We have been very active in the Americas since the opening of the USA Chapter in September 2016.
CREST Americas is represented and managed by the Americas Council comprising elected member representatives. The Chair of the Americas Council, Tom Brennan, also represents the region on our International Council.
CREST Americas offers programs across six core cyber security stakeholder communities:
• Government
• Regulators
• Buying community
• Service suppliers
• Training and academia
• Professional bodies
It exists to build capability, capacity, consistency and community in the industry working with governments, regulators, buyers and suppliers at home and abroad to develop and support internationally recognized schemes. These goals help to enhance cyber resiliency and open up markets for our member companies in the Americas and opportunities for qualified individuals.
We have a global viewpoint, and our strategy has been to arm the global cybersecurity industry with the skills, knowledge and competency to address what is truly an international threat.
We offer a full range of disciplines to the American market:
• Penetration Testing
• Incident Response
• Threat Intelligence
• Security Operations Centres
Members of the Americas Council were elected in December 2021. They will serve for three years at which point, to ensure continuity, half will retire by rotation by mutual agreement and be eligible for re-election for a further three-year term if they so wish. The other half will retire by rotation the following year. Tom Brennan, the Americas Council Chair, is a co-opted and independent member of the council as permitted in the Americas Council Terms of Reference.
The serving Americas Council Members are listed below in alphabetical order. Hold your cursor over each for more information.
[Portfolio: Penetration Testing]
Kyle is a business professional with over 10 years experience working in financial institutions before transitioning into cybersecurity. He served in various roles including project management, account management, and various other roles. In his current role, Kyle is an account manager with Triaxiom Security and manages the end-to-end process across a vast portfolio of clients requiring Kyle to stay abreast of all things cyber security in order to ensure all client requirements are met. Kyle continues to remain involved in the cyber security community evidenced by his recent election into the Americas Council.
Since April 2022 Neil has been the Head of North American Operations at Pen Test Partners (PTP).
He has a degree in computing, 35 years industry experience with 20 years’ of which is in the penetration testing and the wider cyber security sector. In April 2010 he became one of the original partners when PTP were founded.
His background as a navigating officer in the merchant navy has given him a keen interest in the cyber security challenges within maritime along with the wider smart transportation sectors of automotive, aviation and rail. He is particularly interested in the regulation of the smart transportation sector including the emerging technologies of Generative Artificial Intelligence (Gen AI).
He has first hand experience in the delivery of CREST regulated projects such as CBEST, GBEST and CSTAR. He looks forward to working with the wider CREST community in promoting the benefits of CREST regulation within the north American market.
Tom Brennan, a proud veteran of the United States Marine Corps, exemplifies leadership and expertise in the cybersecurity field. As the Chair of the CREST Americas Council and a Director of our US LLC, he plays a pivotal role in enhancing cybersecurity standards and practices across the Americas and beyond. In his capacity as the Chief Information Officer at Mandelbaum Barrett PC, a prominent law firm, and as a Partner at Proactive Risk, a niche advisory firm in New Jersey, Tom applies his extensive cybersecurity knowledge to protect critical infrastructure. His commitment to the open source community is also notable, demonstrated by over a decade of influential service on the OWASP Foundation’s Board of Directors, managing multiple projects and leading the New York City chapter. Furthermore, Tom’s tenure as the Technical Director for Safecode underscores his vast technical and leadership skills in cybersecurity.
[Portfolio: Research]
Nick is a Director in Protiviti’s Global Attack Penetration Testing practice, where he focuses on assisting organizations in proactively identifying vulnerabilities and risks through targeted technical testing including network penetration tests, application security assessments, cloud security assessments, and red team/adversary simulation activities. Prior to his current role, Nick was a penetration tester and red teamer and led the execution of hundreds of engagements for organizations in the financial services, healthcare, and technology industries. Nick is passionate about offensive security research and knowledge sharing and has presented at multiple security and audit conferences, including BSides and PancakesCon on topics ranging from securing IoT devices to collecting and leveraging previously breached credentials for a more robust penetration testing methodology.
[Portfolio: Regulators]
Mike has worked in IT for almost 30 years and has worked strictly in security for the last 16 years. Currently, Pivot Point Security’s Security Assessment Practice Manager, performing penetration tests against networks, applications, and IoT devices, across physical and cloud environments. With a wide breadth of experience across a wide range of industries, Mike has helped hundreds of companies understand their current security posture and assisted them in formulating a remediation plan and overall security roadmap. Mike is passionate about information security, learning how things work, and sharing his knowledge with others.
