“At NETBankAudit, it is our associates that elevate us above the competition. We are a team of senior banking executives, auditors, regulators and engineers working together for our client’s benefit. Every audit firm has a great auditor or two but I am proud to say that at NETBankAudit, we only include associates of the highest quality. Below are the bios of NETBankAudit’s Associate Team.” Ken Barlow
Ken Barlow, CEO
Ken Barlow is an original founder of NETBankAudit. Ken’s career involved managing IT operations in financial industries, specializing in the development of custom system solutions and IT organizations for companies facing unique challenges including start-ups, mergers and turnarounds. Early in his career, Ken lead teams to develop the first online interactive financial system and first business graphics system for NASA HQ., and the Black Lung Benefit Payment System for the Labor Department. During late 1990’s he identified the need for quality information security and regulatory guidance for financial institutions facing an ever-increasing demand for information security and controls testing. Starting in 2000, he founded, developed and implemented the virtual business model utilized by NETBankAudit, allowing a “lower cost” in delivery of the highest quality of associates and services to meet the growing internal audit support needs of both regional and community-based financial institutions. Today, as CEO and Principal Owner, his responsibilities include overall management of NETBankAudit and focusing on the company’s strategic business development and financial management.
NETBankAudit Managing Partner
David Hart, CISA, CFE, CRISC
David Hart has served NETBankAudit in a leadership capacity and as a partner for over 10 years. During this time, the company has become a premier information technology and regulatory compliance audit and testing firm. This accomplishment is attributed to the ever-increasing demands of cybersecurity and compliance, coupled with the foresight and proactive adaptability of NETBankAudit. Currently, David oversees product and service delivery while being directly in charge of relationship management. He also maintains his Certified Information Systems Auditor (CISA), Certified Fraud Examiner (CFE), and Certified in Risk and Information Systems Control (CRISC) designations. Prior to joining NETBankAudit, David served as a bank examiner and internal auditor for the Federal Reserve for over 15 years. As a Senior Advisory Bank Examiner, David participated in and led numerous examinations of community banks, large financial institutions, and service provider data centers. He was also responsible for staff development, report review, and public policy. As a Senior Internal Auditor, David participated in and led several audits of the national Federal Reserve Information Technology (FRIT) function and U.S. Treasury systems. David is a distinguished graduate of the Virginia Military Institute. Additionally, he has attended numerous banking seminars and schools including graduate level work.
Cynthia Bonnette, CISA
Executive Director IS Audit and Assessment
Cindi has led the development of our methodology for the IT Audit and Information Security Risk Assessment Programs. Ms. Bonnette began her career in financial and information technology in 1988 with the Federal Deposit Insurance Corporation (FDIC). Her 13-year tenure at the FDIC included the positions of senior bank examiner, Emerging Technologies Specialist for the Division of Supervision, and Assistant Director of the Bank Technology Group where she authored regulatory guidance and advisories. Ms. Bonnette left the FDIC in 2001 to work directly with financial institutions as a consultant and IT auditor, including a three year term with a Phoenix, AZ-based technology consulting firm. Ms. Bonnette joined NETBankAudit in January 2004 and continues to serve as an expert in banking technology, author of several published articles, and frequent public speaker. She holds an MBA from Bentley College, Waltham, MA; a bachelor’s degree from Boston College; and is a graduate of The Stonier Graduate School of Banking at Delaware University. She is also a Certified Information Systems Auditor (CISA).
