NETBankAudit Associates

“At NETBankAudit, it is our associates that elevate us above the competition.  We are a team of senior banking executives, auditors, regulators and engineers working together for our client’s benefit.  Every audit firm has a great auditor or two but I am proud to say that at NETBankAudit, we only include associates of the highest quality.  Below are the bios of NETBankAudit’s Associate Team.”  Ken Barlow

Ken Barlow, CEO
Principal Partner
Alexandria, VA


Mr. Barlow is co-founder of NETBankAudit and has over 30 years of experience managing IT operations in the real estate and banking industries, where he identified the need for quality information security and regulatory guidance. As President, Mr. Barlow’s responsibilities include day-to-day management of NETBankAudit and focusing on the company’s strategic business development and financial management. Starting in 2000, Mr. Barlow developed and implemented the virtual business model utilized by NETBankAudit, allowing a “lower cost” in delivery of the highest quality of associates and services to meet the growing internal audit support needs of both regional and community-based financial institutions.


NETBankAudit Managing Partner

David Hart, CISA, CFE, CRISC

Richmond, VA


David Hart, President, is a Certified Information Systems Auditor (CISA), Certified Fraud Examiner (CFE), and Certified in Risk and Information Systems Control (CRISC). As President, he is responsible for all product and service delivery. His emphasis is on developing and providing practical, risk-focused solutions. These solutions typically involve technically complex undertakings and/or strenuous regulatory matters. According to Mr. Hart, the key is developing a win-win scenario for all parties involved. The specific needs of each institution must be met effectively and efficiently. Prior to joining NETBankAudit, David served as a bank examiner and internal auditor for the Federal Reserve for over 15 years. As a Senior Advisory Bank Examiner, David participated and led numerous examinations of community banks, large financial institutions, and service provider data centers. He was also responsible for staff development, report review, and public policy. As a Senior Internal Auditor, David participated and led several audits of the national Federal Reserve Information Technology (FRIT) function and U.S. Treasury systems. Mr. Hart is a distinguished graduate of the Virginia Military Institute. Additionally, he has attended numerous banking seminars and schools including graduate level work.

 NETBankAudit Partner

Cynthia Bonnette, CISA
Executive Director IS Audit and Assessment

Arlington, VA


Cindi has led the development of our methodology for the IT Audit and Information Security Risk Assessment Programs. Ms. Bonnette began her career in financial and information technology in 1988 with the Federal Deposit Insurance Corporation (FDIC). Her 13-year tenure at the FDIC included the positions of senior bank examiner, Emerging Technologies Specialist for the Division of Supervision, and Assistant Director of the Bank Technology Group where she authored regulatory guidance and advisories. Ms. Bonnette left the FDIC in 2001 to work directly with financial institutions as a consultant and IT auditor, including a three year term with a Phoenix, AZ-based technology consulting firm. Ms. Bonnette joined NETBankAudit in January 2004 and continues to serve as an expert in banking technology, author of several published articles, and frequent public speaker. She holds an MBA from Bentley College, Waltham, MA; a bachelor’s degree from Boston College; and is a graduate of The Stonier Graduate School of Banking at Delaware University. She is also a Certified Information Systems Auditor (CISA).

NETBankAudit Vice Presidents

Executive Vice President of Audit Services
Richmond, VA


Mike Ford is a Certified Information Systems Auditor (CISA), a Certified Information Systems Security Professional (CISSP), a Microsoft Certified Systems Engineer NT 4.0 (MCSE), and a leading expert in information security for banks. Mike has over ten (10) years in Information Technology and Information Security and has experience in Administration, Compliance, Audit, Risk Management, Project Management, Policy Development, Incident Response, and Budgeting within the Community Banking and Health Care Industries. Prior to NETBankAudit, Mike was with the Federal Reserve Bank of Richmond as an Examiner – Information Technology and Operational Risk. Previous work experience includes First Market Bank, First North American National Bank, and the United Network for Organ Sharing.  Mike has held the positions of Information Security Officer, Bank Security Officer, and IT Manager and has worked in the IT consulting field.  Mike has a Master of Engineering in Systems Engineering from the University of Virginia where he also received his undergraduate degree and a Master of Business Administration from University of Richmond.  Mike is active with the Information Systems Audit and Compliance Association (ISACA), including serving on the Board of Directors of the Richmond Chapter and as Chapter President in 2008.

