Overview
David is a Director with the CLA Cybersecurity group, with over 20 years of combined experience in cybersecurity, IT controls, enterprise risk management, internal audit and management consulting. He is a strategic thinker and problem solver who has helped financial institutions, manufacturers, government entities, higher education, and various other private businesses in setting strategies, reviewing and assessing: operations, governance and enterprise risk management practices, project and program management practices, cybersecurity programs and identifying process improvement opportunities.
Technical Experience
- Enterprise Risk Management
- Process Improvement
- Strategic Planning
- Organizational Transformation
- Cybersecurity Program Development
- Department of Defense (DFARs)
- Cybersecurity Compliance (CMMC)
- NIST Cybersecurity Framework
- NIST SP800-171
- CIS Controls
- GLBA and FFIEC Cybersecurity Frameworks
- IT General Controls
- IT Audit and Information Security
- SOC-1 and SOC-2
- Internal Audit
- Governmental Auditing
Education
- Bachelor of science in information systems from the University of Montana.
- Certified Information Security Auditor (CISA)
- Certified Internal Auditor (CIA)
In the community
- Information Systems Audit and Control Association
- The Institute of Internal Auditors