Our Distinguished Staff of Network Security Consultants

IMG_Jon-Gossels

Jonathan G. Gossels, President & CEO

ISACA/CISM ISACA/CRISC

Jonathan is President & CEO of SystemExperts Corporation, a network security consulting firm specializing in IT security and compliance. Jonathan started the company in 1994. He plays an active, hands-on role advising clients in compliance, technology strategies, managing complex programs, and building effective security organizations. Jonathan brings a business focus to this multifaceted work balancing all technical initiatives with business requirements and impact.

Jonathan is frequently quoted on the emerging challenges, as well as best practices in information security in leading publications such as Computerworld, Information Week, CSO Magazine, Wall Street & Technology Magazine, and InfoWorld. He is also a regular contributor to SC Magazine, Information Security Magazine, and the ISSA Journal.

Prior to founding SystemExperts, Jonathan built the Consulting Services operation for OpenVision Technologies (now Veritas). Before that, he was the Director of Business Development and Business Area Manager of Interoperability for the Open Software Foundation (OSF). In that role, Jonathan initiated and led the Distributed Computing Environment (DCE) project from its inception through its three major releases.

Jonathan has served on the editorial Advisory Board of Information Security Magazine, as technical advisor to Dateline NBC, and has been a guest on CBS news radio.

Jonathan is a graduate of Yale University and MIT’s Sloan School of Management.

IMG_Brad-Johnson

Brad C. Johnson, Vice President

ISACA/CISM, ISACA/CRISC, NSA/IAM

Brad Johnson is Vice President of SystemExperts Corporation and has been a leader of the company since 1995. He has participated in seminal industry initiatives including the Open Software Foundation (OSF), X/Open, the IETF, and has published many articles on open systems, Internet security, security architecture, ethical hacking and web application security.

Brad developed the signature methodologies underlying SystemExperts’ wide range of testing services. He also developed analytical approaches that enable our clients to use web application assessments, penetration testing, compliance audits, and architectural analysis to improve their effective level of security at the lowest possible cost.

On a day to day basis, Brad continues to advise clients on all aspects of information security. That includes leading teams of application vulnerability testers, participating in compliance reviews, or taking charge of a client’s application development project that has gone off-the-rails.

Brad is frequently quoted in business and technical publications such as SC Magazine, Wall Street and Technology, ISSA Journal, Computerworld, and Dark Reading. He has also served as a technical advisor or contributor to Dateline NBC, Information Security Magazine, Internet World, ISSA, and CNN.

Prior to SystemExperts, Brad held senior technical software research and development positions at OSF, Digital Equipment Corporation, Data General, and Bell Laboratories. Brad holds a Bachelor of Arts degree in Computer Science from Rutgers University and a Master of Science degree in Applied Management from Lesley University.

IMG_Pete-McLaughlin

Peter S. McLaughlin, Vice President of Business Development

Pete McLaughlin joined us from Accenture, where he was the North America Sales Director for its security practice. This is his second tour with SystemExperts.

Pete has helped organizations of all sizes identify solutions to their specific challenges and scope engagements that meet their unique needs. He sees himself as an extension of his clients’ teams, prides himself on being easy to work with, and knows that responsiveness, thoroughness, and consistency are cornerstones of trusted relationships.

Pete’s sales career started in the S/390 world at Amdahl Corporation where he was responsible for all new accounts in Georgia. From there, he opened the Northeast territory for angel backed start-up INSUREtrust, the first company globally to provide Electronic Information Error and Omissions Insurance Policies (Breach of Security Insurance) combined with security risk assessments.

Pete lives in New Hampshire, has three boys including identical twins. He was drafted by the National Hockey League’s Pittsburgh Penguins, won the 41st annual Beanpot, and toiled in the minor leagues for the Detroit Vipers and Baton Rouge King Fish.

Pete has a BA in History from Harvard University.

Paul-Hill

Paul B. Hill, Senior Consultant

Paul Hill has worked with SystemExperts as a principal project consultant for more than twelve years assisting on a wide range of challenging projects across a variety of industries including higher education, legal, and financial services. He joined SystemExperts full time in March 2012 and coordinates the SMARTday practice.

Paul joined the IT Department of the Massachusetts Institute of Technology in 1991. During his tenure, he has played a leadership role in the evolution of identity services for the Institute and the industry as a whole. He is also recognized as one of the industry’s foremost experts in Microsoft technology.