Vice President/CIO
Richmond, VA


Mark is a security professional with over 18 years of experience in security, network design, and project management.  As Director of Engineering and Technical Assessments he focuses on providing leadership for our vulnerability assessment, penetration testing, and social engineering offerings.  All products focus on providing insight into the business risks faced by our clients.  Prior to NETBankAudit, he was a Network Engineering Consultant where he served customers in a variety of industries including financial services. He has a proven record implementing technology best practices resulting in increased uptime and reduced costs within the corporate and client infrastructures. Mr. Lohman is a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified Ethical Hacker (C|EH), and Microsoft Certified IT Professional, Enterprise Administrator in Server 2008 (MCITP). He holds a Bachelor of Business Administration from Strayer University and is a member of the International Information Systems Security Certification Consortium, Inc. (ISC)² and the Information Systems Audit and Control Association (ISACA).

Melissa Morrell
Executive Vice President/COO
Alexandria, VA


Mrs. Morrell is the Executive Vice President/COO for NETBankAudit and has over 10 years of experience in the information technology industry. As Executive Vice President/COO, Ms. Morrell manages human resource, engagement scheduling, payroll, accounts payable and receivable, and coordinates with the CFO office in vendor management and cash flow management and planning. She also manages our virtual client portal function using Microsoft SharePoint services. Ms. Morrell was instrumental in developing our current Employee Handbook and other administrative policies and procedures. Ms. Morrell graduated from George Mason University with a BS degree in Decision Sciences and Management Information Systems. She also holds a MS degree from Marymount University in Education.


Joanne Bennett, CAMS, CBA
Director of Compliance Services
Chester, VA

Joanne Bennett has over 30 years of experience in banking, including operations, compliance and audit. Prior to joining NETBankAudit, Joanne held positions of BSA/AML Compliance Officer, Internal Control Consultant, Senior Retail Operations Manager, BSA Administrator, and Security Officer at various community banks. Joanne has experience in developing and maintaining all components of a strong BSA/AML Compliance Program and is successful in working with all levels of bank staff. She has developed program documentation and overseen implementations. Joanne’s experience also includes working closely with regulatory agencies to ensure sound examination results. Joanne is a Certified Anti-Money Laundering Specialist (CAMS) and a Certified Bank Auditor (CBA).  Joanne is a member of the Association of Certified Anti-Money Laundering Specialists (ACAMS), and has served on the Compliance Committee of the Virginia Bankers’ Association. Joanne holds a Bachelor of Arts degree in Business with Specialization in Accounting from St. Leo University in Florida.

Jeff Harden, CISA
Director of Audit Services
Richmond, VA


Jeff Harden is a Certified Information Systems Auditor (CISA) with over 10 years of Regulatory and Banking experience. Prior to joining NETBankAudit, Jeff worked with the Federal Reserve Bank of Richmond and Virginia State Corporation Commission – Bureau of Financial Institutions as an Examiner. Areas of expertise include Information Technology, Bank Operations, Compliance, and Safety and Soundness. In addition to regulatory experience, Jeff also worked in community banking at both Bank of Virginia and Eastern Virginia Bankshares. Jeff has held the positions and roles of information security officer, bank security officer, network administrator, and operations specialist. Jeff has a Bachelors of Science from Virginia Commonwealth University.

Chris Poteat, CISA, CISM
Director of Audit Services
Simpsonville, SC


Chris Poteat is a Certified Information Systems Auditor (CISA) with over 16 years’ experience in information technology practices and information technology auditing. Prior to NETBankAudit, Chris worked with a regional accounting firm as a Senior IT Audit Manager. His client focus was financial institutions, healthcare companies, private industries, and government agencies in the Southeast. Chris also served as IT Manager at Deloitte and Touche. Over his well-established career, Chris has assisted numerous financial institutions with internal and external auditing needs including SAS 70/SSAE16 type reviews.  He has also consulted on various IT related projects including but not limited to Information Security, Business Continuity, Vendor Management, and Regulatory Compliance. Further, Chris brings real world, hands-on knowledge to each job with prior experience in application development, system development lifecycle, and security administration. Chris has a B.S. in Accounting from the University of South Carolina.

