SystemExperts

Practical and effective IT security solutions

Founded in 1994, SystemExperts is a premier boutique provider of IT compliance and cyber security consulting services. We help clients see the big picture and design solutions to meet their comprehensive security needs. We are dedicated to providing unmatched personal attention, distilling problems to their root causes and recommending what’s appropriate for our clients. We have built our reputation on providing practical, effective IT security solutions for securing enterprise computing infrastructures.

We Focus on What’s Important

We distill problems to their root causes and help our clients see the big picture.

We Respect Our Clients

We build on our clients’ strengths and individually tailor our recommendations.

We Have No Junior Staff

The SystemExperts team is comprised solely of senior-level expert consultants.

We Play for the Long Term

We pride ourselves on earning long-term partnerships with our clients by providing unmatched personal attention.

We Are Independent

No vested interests, no outside investors, and no corporate owners. We’re here to serve our clients.

We Are Straightforward

We distill problems to their root causes and recommend practical advice to to resolve them.

We are dedicated to providing unmatched personal attention, distilling problems to their root causes, and recommending what’s appropriate for our clients.

The SystemExperts Difference

Business requirements drive security – not the other way around

Our methodology starts by focusing on our client’s business. We get to know how the systems, applications, and networks are used, the value and sensitivity of the information on them, and the client’s budget and time constraints before we even begin to make meaningful technical recommendations.

Easily consumable advice and reports – no long, overly complicated jargon

Our reports are brief and provide straight answers to the important questions, along with concrete prioritized recommendations. We challenge ourselves to produce findings and recommendations that are concise, easy to understand, and straightforward to implement.

Our methods are set up for success – without assigning blame or pointing fingers

Standard “Security Audits” generally focus on finding and cataloging symptoms, not causes, which leads to an adversarial relationship that can undermine rather than support problem resolution. All of our methodologies are structured to ensure that we work as a partner with our clients to solve problems.

We minimize the burden on our clients – avoiding wasted time and effort

Instead of spending valuable time and budget on updating obsolete documents or reviewing old processes, SystemExperts works hand-in-hand with our clients to obtain the most relevant, current information in the most efficient way possible.

Every dollar a client spends should produce results – not overwrought process

Our methodology produces insightful results quickly and economically. Consulting dollars are efficiently transformed into consulting findings and recommendations. We don’t spin our wheels or bill for unnecessary time.

Our full range of services

Security Testing

We assess your security program and security posture of each critical system, network, and application.

Learn More >

Compliance

Our risk-based approach identifies your most important assets and ensures you are compliant with all relevant regulations and frameworks.

Learn More >

Operational Services

Our consultants perform penetration testing, explore combinatorial exposures, and other problems that can create significant exploitable vulnerabilities.

Learn More >

Vendor Risk Management

We use rigorous methodologies to help you identify risks and close loopholes to give your clients peace of mind.

Learn More >

We challenge ourselves to produce findings and recommendations that are concise, easy to understand, and straightforward to implement.

Our Leadership Team

Jon Gossels

Jonathan G. Gossels, President & CEO
ISACA/CISM ISACA/CRISC

Jonathan is President & CEO of SystemExperts Corporation, a network security consulting firm specializing in IT security and compliance. Jonathan started the company in 1994. He plays an active, hands-on role advising clients in compliance, technology strategies, managing complex programs, and building effective security organizations. Jonathan brings a business focus to this multifaceted work balancing all technical initiatives with business requirements and impact.  
Read More...

Jonathan is frequently quoted on the emerging challenges, as well as best practices in information security in leading publications such as Computerworld, Information Week, CSO Magazine, Wall Street & Technology Magazine, and InfoWorld. He is also a regular contributor to SC Magazine, Information Security Magazine, and the ISSA Journal.

Prior to founding SystemExperts, Jonathan built the Consulting Services operation for OpenVision Technologies (now Veritas). Before that, he was the Director of Business Development and Business Area Manager of Interoperability for the Open Software Foundation (OSF). In that role, Jonathan initiated and led the Distributed Computing Environment (DCE) project from its inception through its three major releases.

Jonathan has served on the editorial Advisory Board of Information Security Magazine, as technical advisor to Dateline NBC, and has been a guest on CBS news radio.