Paul was responsible for the evolution of MIT’s identity services. He led the project to design, deploy, maintain, and support MIT’s Shibboleth infrastructure. He also extended MIT’s central authorization management system, known as Roles. The support included consulting with business teams on campus, working with multiple teams to improve and enhance MIT’s LDAP system, and to improve and streamline the provisioning of new hires and new students.

Paul built and led the team responsible for the creation and development, initial deployment, and ongoing operations of MIT’s central Windows Active Directory domain. The domain was integrated into MIT’s existing identity services including the campus Kerberos infrastructure and centralized group management and campus DNS. The team worked extensively with Microsoft’s internal developers on Kerberos interoperability issues, and provisioning AD from external sources. The team was also involved in the evolution of the AFS client for Windows and created the first test suite for the AFS client on Windows. He also worked with many colleges and universities and the MIT Kerberos team to resolve cross-real interoperability issues.

Paul was also involved in the creation of the Kerberos Consortium, including the development of the initial business plan. He also played a leading role in the development of Internet2 specifications, including ongoing participation in the Middleware Architecture Committee for Education, particularly the MACE Privilege Management and Access working group (MACE-PACCMAN).

Paul continues to participate in the IETF; he served as Steering Committee Chair of the Calendaring and Scheduling Consortium and contributed to several of the drafts created by the calendaring and scheduling working group.

Paul attended Syracuse University and later Northeastern University, studying Aerospace and Mechanical engineering.


AlexF

Alexander Chaveriat, Practice Lead – Security Assessment

OSCE/OSCP/OSWP/WST

Alex Chaveriat is the Security Assessment Practice Lead at SystemExperts specializing in network and application security.

Alex’s passion for information security spans from the physical layer to the application layer. Alex approaches projects with new and innovative ideas, works and collaborates with existing security staff, and loves to share his excitement for security. Alex has extensive experience performing vulnerability and penetration tests against all types of systems and software.

Prior to SystemExperts, Alex worked for General Electric on the Corporate IT Risk Team uncovering vulnerabilities within GE products and internal software. Alex led and participated in small and large scale security assessments approaching tasks as an adversary or as a security architect. These assessments were across many platforms including GE client/server applications, web applications, HMIs, embedded systems, SCADA equipment, smart grid technologies, and more.

Along with actively contributing to industry security groups and conferences, Alex volunteers his knowledge to non-profit organizations, helping secure systems that would otherwise remain vulnerable to attack. In 2014, Alex won the prestigious DEF CON Black Badge by coming in first place in the DarkNet competition and won the DarkNet competition again in 2015: the only person to ever win it back-to-back. In 2016, Alex was invited to work as part of the DarkNet staff for the Black Badge competition. His responsibilities include leading teams of players through the most difficult DarkNet challenges. In August 2016, Alex won a cryptography challenge for the Grand Rapids Security Conference (GrrCon) that remained unsolved for 3-years. The challenge was a multistep process including tasks such as cracking multiple layers of encryption including a binary with a polymorphic mutation engine, steganography, and completing the Smash the Stack BlackBox reverse engineering challenge.

Alex holds a Bachelors of Science degree in Network Security and is an Offensive Security Certified Expert (OSCE), Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP), and a Wurldtech Systems Certified Achilles Tester (WST).


Jeff2

Jeff VanSickel, Compliance Practice Lead

ISC2/CISSP, PCI/QSA, ISACA/CISM, Cisco Certified Network Architect (CCNA)

Based in the Philadelphia area, Jeff VanSickel is a seasoned Information Security Professional with over 20 years’ experience in the areas of Information Security, Information Technology, Audit Compliance, Risk and Project Management. Jeff, being a Payment Card Industry (PCI) Qualified Security Assessor (QSA), a certified CISSP and CISM, he is highly knowledgeable about US Federal and State Law (including SOX, HIPAA, GLBA and Breach Law), US Regulations, ISO-27001/2, NIST, and PCI-DSS.

Just prior to joining SystemExperts, Jeff was Director of Information Security Policy and Audit Assurance for Barclays Bank Delaware, a large US credit card issuing bank. This position enabled Jeff to gain in-depth exposure and insight into ongoing development, implementation and enforcement of controls for the bank, its bank vendors and partners.

Before Barclays, Jeff was Vice President of Vendor Management for MBNA America/Bank of America where he established controls over external sharing of sensitive customer Personally Identifiable Information (PII) for Outsourced Third Parties, Service Providers and Vendors to ensure compliance with federal laws, state breach laws and Payment Card Industry (PCI) requirements.

