1.917.568.7917
Mobile: +1.917.568.7917

Education

BS, Finance and Information Systems, New York University Stern School of Business

Certifications

Certified Lead ISO Auditor
Certified Chief Information Security Officer by EC-Council.

Affiliations

ISACA
ISSA
EC Council

Download vCard

Gary Bahadur is a Managing Director at Ankura Consulting Group in the New York, NY office. Mr. Bahadur has over 20 years of experience in the information security and technology industry. He has led business development, corporate strategy development, client management, information systems development, and consultant management, participated in public speaking engagements, and conducted security consulting engagements for Fortune 1000 companies against NIST, ISO, COBIT, SOX, HIPAA and other standards.

Mr. Bahadur was recently a Senior director at FTI Consulting where he led the Cybersecurity risk management practice. He delivered risk and compliance engagements for global clients, developed assessment processes and was a frequent speaker on information security topics. He was also a Senior Vice President of Bank of America, where he redesigned the global threat management lifecycle strategy and risk forecasting strategy and was a catalyst for delivering risk mitigation strategies and solutions at the bank. He developed initiatives and programs to detect and mitigate threats occurring on a daily basis against the Bank of America operational footprint around the world and developed a new risk assessment framework to reduce overall InfoSec risk at Bank of America.

Mr. Bahadur was the cofounder and CIO of Foundstone, Inc., a $20M security vulnerability risk management firm. He led business development, corporate strategy development, client management, information systems development, and consultant management. He sold this company to McAfee (Intel) in 2004.

He has previously been the CEO of KRAA Security, a risk and compliance consulting company that was focused on information security and technology strategy development. He provided the information security and IT expertise that companies in multiple industry verticals required as they forged a new direction and roadmap around their cybersecurity concerns. Key services included strategy development, education and training, architecture analysis, vulnerability assessments, security lifecycle development, and policy and procedures development.

Mr. Bahadur was Manager at Ernst & Young, where he managed a variety of security audits and special service engagements with clients in the financial services, manufacturing, retailing and pharmaceuticals sectors. He developed over 15 security practices, practice aids, compliance frameworks and work programs and designed network security infrastructures and security interrogation processes. He helped develop and taught the “Extreme Hacking” course.

Mr. Bahadur is a frequent speaker at industry conferences and a prolific writer, publishing three books and a number of magazine articles on InfoSec topics. Mr. Bahadur’s recent information security conference speaking engagements have included: CIMA Information Security Executive Summit – “Supply Chain Risk Management”; Social Media Strategies Summit – “Social Media Legal Risks”; AML Fraud Conference, Florida – “Data Loss Prevention”; Institute of Internal Auditors – “Security Trends”; and Hacker Halted Conference – “Supplier Risk Assessments”.

Mr. Bahadur holds a BS in Finance and Information Systems from New York University Stern School of Business. Mr. Bahadur is a Certified Lead ISO Auditor and certified Chief Information Security Officer by EC-Council.

View PDF

Evan Wilson

Managing Director

Ankura Consulting Group

1220 19th Street NW, Suite 700, Washington DC 20036
evan.wilson@ankuraconsulting.com
Mobile: +33 06 02 05 78 59

Education

JD, American University, Washington College of Law
BA, Harvard College

Affiliations

Prince Georges County Bar Association
American Bar Association (Inactive)
Maryland Bar Association (Inactive)

Languages

Spanish (working written and speaking)
French (learning)

Download vCard

Evan Wilson is a Managing Director at Ankura Consulting Group associated with the Washington DC office. He has nearly a decade of experience in domestic and international law and policy, focusing on post-conflict peace negotiations, criminal law, and international commercial litigation. Mr. Wilson works with the Geopolitical Advisory Practice where he helps the firm untangle international challenges to evaluate threats and risks and to identify new opportunities.