NETBankAudit Vice Presidents
Mike Ford, CISA, CISSP, MCSE
Executive Vice President of Audit Services
Mike Ford is a Certified Information Systems Auditor (CISA), a Certified Information Systems Security Professional (CISSP), a Microsoft Certified Systems Engineer NT 4.0 (MCSE), and a leading expert in information security for banks. Mike has over fifteen (15) years in Information Technology and Information Security and has experience in Audit, Risk Management, Compliance, Administration, Project Management, Policy Development, Incident Response, and Budgeting within the Community Banking and Health Care Industries. Prior to NETBankAudit, Mike was with the Federal Reserve Bank of Richmond as an Examiner – Information Technology and Operational Risk. Previous work experience includes First Market Bank, First North American National Bank, and the United Network for Organ Sharing. Mike has held the positions of Information Security Officer, Bank Security Officer, and IT Manager and has worked in the IT consulting field. Mike has a Master of Engineering in Systems Engineering from the University of Virginia where he also received his undergraduate degree and a Master of Business Administration from the University of Richmond. Mike is active with the Information Systems Audit and Compliance Association (ISACA), including serving on the Board of Directors of the Richmond Chapter and as Chapter President in 2008.
Mark Lohman, CISSP, CISA, CISM, CRISC, CDPSE, C|EH, MCITP
Executive Vice President/CIO
Mark is a security professional with over 20 years of experience in security, network design, and project management. As EVP/CIO he focuses on providing leadership for our vulnerability assessment, penetration testing, and social engineering offerings. All products focus on providing insight into the business risks faced by our clients and options for mitigation. Prior to NETBankAudit, he was a Network Engineering Consultant where he served customers in a variety of industries including financial services. He has a proven record implementing technology best practices resulting in increased uptime and reduced costs within the corporate and client infrastructures. Mr. Lohman is a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified Data Privacy Solutions Engineer (CDPSE), Certified Ethical Hacker (C|EH), and Microsoft Certified IT Professional, Enterprise Administrator in Server 2008 (MCITP). Additionally, he holds the Cloud specific certification Microsoft Certified: Azure Fundamentals. He holds a Bachelor of Business Administration from Strayer University and is a member of the International Information Systems Security Certification Consortium, Inc. (ISC)² and the Information Systems Audit and Control Association (ISACA).
Executive Vice President/COO
Mrs. Morrell is the Executive Vice President/COO for NETBankAudit and has over 10 years of experience in the information technology industry. As Executive Vice President/COO, Ms. Morrell manages human resource, engagement scheduling, payroll, accounts payable and receivable, and coordinates with the CFO office in vendor management and cash flow management and planning. She also manages our professional services automation system through NetSuite OpenAir. Ms. Morrell was instrumental in developing our current Employee Handbook and other administrative policies and procedures. Ms. Morrell graduated from George Mason University with a BS degree in Decision Sciences and Management Information Systems. She also holds a MS degree from Marymount University in Education.
Joanne Bennett, CAMS, CBA
Director of Compliance Services
Joanne Bennett has over 30 years of experience in banking, including operations, compliance and audit. Prior to joining NETBankAudit, Joanne held positions of BSA/AML Compliance Officer, Internal Control Consultant, Senior Retail Operations Manager, BSA Administrator, and Security Officer at various community banks. Joanne has experience in developing and maintaining all components of a strong BSA/AML Compliance Program and is successful in working with all levels of bank staff. She has developed program documentation and overseen implementations. Joanne’s experience also includes working closely with regulatory agencies to ensure sound examination results. Joanne is a Certified Anti-Money Laundering Specialist (CAMS) and a Certified Bank Auditor (CBA). Joanne is a member of the Association of Certified Anti-Money Laundering Specialists (ACAMS), and has served on the Compliance Committee of the Virginia Bankers’ Association. Joanne holds a Bachelor of Arts degree in Business with Specialization in Accounting from St. Leo University in Florida.
Harold B. Garrett, Jr., CPA, CIA, CISA
Director of Audit Services
Virginia Beach, VA
Ben is a Certified Public Accountant (CPA), Certified Internal Auditor, (CIA) and a Certified Information Systems Auditor (CISA). Ben has over twenty five years of experience in the financial service industry primarily serving in the role as the Chief Executive Audit Officer for community banks, mortgage and trust companies. In this role, he managed and performed all the elements of the bank’s risk management function that includes financial and operational internal audits, assessing information technology controls, and regulatory compliance.