Jeff’s consulting background includes work for major consulting firms (Deloitte), as well as smaller consulting firms (Jefferson Wells and Computer Task Group) where he managed individual security, risk and vulnerability assessments. He has also developed Information Security Policies, Standards and Procedures for many companies spanning multiple industries, including government agencies, banks, broker-dealers, retail, health, pharma, and packaged goods manufacturing. He developed and taught OCC, FFIEC and NCUA IT audit training for over 900 credit union auditors. He has also led GLBA, OMB-A-130 and FISMA audits for numerous private and public companies including a $41 billion private investment company (Bessemer Group Inc.), the Federal Reserve Bank headquarters, World Bank and the Pension Benefit Guarantee Corporation, which protects $44 million worker pensions. He also developed a compliance strategy for a bio-technical company (Chrysalis Technologies) based on FDA (21 CFR 11), Export Administration Regulations (EAR), Good Laboratory Practices (GLP), ITAR and HIPAA.

Jeff is a CISSP and has a Bachelor of Science in Electrical Engineering and a Master’s of Engineering in Computer Science.

Nancy

Nancy B. Zanga, Project Manager

Nancy Zanga serves as the Project Manager for SystemExperts and works closely with the Vice President of Business Development to ensure each project meets and ideally exceeds the client’s expectations.

Nancy is a seasoned professional who brings over two decades of experience providing outstanding planning, coordination, and execution of consulting projects. Clients appreciate her responsiveness, clarity, professionalism, and ability to shepherd multiple projects to successful completion.

Before joining SystemExperts in February of 2012, Nancy worked with a national fundraising- consulting firm for over 15 years. During her time there, she fulfilled a variety of roles including all coordination and communication between the consulting team and the firm’s clients including The National Geographic Society, Vassar College, Rensselaer Polytechnic Institute, Museum of Fine Arts Boston, Scripps Research Institute, and the New York Public Library.

Nancy resides in New Hampshire and has two daughters. She also has served on numerous non- profit boards and committees within her community.

Clapp1

Joe Clapp, Senior Consultant

CISSP, MCSE: Security, GSEC, GCFA, GCIH, GCIA, GSNA, GCWN, GPEN

Joe Clapp is a senior consultant at SystemExperts with a highly diverse background spanning several continents. He specializes in supporting customers with highly complex problems in fast paced environments.

Most of Joe’s career has been spent working for the Department of Defense as a uniformed service member and as a civilian contractor supporting the military in places such as Iraq, Afghanistan, Guam and Thailand. In 2004, Joe played a role in the building of the U.S. Army Enterprise Network in Iraq and later served as a technical trainer and advisor while embedded with the Georgian Army.

Joe currently works part-time for the Department of Defense and for the State of Massachusetts. He is a chief warrant officer in the military and serves a team of security professionals as a cyber warfare planner. Joe maintains an active Top Secret clearance and is periodically involved with classified briefings on the state of information security in the DoD and private sector.

Before joining SystemExperts, Joe worked at PHT Corp (now ERT) as a systems security consultant to a software development group and established an Information Security office within the regulatory compliance department. He led several security audits and guided decision makers on critical points of the U.S.-EU Safe Harbor Framework, U.S. computer/cryptography exportation and 21 CFR Part 11.

Joe is a graduate of the U.S. Army’s most prestigious information security school (255S) and has taken several courses toward a Master of Science in Information Security degree. He holds industry certifications such as the CISSP, GPEN and GCNA and is active in the security community. Joe currently resides in the beautiful state of New Hampshire.


JonathanShuffler_Full

Jonathan Shuffler, Consultant

Jonathan Shuffler is an information security advocate and consultant at SystemExperts. Jonathan graduated in 2016 from Pennsylvania State University with a B.S. in Security and Risk Analysis (SRA) – Information Cyber Security (ICS).

At the 2016 “At Large Collegiate Cyber Defense Challenge,” Jonathan led the Pennsylvania State University – Altoona Collegiate Cyber Defense Challenge (CCDC) team to third place, the highest in university history.

For his Senior Capstone Project, Jonathan worked with the University’s Head of Division of Business, Engineering, and Information Sciences and Technology and the Senior Technical Staff Member at IBM to develop an Android application capable of guessing the location of Wireless Access Points using only the pre-existing hardware commonly found in an Android device.