Mr. Wilson’s professional experience includes:

  • Drafted proposed constitutional language for two southeast Asian states in post-conflict settings;
  • Worked on a legal team that helped secure a major settlement in a NAFTA Chapter 11 dispute;
  • Assisted foreign multi-national corporations with US regulatory and legal frameworks, including through litigation;
  • Assisted US firms with regulatory compliance in the US with the FDA, USDA and EPA regulations;
  • Worked on litigation teams in US Federal Court filing 42 U.S.C. § 1983 claims;
  • Served as co-editor of a legal publication focused on international human rights and humanitarian law;
  • Successfully litigated numerous criminal cases for indigent clients in local courts.

Mr. Wilson holds a BA in the history of science from Harvard College and a JD from the Washington College of Law.

View PDF

Ted Theisen

Senior Managing Director

Ankura Consulting Group

1220 19th Street NW, Suite 700, Washington DC 20036
theodore.theisen@ankuraconsulting.com
Mobile: +1.571.328.1531

Education

New Agent Training, FBI Academy – Quantico, Virginia, 2004
BS, Biology, University of Nebraska at Omaha

Certifications

Certified Radiological Worker 2, US Department of Energy, 2007-2010
FBI Hazardous Materials Response Team – investigated chemical, biological and radiological threats, 2005-2010
MCSE and MCP+I Certified, January 2000

Affiliations

Society of Former Special Agents of the FBI

Honors & Awards

US Attorney Award, District of Delaware – contributions to Internet Crimes Against Children, 2010
Dedicated service award for contributions to the Terrorist Screening Operations Unit (TSOU), 2008
Exemplary service award for achievements at National Joint Terrorism Task Force (NJTTF), 2006

Download vCard

Ted Theisen is a Senior Managing Director within the Cybersecurity Practice at Ankura Consulting Group, located in the Washington, DC office. He has more than 17 years of experience in information technology including designing information security programs, responding to complicated cyber incidents, and enhancing information security. Mr. Theisen has significant investigative experience leading numerous highly technical and complicated cyber incidents requiring the direction of multi-discipline and multi-national collaboration resulting in efficient and effective results.

Prior to joining Ankura, Mr. Theisen served as a Managing Director at an international litigation support firm where he developed and built a cyber-risk division including services such as incident response, risk assessments, as well as managed security services. He was directly responsible for overseeing all data breach matters and ensured a rapid response, adequate preservation of evidence, and ultimately identified the root cause of all breaches, as well as any exfiltrated, compromised, or exposed intellectual property.

In addition to his contributions in the private sector, Mr. Theisen also has notable government service. He served as a Special Agent in the Federal Bureau of Investigation where he investigated cyber related matters for the duration of his tenure, which included computer intrusions, cyber counterintelligence, and cyber counterterrorism matters. Mr. Theisen also served as the Branch Chief of Cyber Integrity for one year at the Executive Office of the President where he provided information risk management, information assurance, and eDiscovery leadership to The White House, Executive Residence, Office of the Vice President, and all other peripheral entities of the White House.

Notable Investigations that Mr. Theisen has conducted:

  • Cyber Extortion of a Scientific Company – A global company was threatened by an unknown subject with releasing intellectual property to the public unless a ransom was paid. Mr. Theisen lead a team of investigators to identify exposed data within the company, potential exfiltration vectors, and vulnerabilities that fostered unauthorized access
  • Cyber Domestic Terrorism Investigation – A US based food company was threatened by a domestic terrorism organization over the Internet. Mr. Theisen lead the investigation to successful attribution to the attacker and subsequent arrest
  • Insider Threat Investigation of a Financial Institution – A US based financial institution suspected escalation of privileges by a system administrator. Mr. Theisen was able to lead a team to surreptitiously identify unauthorized activity of the main subject of the investigation with minimal interruption to business functionality
  • Data Breach of Health Care Facility – A large US based health care system suffered a breach of Protected Health Information (PHI). Mr. Theisen lead the team to identify exposed data as well as the vector of compromise.
  • Amerithrax Investigation – Mr. Theisen served on a large team of special agents that responded to the residence of Dr. Bruce Ivans, as well as his laboratory at United States Army Medical Research Institute of Infectious Disease (USAMRIID) ensuring ample preservation of evidence in a volatile environment
  • Numerous Cyber Counterintelligence investigations in which the tradecraft and techniques of adversaries to the United States were identified
  • Several investigations associated with internet threats made to high ranking public officials in which rapid attribution of the attacker was necessary