Ben has experience in developing and performing risk based internal evaluations of financial, operational and information technology controls using the COSO Framework as well as applicable audit standards as set forth by the AICPA, PCAOB, IIA, ISACA and COBIT. He has also assisted many community banks in coordinating their FDICIA and Sarbanes-Oxley efforts. Additionally, Ben has extensive experience in directing internal investigations on the behalf of management and/or the board of directors for community banks as outlined by their corporate governance policies. He has also assisted with strategic planning; project management; BSA/ AML Program testing; vendor management responsibilities; and internal control development.
Ben has a B.B.A. in Accounting from James Madison University and a Master of Science in Management of Information Systems from the University of Virginia. Ben has also attended and participated in numerous banking, accounting, security, compliance, and information technology seminars and schools. Ben is active with the Institute of Internal Auditors- Tidewater IIA Chapter, Virginia Society of Certified Public Accountants, and Information Systems Audit and Control Association (ISACA). He was a member of the Virginia Banker Association- Compliance Committee, and served as a compliance instructor. Ben also served on a sub-committee on the Bankers’ Affinity Group, to assist community bankers in obtain continuing education opportunities on current banking topics.
Jeff Harden, CISA
Director of Audit Services and Model Assurance
Jeff Harden is a Certified Information Systems Auditor (CISA) with over 20 years of audit, supervisory, and financial services experience. Since joining NETBankAudit, he has led numerous audit and consulting engagements focusing on model validation, system optimization, information technology, risk management, BSA, and compliance. Jeff is instrumental in providing staff training while working directly with product development on many facets. Currently, he oversees our model validation services and works extensively as the lead developer on database automation. Prior to joining NETBankAudit, Jeff worked with the Federal Reserve Bank of Richmond and Virginia State Corporation Commission – Bureau of Financial Institutions as an Examiner. Areas of expertise include Information Technology, Bank Operations, BSA, Compliance, and Safety and Soundness (CAMELS). In addition to regulatory experience, Jeff also worked in community banking at both Bank of Virginia and Eastern Virginia Bankshares. Jeff has held the positions and roles of information security officer, bank security officer, network administrator, and operations specialist. Jeff has a Bachelors of Science from Virginia Commonwealth University.
Chris Poteat, CISA, CISM
Director of Audit Services
Chris Poteat is a Certified Information Systems Auditor (CISA) with over 16 years’ experience in information technology practices and information technology auditing. Prior to NETBankAudit, Chris worked with a regional accounting firm as a Senior IT Audit Manager. His client focus was financial institutions, healthcare companies, private industries, and government agencies in the Southeast. Chris also served as IT Manager at Deloitte and Touche. Over his well-established career, Chris has assisted numerous financial institutions with internal and external auditing needs including SAS 70/SSAE16 type reviews. He has also consulted on various IT related projects including but not limited to Information Security, Business Continuity, Vendor Management, and Regulatory Compliance. Further, Chris brings real world, hands-on knowledge to each job with prior experience in application development, system development lifecycle, and security administration. Chris has a B.S. in Accounting from the University of South Carolina.
Dennis Rowan, CISA
Director of Audit Services
Dennis Rowan is a Certified Information Systems Auditor (CISA) with over 30 years of experience in the execution of enterprise technology audits within large banking environments. Prior to joining NETBankAudit, Dennis led a team of Information Technology Auditors at Capital One. His audit experience includes retail & commercial bank applications, systems development & integration projects, IT governance, information security, network services, data center services, enterprise architecture, middleware, integrated production support, asset management, business continuity, and third party assurance programs. Dennis also has extensive experience with risk management, regulatory risks mitigation, Sarbanes Oxley compliance, PCI-DSS, and GLBA privacy related processes and requirements. Dennis is a member of the Information Systems Audit and Control Association (ISACA). Dennis holds a Bachelor of Science degree in Accounting from Ball State University.