Jonathan is a graduate of Yale University and MIT’s Sloan School of Management.

Brad C. Johnson, Vice President
ISACA/CISM, ISACA/CRISC, NSA/IAM

Brad Johnson is Vice President of SystemExperts Corporation and has been a leader of the company since 1995. He has participated in seminal industry initiatives including the Open Software Foundation (OSF), X/Open, the IETF, and has published many articles on open systems, Internet security, security architecture, ethical hacking and web application security.

Brad developed the signature methodologies underlying SystemExperts’ wide range of testing services. He also developed analytical approaches that enable our clients to use web application assessments, penetration testing, compliance audits, and architectural analysis to improve their effective level of security at the lowest possible cost.
Read More...

On a day to day basis, Brad continues to advise clients on all aspects of information security. That includes leading teams of application vulnerability testers, participating in compliance reviews, or taking charge of a client’s application development project that has gone off-the-rails.

Brad is frequently quoted in business and technical publications such as SC Magazine, Wall Street and Technology, ISSA Journal, Computerworld, and Dark Reading. He has also served as a technical advisor or contributor to Dateline NBC, Information Security Magazine, Internet World, ISSA, and CNN.

Prior to SystemExperts, Brad held senior technical software research and development positions at OSF, Digital Equipment Corporation, Data General, and Bell Laboratories. Brad holds a Bachelor of Arts degree in Computer Science from Rutgers University and a Master of Science degree in Applied Management from Lesley University.

Paul B. Hill, Senior Consultant

Paul Hill has worked with SystemExperts as a principal project consultant for more than twelve years assisting on a wide range of challenging projects across a variety of industries including higher education, legal, and financial services. He joined SystemExperts full time in March 2012 and coordinates the SMARTday practice.

Paul joined the IT Department of the Massachusetts Institute of Technology in 1991. During his tenure, he has played a leadership role in the evolution of identity services for the Institute and the industry as a whole. He is also recognized as one of the industry’s foremost experts in Microsoft technology.
Read More...

Paul was responsible for the evolution of MIT’s identity services. He led the project to design, deploy, maintain, and support MIT’s Shibboleth infrastructure. He also extended MIT’s central authorization management system, known as Roles. The support included consulting with business teams on campus, working with multiple teams to improve and enhance MIT’s LDAP system, and to improve and streamline the provisioning of new hires and new students.

Paul built and led the team responsible for the creation and development, initial deployment, and ongoing operations of MIT’s central Windows Active Directory domain. The domain was integrated into MIT’s existing identity services including the campus Kerberos infrastructure and centralized group management and campus DNS. The team worked extensively with Microsoft’s internal developers on Kerberos interoperability issues, and provisioning AD from external sources. The team was also involved in the evolution of the AFS client for Windows and created the first test suite for the AFS client on Windows. He also worked with many colleges and universities and the MIT Kerberos team to resolve cross-real interoperability issues.

Paul was also involved in the creation of the Kerberos Consortium, including the development of the initial business plan. He also played a leading role in the development of Internet2 specifications, including ongoing participation in the Middleware Architecture Committee for Education, particularly the MACE Privilege Management and Access working group (MACE-PACCMAN).
Paul continues to participate in the IETF; he served as Steering Committee Chair of the Calendaring and Scheduling Consortium and contributed to several of the drafts created by the calendaring and scheduling working group.

Paul attended Syracuse University and later Northeastern University, studying Aerospace and Mechanical engineering.

Nancy B. Zanga

Nancy B. Zanga, Director of Client Operations

Nancy Zanga serves as the Director of Client Operations for SystemExperts to ensure each project meets and ideally exceeds the client’s expectations. As the Director of Operations her role is to provide a cohesive flow of communication with the client from the initial inquiry to the final stages of SystemExperts consulting services.
Read More...

Nancy is a seasoned professional who brings over two decades of experience providing outstanding planning, coordination, and execution of consulting projects. Clients appreciate her responsiveness, clarity, professionalism, and ability to shepherd multiple projects to successful completion.

Before joining SystemExperts in February of 2012, Nancy worked with a national fundraising-consulting firm for over 15 years. During her time there, she fulfilled a variety of roles including all coordination and communication between the consulting team and the firm’s clients including The National Geographic Society, Vassar College, Rensselaer Polytechnic Institute, Museum of Fine Arts Boston, Scripps Research Institute, and the New York Public Library.