View PDF

Tarek Marji

Tarek Marji

Managing Director

Ankura Consulting Group

750 Third Avenue, 28th Floor, New York, NY 10017
tarek.marji@ankuraconsulting.com
Main: +1.646.291.8559
Mobile: +1.917.232.2300

Education

BS, Computer Information Systems, Manhattan College – Bronx, NY

Certifications

Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
Certified in Risk and Information Systems Control (CRISC)

Affiliations

OWASP

Languages

Arabic

Download vCard

Tarek Marji is a Managing Director within the Cybersecurity Practice at Ankura Consulting Group, located in the New York office. He has more than 20 years of experience in information security including security operations, endpoint and network threat detection, incident response, risk management including vulnerability management & penetration testing, application security, and data analytics.

Prior to joining Ankura, Mr. Marji worked in various private sector companies including financial, cyber security, consulting food & beverages, and technology. Mr. Marji also architected, designed, deployed, configured, and managed advanced threat detection technologies in various global organizations on an enterprise level. He also provided training to professionals and students (e.g. at Pace University) and is an active contributor and volunteer within the information security community.

Mr. Marji’s professional experience includes:

  • Investigate and respond to sophisticated intrusions which affected more than one global organization, where the attackers utilized well-orchestrated stealthy techniques to persist by abusing existing infrastructure tools while leveraging covert channels to exfiltrate intellectual property without being detected. Mr. Marji identified the attackers based on patterns and behavior analytics successfully leading to the eradication of the threat, remediation of affected assets, and recovery of the affected ecosystem.
  • Payment card processing – PoS (point of sale) systems investigations for more than one firm where the attackers managed to install memory scraping malware that harvested credit card information. Mr. Marji successfully identified the malware and how the attackers harvested several user’s credentials using them to deploy the malware across all the PoS systems. Mr. Marji was also instrumental in identifying how that attacker collected the harvested credit card data manually using legitimate system administration tools and how they utilized remote access tools such as TeamViewer and LogmeIn to exfiltrate the harvested credit card data.
  • Several of the investigations performed dealt with ransomware issues, Fin4 targeted attacks, and successful targeted phishing campaigns. Attackers were successfully identified and removed while also determining what data was affected.
  • Investigate data breaches for large and small organizations because of the exploitation of a web application vulnerability such as SQL Injection, WordPress plugin vulnerabilities, ColdFusion vulnerabilities, and general web server misconfiguration commonly leading to backdoors (Web Shells). Mr. Marji identified the cause of the breach while providing technical recommendations on how to patch the vulnerabilities and client impact based on what data was exposed.
  • Deployment, configuration, tuning, and managing the Carbon Black Endpoint Threat Detection and Response enterprise solution in more than 20 companies, utilizing the tool effectively as part of the cybersecurity incident response.
  • Optimization of Carbon Black Endpoint Threat Detection and Response tool through the utilization of the Python programming language leveraging the REST API to manage functionality, triggers, and live response capabilities across thousands of systems
  • Organize, architect, and build the managed security service offering for a previous Cyber Security consulting practice utilizing the Carbon Black Endpoint Threat Detection and Response tool to monitor, detect, alert, and respond to anomalies and security incidents based on customized system and user behavior pattern triggers
  • Deployment and configuration of enterprise endpoint prevention tools such as Cylance Protect
  • Advanced analysis techniques and queries utilizing the Splunk Python SDK allowing incident responders to stream line and automate response runbooks as part of the evidence collection and analysis to efficiently and quickly eradicate and recover a Cybersecurity incident
  • Expertise in vulnerability management and performing enterprise level vulnerability assessments and penetration testing using several tools

View PDF