Michael Young, CISA, CISSP, MCSE: Security
Director of Audit Services
Mount Juliet, TN
Mike is a Certified Information Systems Auditor (CISA), a Certified Information Systems Security Professional (CISSP), and a Microsoft Certified Systems Engineer with a focus on security (MCSE: Security). Mike has over 35 years of experience in Information Technology, with the last 20 focused on Information Security Management. In addition to his community banking IT audit and management credentials, his expertise lies in Security Management, Incident Response, Disaster Recovery, vulnerability assessment, GLBA, SOX, PCI, Microsoft Active Directory and group policy management and network infrastructure auditing. He is the former Director of Technology for a community bank in Florida and Information Security Engineer for a major US Airline. Mike has a MS in Management from Troy University and is a member of the International Information Systems Security Certification Consortium, Inc., (ISC)², and the Information Systems Audit and Control Association (ISACA).
Alan Alai, CISA, CDPSE
Senior IT Auditor
East Falmouth, MA
Alan Alai is a Certified Information Systems Auditor (CISA) and Certified Data Privacy Solutions Engineer (CDPSE) with 17+ years of experience in information technology practices and auditing. Alan has worked as a Senior IT Audit Manager for private industry and is a subject matter expert on internal controls for IT organizations and financial applications. As an accomplished corporate internal auditor, Alan has lead numerous audit engagements including overseeing identification and discovery of financial and HR systems, development and implementation of IT audit test strategies, and support of remediation plans and projects. Alan has experience in developing and performing audits using COBIT and COSO Frameworks to meet FFIEC and NCUA regulatory requirements. In addition, Alan has performed control assessments based on state-specific cybersecurity and data privacy requirements for financial institutions in New York and Massachusetts. In his role at NETBankAudit, Alan has evaluated FDICIA controls to meet Sarbanes-Oxley (SOX) standards. Alan experience includes IT security projects, Business Continuity Management (BCM), Disaster Recovery (DR) programs, and IT and Operational Risk Assessments. Alan has a B.S. in Biochemistry from California Polytechnic State University in San Luis Obispo and is a member of the Information Systems Audit and Control Association (ISACA).
Vince DeHart, CISA, CISSP, CRISC, CAP
Senior IT Auditor
Vince DeHart is a Certified Information Systems Auditor (CISA) with over ten years of experience in auditing. His background in information technology spans more than 20 years, including roles in management, security, support, and application development within the financial services, utilities, and government sectors. Vince has a Bachelor of Science degree in Finance from the University of Tennessee and developed a career interest in IT while working in a university data analysis department to pay for his education. His current certifications also include the Certified Information Systems Security Professional (CISSP), Certified in Risk and Information System Controls (CRISC), and Certified Authorization Professional (CAP) designations.
Robert Jenkins, CISA, CISSP
Robert is a Certified Information Systems Auditor (CISA) and Certified Information Systems Security Professional (CISSP) and has over 20 years of experience as an IT auditor and FRB bank examiner. Prior to NETBankAudit, Robert was an Information Systems Auditor with NetStandard Inc., Kansas City, KS where he provided IT audit services to banks, law firms, healthcare providers, and other organizations using ISACA/COBIT audit methodology. Robert provided network infrastructure security program design and assessment support involving the use of vulnerability scanning tools and the analysis of network infrastructure security and proposed and implemented security solutions. Robert also performed information security policy reviews, assisted with the development of information security programs, provided advice on regulatory compliance, and helped design business continuity and disaster recovery plans. Robert was a Bank Examiner with the Federal Reserve Bank of Kansas City, conducting bank IT examinations from 2002 to 2007. Prior to 2002, Robert conducted bank financial (Safety and Soundness) examinations for the FRB. Robert has a B.S. in Finance and Banking and a B.A. History from Missouri State University.
Richard Lee, CISA
Senior IT Auditor
Rick is a Certified Information Systems Auditor (CISA) with 17 years of audit experience. Prior to joining NETBankAudit, Rick worked for the Federal Home Loan Bank of Boston as a Senior Information Systems Auditor, conducting COBIT-based audits and performing SOX testing where applicable. He was also responsible for staff training, audit planning, and special projects. Areas of expertise include IT Governance, Project Management, Vendor Management, Business Continuity, and Information Security/Privacy. Additionally, Rick has financial auditing experience and holds a BA in Economics from the University of New Hampshire.