Dennis Rowan, CISA
Director of Audit Services
Richmond, VA


Dennis Rowan is a Certified Information Systems Auditor (CISA) with over 30 years of experience in the execution of enterprise technology audits within large banking environments. Prior to joining NETBankAudit, Dennis led a team of Information Technology Auditors at Capital One. His audit experience includes retail & commercial bank applications, systems development & integration projects, IT governance, information security, network services, data center services, enterprise architecture, middleware, integrated production support, asset management, business continuity, and third party assurance programs. Dennis also has extensive experience with risk management, regulatory risks mitigation, Sarbanes Oxley compliance, PCI-DSS, and GLBA privacy related processes and requirements. Dennis is a member of the Information Systems Audit and Control Association (ISACA). Dennis holds a Bachelor of Science degree in Accounting from Ball State University.

Michael Young, CISA, CISSP, MCSE: Security
Director of Audit Services
Mount Juliet, TN


Mike is a Certified Information Systems Auditor (CISA), a Certified Information Systems Security Professional (CISSP) and a Microsoft Certified Systems Engineer with a focus on security (MCSE: Security).  Mike has over 30 years of experience in Information Technology, with the last 16 focused on Information Security Management.  In addition to his community banking IT audit and management credentials, his expertise lies in Security Management, Incident Response, Disaster Recovery, vulnerability assessment, GLBA, SOX, PCI, Microsoft Active Directory and group policy management and network infrastructure auditing.  He is the former Director of Technology for a community bank in Florida and Information Security Engineer for a major US Airline.  Mike has a MS in Management from Troy University, is a Certified Novell Engineer (CNE) and is a member of the International Information Systems Security Certification Consortium, Inc., (ISC)², and the Information Systems Audit and Control Association (ISACA).

Auditing Associates

Alan Alai CISA
Senior IT Auditor
East Falmouth, MA


Alan Alai is a Certified Information Systems Auditor (CISA) with 10+ years of experience in information technology practices and auditing. Alan has worked as a Senior IT Audit Manager for private industry and is a subject matter expert on internal controls for IT organizations and financial applications. As an accomplished corporate internal auditor, Alan has lead numerous audit engagements including overseeing identification and discovery of financial and HR system, development and implementation of IT audit test strategies, and support of remediation plans and projects. Alan experience includes IT security projects, business continuity/disaster recovery (BC/DR) programs, and IT risk assessments. Alan has a B.S. in Biochemistry from California Polytechnic State University in San Luis Obispo and is a member of the Information Systems Audit and Control Association (ISACA).

Senior IT Auditor
Knoxville, TN


Vince DeHart is a Certified Information Systems Auditor (CISA) with over ten years of experience in auditing. His background in information technology spans more than 20 years, including roles in management, security, support, and application development within the financial services, utilities, and government sectors. Vince has a Bachelor of Science degree in Finance from the University of Tennessee and developed a career interest in IT while working in a university data analysis department to pay for his education. His current certifications also include the Certified Information Systems Security Professional (CISSP), Certified in Risk and Information System Controls (CRISC), and Certified Authorization Professional (CAP) designations.

Harold B. Garrett, Jr., CPA, CIA, CISA
Senior Internal Auditor
Virginia Beach, VA


Ben is a Certified Public Accountant (CPA), Certified Internal Auditor, (CIA) and a Certified Information Systems Auditor (CISA). Ben has over twenty five years of experience in the financial service industry primarily serving in the role as the Chief Executive Audit Officer for community banks, mortgage and trust companies. In this role, he managed and performed all the elements of the bank’s risk management function that includes financial and operational internal audits, assessing information technology controls, and regulatory compliance.

Ben has experience in developing and performing risk based internal evaluations of financial, operational and information technology controls using the COSO Framework as well as applicable audit standards as set forth by the AICPA, PCAOB, IIA, ISACA and COBIT. He has also assisted many community banks in coordinating their FDICIA and Sarbanes-Oxley efforts. Additionally, Ben has extensive experience in directing internal investigations on the behalf of management and/or the board of directors for community banks as outlined by their corporate governance policies. He has also assisted with strategic planning; project management; BSA/ AML Program testing; vendor management responsibilities; and internal control development.