Nancy resides in New Hampshire and has two daughters. She also has served on numerous non-profit boards and committees within her community.

Jonathan Shuffler

Jonathan Shuffler, Head of Network Security Testing

Jonathan Shuffler is an information security advocate and consultant at SystemExperts. Jonathan graduated in 2016 from Pennsylvania State University with a B.S. in Security and Risk Analysis (SRA) – Information Cyber Security (ICS).
Read More...

At the 2016 “At Large Collegiate Cyber Defense Challenge,” Jonathan led the Pennsylvania State University – Altoona Collegiate Cyber Defense Challenge (CCDC) team to third place, the highest in university history.

For his Senior Capstone Project, Jonathan worked with the University’s Head of Division of Business, Engineering, and Information Sciences and Technology and the Senior Technical Staff Member at IBM to develop an Android application capable of guessing the location of Wireless Access Points using only the pre-existing hardware commonly found in an Android device.

Jason Kite

Jason Kite, Consultant
OSCP

Jason is a consultant at SystemExperts specializing in network security and penetration testing working out of Colorado Springs. Jason holds a Bachelor of Science in Information Technology from Colorado Technical University and is an Offensive Security Certified Professional (OSCP).
Read More...

Jason assists students at Colorado Technical University with furthering their education in the IT arena.

Jason enjoys participating in Capture the Flag security competitions and continues to prepare for further certifications. He has a strong interest in all aspects of security, works with Android rooting and modification, and home networking in his spare time.

Joseph M. Kurfehs

Joseph M. Kurfehs, Head of Compliance
CISSP, PCIP-QSA, CGEIT, CRISC, CISM, DABCHS, and CHS-III

Joe is Head of Compliance at SystemExperts focusing on compliance.

Joe brings over 30 years of managerial and technical expertise in IT governance, risk management, security, privacy and regulatory compliance to SystemExperts. He has extensive experience with the implementation of NIST and ISO 27000 standards, as well as compliance with GLBA, PCI-DSS, SOX, HIPAA, 21 CFR Part 11, US-EU Safe Harbor/Privacy Shield, and GDPR.
Read More...

Just prior to joining SystemExperts, Joe held dual roles as Global Director of Security and Head of Risk and Compliance at Grey Group, Cohn and Wolfe, and GreyHealth Group within WPP, a world leader in marketing communications.

In this position, Joe implemented a global application vulnerability scanning program and a global GRC solution to manage and track risks in all operating groups and offices. This included a third party vendor risk management program, as well as compliance to SOX and GDPR. He also managed the security and compliance program for the world’s largest IT Transformation program during the outsourcing of IT operations to IBM.

Joe has 19 years of full time IT experience in the financial sector with First Investors (2 years) and Prudential Financial (17 years), where he served as Systems Manager – Distributed Systems Security and Architecture. In addition, he has six years’ experience at the world largest immigration law firm, Fragomen, Del Rey, Bernsen & Loewy, LLP, where he served as the Global Information Security Officer, and four years at Princeton HealthCare System, where he served as the Technical Security Officer and Manager of both Information Security and Application Support.

Joe’s IT consulting background includes work for KPMG, Federal Reserve Bank of NY, University Medical Center at Princeton, Bristol Myers Squibb Co, and Horizon Blue Cross Blue Shield.

Joe holds professional certifications for: CISSP, PCIP-QSA, CGEIT, CRISC, CISM, DABCHS, and CHS-III. He holds a Bachelors of Science degree in Management Sciences from Kean University, Union, NJ.

Joe currently resides on the Jersey Shore with his wife and their combined seven kids.

If your company does not yet have a mature security organization, a SystemExperts advisor can help with a variety of activities

A Chain Is Only as Strong as Its Weakest Link

SystemExperts never outsources nor subcontracts this work. We never use hackers, and we never leave systems in a less secure state than when we found them (no back doors) – many other firms cannot say the same. Contact SystemExperts to request a free and confidential Security Testing consultation by phone.

Are You Secure?

One of our consultants will get back to you shortly

Associations & Certifications