Heraa Mirza, CRCM
Heraa Mirza has over 8 years of experience in banking within the fields of Compliance, Operations, Security and Audit. Prior to joining NETBankAudit, she held positions in community banking with responsibilities for training, BSA/AML compliance, team management, and various marketing and sales initiatives. Heraa is a Certified Regulatory Compliance Manager (CRCM). Heraa has a Bachelor of Science degree from Salisbury University and master’s degree from Capella University. She is an active member of the Richmond Chapter of the BSA Coalition and participates in the industry groups including the Federal Reserve Bank of Richmond’s BSA Coalition Conference.
Glen Sexton, CISA, CRISC
Senior IT Auditor
Glen Sexton is a Certified Information Systems Auditor (CISA) and Certified in Risk and Information Systems Control (CRISC). Glen has over 20 years of experience in IT audits within the financial services, energy, and government sectors. Prior to joining NETBankAudit, Glen managed the audit process and client relationships for a national financial industry core processing service and software provider. He has experience managing and conducting complex infrastructure audits, integrated application audits, Information Technology General Controls (ITGCs) audits, continuous monitoring, and change activities (system development life cycle) reviews. Prior to private sector work, Glen was an IT Examiner for a State Bank Regulatory Agency. Glen participated and led numerous IT examinations of community banks, large financial institutions, third party information technology providers, and ATM transaction processors. Glen also has extensive experience with IT risk management, regulatory risks mitigation, Sarbanes Oxley compliance, PCI-DSS, HIPAA, AML, and GLBA privacy related control remediation and requirements. Glen is a member of the Information Systems Audit and Control Association (ISACA) Houston Chapter. He has previously served in multiple board level positions including Past President of the Illini Chapter. Glen holds a Bachelor of Science degree in Finance from Illinois State University.
Chris Shields, CISA, CISM, CGEIT, CRISC, CDPSE, CAP, SSCP
Senior IT Auditor
Chris Shields is a veteran with over 25 years of supporting operations and security compliance of Telecommunications and Information Technology with the Department of Defense, Intelligence Community, and Federal Agencies. Additionally, Chris served as an IT Security Consultant for various information systems projects. Chris is specialized in certification and testing of financial management systems, and has a variety of InfoSec and Cybersecurity Certifications to include the Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT), Certified in Risk and Information Systems Control (CRISC), Certified Data Privacy Solutions Engineer (CDPSE), Certified Authorization Professional (CAP) and Systems Security Certified Practitioner (SSCP) with additional compliance and quality assurance certifications. Chris holds a Bachelor of Science Degree in Computer Studies from the University of Maryland University College and is a member of the Information Systems Audit and Control Association (ISACA), International Information Systems Security Certification Consortium, Inc., (ISC)², Association of Certified Fraud Examiners (ACFE), InfraGard, and an IT Steering Committee member of the Cyber Finance Working Group.
Mike Siraj, CISA, CPA, CRMA
Senior IT Auditor
Mike Siraj is a Certified Information System Auditor (CISA), Certified Public Accountant (CPA) and a Certified Risk Management Auditor (CRMA). Mike has over 25 years of experience developing and managing Internal Audit Departments. His diverse banking experience includes Information Technology, Operational, Compliance, and Enterprise Risk Management audits. Prior to joining NetBankAudit and for over 12 years, Mike served as the Chief Audit Executive for a $6.4 billion financial institution that maintained over 700 branches in 17 states. Mike has always been passionate about innovations and cutting-edge tools and techniques to enhance the Internal Audit experience. He has served as President of Information System Audit and Control Association (ISACA – Houston Chapter) and is a frequent public speaker. He is also a member of Texas Society of Certified Public Accountants and Institute of Internal Auditors (IIA). Mike holds a Bachelor of Science degree in Accounting from Texas Tech University.