Ben has a B.B.A. in Accounting from James Madison University and a Master of Science in Management of Information Systems from the University of Virginia. Ben has also attended and participated in numerous banking, accounting, security, compliance, and information technology seminars and schools. Ben is active with the Institute of Internal Auditors- Tidewater IIA Chapter, Virginia Society of Certified Public Accountants, and Information Systems Audit and Control Association (ISACA). He was a member of the Virginia Banker Association- Compliance Committee, and served as a compliance instructor. Ben also served on a sub-committee on the Bankers’ Affinity Group, to assist community bankers in obtain continuing education opportunities on current banking topics.

Robert Jenkins, CISA, CISSP
Senior Auditor
Raleigh, NC


Robert is a Certified Information Systems Auditor (CISA) and Certified Information Systems Security Professional (CISSP) and has over 20 years of experience as an IT auditor and FRB bank examiner.  Prior to NETBankAudit, Robert was an Information Systems Auditor with NetStandard Inc.,  Kansas City, KS where he provided IT audit services to banks, law firms, healthcare providers, and other organizations using ISACA/COBIT audit methodology. Robert provided network infrastructure security program design and assessment support involving the use of vulnerability scanning tools and the analysis of network infrastructure security and proposed and implemented security solutions.  Robert also performed information security policy reviews, assisted with the development of information security programs, provided advice on regulatory compliance, and helped design business continuity and disaster recovery plans.  Robert was a Bank Examiner with the Federal Reserve Bank of Kansas City, conducting bank IT examinations from 2002 to 2007.  Prior to 2002, Robert conducted bank financial (Safety and Soundness) examinations for the FRB.  Robert has a B.S. in Finance and Banking and a B.A. History from Missouri State University.

Richard Lee, CISA
Senior IT Auditor
Salisbury, MD


Rick is a Certified Information Systems Auditor (CISA) with 17 years of audit experience.  Prior to joining NETBankAudit, Rick worked for the Federal Home Loan Bank of Boston as a Senior Information Systems Auditor, conducting COBIT-based audits and performing SOX testing where applicable.  He was also responsible for staff training, audit planning, and special projects.  Areas of expertise include IT Governance, Project Management, Vendor Management, Business Continuity, and Information Security/Privacy.  Additionally, Rick has financial auditing experience and holds a BA in Economics from the University of New Hampshire.

Heraa Mirza
Associate Auditor
Glen Allen, VA


Heraa Mirza is experienced as a banker and auditor within the fields of IT, Security, and Compliance. Prior to joining NETBankAudit, Heraa has held positions in community banking with responsibilities for training, BSA/AML compliance, and various marketing and sales initiatives. Heraa has a bachelor of science degree and master’s degree from Capella University, and is active in the industry groups including the Federal Reserve Bank of Richmond’s BSA Coalition Conference.

Glen Sexton, CISA, CRISC
Senior IT Auditor
Houston, TX


Glen Sexton is a Certified Information Systems Auditor (CISA) and Certified in Risk and Information Systems Control (CRISC). Glen has over 20 years of experience in IT audits within the financial services, energy, and government sectors. Prior to joining NETBankAudit, Glen managed the audit process and client relationships for a national financial industry core processing service and software provider. He has experience managing and conducting complex infrastructure audits, integrated application audits, Information Technology General Controls (ITGCs) audits, continuous monitoring, and change activities (system development life cycle) reviews. Prior to private sector work, Glen was an IT Examiner for a State Bank Regulatory Agency. Glen participated and led numerous IT examinations of community banks, large financial institutions, third party information technology providers, and ATM transaction processors. Glen also has extensive experience with IT risk management, regulatory risks mitigation, Sarbanes Oxley compliance, PCI-DSS, HIPAA, AML, and GLBA privacy related control remediation and requirements. Glen is a member of the Information Systems Audit and Control Association (ISACA) Houston Chapter. He has previously served in multiple board level positions including Past President of the Illini Chapter. Glen holds a Bachelor of Science degree in Finance from Illinois State University.