[Portfolio: Industry Buyer Group]
Rocco is a Managing Director with Alvarez Marsal and leads the firm’s Global Cyber Risk and Incident Response Services practice. He has been a trusted partner of multiple government agencies, including the FBI and the US Secret Service, where his cyber expertise was instrumental in investigating and resolving a variety of cyber-based crimes. He has advised clients on some of the most complex cybersecurity initiatives and coordinated incident response efforts for some of the largest security breaches over the last 14 years. Prior to joining AM, Rocco held leadership positions at professional services organizations including Stroz Friedberg/Aon Cyber Solutions, where he served as the Global Leader of the firm’s cybersecurity services. Prior to Aon Cyber Solutions, Rocco was a founding member of Protiviti’s Cybersecurity Practice and led the development of the firm’s Global Incident Response and Forensics Investigations Practice. Rocco is an affiliate board advisor for the Retail Hospitality ISAC and has assisted with other thought leadership initiatives for the FS-ISAC; and assists in creating its annual Compromise Against Payments Systems (CAPS), the simulated industry cyberattack exercise.
[Portfolio: Intelligence-led Testing]
Grayson is the Director of Consulting and Professional Services for Trustwave Government Solutions. He has more than 20 years of experience in information security and digital technology, working as an Avionics Technician, Systems Administrator, Network Administrator, Security Systems Architect, Private Consultant, Incident Responder and Team Leader. Grayson works regularly with state, local and federal law enforcement teaching cyber security and digital forensics topics. Grayson is a former member of the International Association of Financial Crimes Investigators (IAFCI), the SANS Advisory Board and was previously a member of the Seattle and Los Angeles Electronic Crimes Task Force (ECTF). Grayson is a GCFA, CISSP and carries the CMMC-RP certification.
[Portfolio: Threat Intelligence and Academia]
Chris is the VP of Technical Services at Nettitude. He has also served as a CREST assessor since 2016 and has been a member of our Americas Council since 2021. Originally from a software development background, Chris moved to full-time cybersecurity in 2010. He specializes in an array of offensive security disciplines, such as penetration testing, and is experienced in building high performing security teams internationally. Today, Chris directs the Americas operation at Nettitude, with particular focus on ensuring technical excellence across all areas of service.
An experienced professional transitioning from a successful career in occupant protection engineering to technical community management, I blend technical expertise with exceptional communication and leadership skills. My unique background in ensuring the safety and effectiveness of critical civilian and military equipment now informs my approach to building and nurturing resilient, dynamic communities at CREST International.
Leveraging both private industry and the government sector experience in disciplines spanning, design & development, test & evaluation, contract management, and research and development, I foster engaging, collaborative environments where synergetic ideas thrive. My primary focus is on:
[Portfolio: Training & Academia]
Tony is CEO and founder of VerSprite.
Tony’s 25-year career in IT/InfoSec has led him to champion ‘true spirited’ security consulting. This is based on the observation that true security, although relative to each organization, is best managed via a risk-based approach where both an understanding of data usage and functional use cases are known in the context of viable threats scenarios and supportive attack vectors.
Tony is a co-author of Risk Centric Threat Modeling (Wiley 2015). Beyond VerSprite, Tony runs the OWASP Atlanta, GA Chapter and has been heavily involved in the OWASP global initiatives since 2008.
[Portfolio: Penetration Testing]
Paul is currently the Chief Operations Officer at Emagined Security and has more than 30 years’ experience in the field of network and information security management. Paul is experienced in both executive and technical management and an accomplished technically skilled consultant. Many technical services offered by the Emagined Security Consulting Services Division were created or adapted by Paul to ensure they meet and exceed client expectations. He is experienced with incident response, penetration testing services, security architecture and design, identification and authorization systems, security policies and procedures, security assessment services, certificate authorities, encryption, and Security Operations Centers. Paul has also served on several boards previously including the Colorado State OIT board and Emagined Security.
CREST Focus Groups help us to continually monitor best practice in Penetration Testing, Threat Intelligence, Incident Response, Intelligence-Led Testing and SOC. To see the relevant Focus Groups for Americas, please visit our Focus Groups page.