Tim Anderson is an IT professional with over 10 years of experience in support, training, and testing. Prior to joining NETBankAudit, Tim worked with a community bank where he was the main IT Support Representative responsible for desktop support and network administration. His technical proficiencies include virtual environments, Windows desktop and server administration, and Office applications. Tim has an Associates of Science Degree from Richard Bland College and is currently pursuing his Bachelor’s Degree from Florida Institute of Technology.
Matthew Gregory, CISSP
Systems Security Engineer
Matt Gregory is a Certified Information Systems Security Professional (CISSP) with over 20 years of experience in telecommunications services and network infrastructure. His telecommunications background includes WAN, MPLS, VoIP, wireless, and traditional analog networks. He is able to effectively utilize his diverse background and assist customers working with various carriers. Matt has a Master of Science in Information Systems Network Security from Strayer University, a Bachelor of Business Administration in Finance from Christopher Newport University, and is Certified Telecommunications Network Specialist (CTNS).
Deno Plumley, CISSP
Systems Security Engineer
Deno Plumley is a Certified Information Systems Security Professional (CISSP) with over 20 years of experience. Deno has been providing outsourced support services for small to medium sized businesses acting as the CIO. Most recently he held the position of Director of Technology at a private school. Deno has performed system design, project management, and accreditation/commissioning testing in Information, Voice Communications, IP Surveillance, Structured Cabling, and Physical Security Systems. His technical proficiencies include virtual environments, voice communication systems, Windows desktop and server administration, Barracuda configurations, Google for Business configurations including remote hardware configuration and lockdown. Throughout his career, Deno has received certifications in the following areas: Microsoft systems, fiber optics, IP voice communications, IP video, and has also held a registration in ES Technical and ES Sales with the Department of Criminal Justice.
Joseph Spoolstra, CISSP
Senior Systems Security Engineer
Joseph Spoolstra is a Certified Information Systems Security Professional (CISSP) with over 10 years of experience serving the financial services industry. In addition to performing technical testing, Joseph provides information technology services and consultation to the financial community. Joseph has been instrumental in building and enhancing Information Technology Programs as he is very knowledgeable of Regulatory Compliance, Budgeting, Project Management, Disaster Recovery, Policy Updates, and Systems Maintenance. His technical proficiencies include Windows Desktop and Server Administration, Linux operating system environments, and Sonicwall configurations. Joseph holds a Bachelors of Science in Information Systems from Grand Valley State University.
Relationship Management Associates
Senior Relationship Management Officer
In her role as Senior Relationship Management Officer, Beth focuses on paving the way for successful engagements – both for the clients and for NETBankAudit. She is responsible for working with prospects and clients to understand their needs, propose the appropriate solutions to satisfy those needs, and educate them about how NETBankAudit will implement the proposed solution as well as how the engagement will flow. She joined NETBankAudit in 2004 and has worked with the banking and credit union industries for over 30 years in various capacities. She was formerly Sr. Account Manager-Lending System Sales for FiTECH Systems, a lending solutions provider as well as Sr. Applications Development Specialist and Manager – Lending Systems Customer Support for the same company. Ms. Nicolas graduated with honors from Appalachian State University in Boone, NC with a Bachelor’s degree in Sales and Marketing.
Synda Thomas has worked in the banking industry for twelve years with the majority of her tenure in community banks. Prior to joining NETBankAudit, Synda held positions in retail banking as a Branch Manager, Small Business and Consumer Loan Officer, Assistant Branch Manager, Relationship Banker and Teller. Synda’s operational experience includes working with the BSA compliance department of a Fortune 500 company as an Anti-Money Laundering Investigator. Synda’s goal as Relationship Manager is to foster loyal relationships with clients by engaging financial institution professionals to thoroughly understand their compliance needs. She strives to tailor well-informed solutions that lead to favorable engagements for the client and NETBankAudit.
Jamie Johnson has ten years of banking experience. Prior to joining NETBankAudit, Jamie held positions of vault teller, assistant manager, and relationship banker at various banking and credit union industries. Jamie also has customer service experience in scheduling, accounts payable, and office supervision. Jamie has a bachelor of science degree from Christopher Newport University.