Senior IT Auditor
Waldorf, MD

SHIELDS,ChriseditedChris Shields has over 25 years as a veteran supporting Telecommunications and Information Technology (IT) security compliance with the Department of Defense, Intelligence Community, and Federal Agencies. Chris is specialized in certification and testing of financial management systems, and has a variety of IT Security certifications to include the Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT), Certified in Risk and Information Systems Control (CRISC), Certified Authorization Professional (CAP) and Systems Security Certified Practitioner (SSCP) with additional compliance and quality assurance certifications. Chris holds a BS in Computer Studies from the University of Maryland University College and is a member of the Information Systems Audit and Control Association (ISACA), International Information Systems Security Certification Consortium, Inc., (ISC)², Certified Federal IT Security Professionals and Information Systems Security Association (ISSA)

Engineer Associates

Matthew Gregory, CISSP
Systems Security Engineer
Goochland, VA


Matt Gregory is a Certified Information Systems Security Professional (CISSP) with over 17 years of experience in telecommunications services and network infrastructure.  His telecommunications background includes WAN, MPLS, VoIP, wireless, and traditional analog networks.  He is able to effectively utilize his diverse background and assist customers working with various carriers.  Matt has a Master of Science in Information Systems Network Security from Strayer University, a Bachelor of Business Administration in Finance from Christopher Newport University, and is Certified Telecommunications Network Specialist (CTNS).

Deno Plumley, CISSP
Systems Security Engineer
Willamsburg, VA


Deno Plumley is a Certified Information Systems Security Professional (CISSP) with over 20 years of experience. Deno has been providing outsourced support services for small to medium sized businesses acting as the CIO. Most recently he held the position of Director of Technology at a private school. Deno has performed system design, project management, and accreditation/commissioning testing in Information, Voice Communications, IP Surveillance, Structured Cabling, and Physical Security Systems. His technical proficiencies include virtual environments, voice communication systems, Windows desktop and server administration, Barracuda configurations, Google for Business configurations including remote hardware configuration and lockdown. Throughout his career, Deno has received certifications in the following areas: Microsoft systems, fiber optics, IP voice communications, IP video, and has also held a registration in ES Technical and ES Sales with the Department of Criminal Justice.

Joseph Spoolstra, CISSP
Systems Security Engineer
Hudsonville, MI


Joseph Spoolstra is a Certified Information Systems Security Professional (CISSP) with over 10 years of experience serving the financial services industry. In addition to performing technical testing, Joseph provides information technology services and consultation to the financial community. Joseph has been instrumental in building and enhancing Information Technology Programs as he is very knowledgeable of Regulatory Compliance, Budgeting, Project Management, Disaster Recovery, Policy Updates, and Systems Maintenance. His technical proficiencies include Windows Desktop and Server Administration, Linux operating system environments, and Sonicwall configurations. Joseph holds a Bachelors of Science in Information Systems from Grand Valley State University.

Relationship Management Associates


Beth Nicolas
Senior Relationship Management Officer
Raleigh, NC


In her role as Senior Relationship Management Officer, Beth focuses on paving the way for successful engagements – both for the clients and for NETBankAudit. She is responsible for working with prospects and clients to understand their needs, propose the appropriate solutions to satisfy those needs, and educate them about how NETBankAudit will implement the proposed solution as well as how the engagement will flow. She joined NETBankAudit in 2004 and has worked with the banking and credit union industries for over 30 years in various capacities. She was formerly Sr. Account Manager-Lending System Sales for FiTECH Systems, a lending solutions provider as well as Sr. Applications Development Specialist and Manager – Lending Systems Customer Support for the same company. Ms. Nicolas graduated with honors from Appalachian State University in Boone, NC with a Bachelor’s degree in Sales and Marketing.

Synda Thomas
Relationship Management
Richmond, VA


Synda Thomas has worked in the banking industry for twelve years with the majority of her tenure in community banks. Prior to joining NETBankAudit, Synda held positions in retail banking as a Branch Manager, Small Business and Consumer Loan Officer, Assistant Branch Manager, Relationship Banker and Teller. Synda’s operational experience includes working with the BSA compliance department of a Fortune 500 company as an Anti-Money Laundering Investigator. Synda’s goal as Relationship Manager is to foster loyal relationships with clients by engaging financial institution professionals to thoroughly understand their compliance needs. She strives to tailor well-informed solutions that lead to favorable engagements for the client and NETBankAudit.

Jamie Tidwell
Relationship Management
Richmond, VA



Jamie Tidwell has ten years of banking experience. Prior to joining NETBankAudit, Jamie held positions of vault teller, assistant manager, and relationship banker at various banking and credit union industries. Jamie also has customer service experience in scheduling, accounts payable, and office supervision. Jamie has a bachelor of science degree from Christopher Newport University.