Our Distinguished Staff of Network Security Consultants


Jonathan G. Gossels, President & CEO


Jonathan is President & CEO of SystemExperts Corporation, a network security consulting firm specializing in IT security and compliance. Jonathan started the company in 1994. He plays an active, hands-on role advising clients in compliance, technology strategies, managing complex programs, and building effective security organizations. Jonathan brings a business focus to this multifaceted work balancing all technical initiatives with business requirements and impact.

Jonathan is frequently quoted on the emerging challenges, as well as best practices in information security in leading publications such as Computerworld, Information Week, CSO Magazine, Wall Street & Technology Magazine, and InfoWorld. He is also a regular contributor to SC Magazine, Information Security Magazine, and the ISSA Journal.

Prior to founding SystemExperts, Jonathan built the Consulting Services operation for OpenVision Technologies (now Veritas). Before that, he was the Director of Business Development and Business Area Manager of Interoperability for the Open Software Foundation (OSF). In that role, Jonathan initiated and led the Distributed Computing Environment (DCE) project from its inception through its three major releases.

Jonathan has served on the editorial Advisory Board of Information Security Magazine, as technical advisor to Dateline NBC, and has been a guest on CBS news radio.

Jonathan is a graduate of Yale University and MIT’s Sloan School of Management.


Brad C. Johnson, Vice President


Brad Johnson is Vice President of SystemExperts Corporation and has been a leader of the company since 1995. He has participated in seminal industry initiatives including the Open Software Foundation (OSF), X/Open, the IETF, and has published many articles on open systems, Internet security, security architecture, ethical hacking and web application security.

Brad developed the signature methodologies underlying SystemExperts’ wide range of testing services. He also developed analytical approaches that enable our clients to use web application assessments, penetration testing, compliance audits, and architectural analysis to improve their effective level of security at the lowest possible cost.

On a day to day basis, Brad continues to advise clients on all aspects of information security. That includes leading teams of application vulnerability testers, participating in compliance reviews, or taking charge of a client’s application development project that has gone off-the-rails.

Brad is frequently quoted in business and technical publications such as SC Magazine, Wall Street and Technology, ISSA Journal, Computerworld, and Dark Reading. He has also served as a technical advisor or contributor to Dateline NBC, Information Security Magazine, Internet World, ISSA, and CNN.

Prior to SystemExperts, Brad held senior technical software research and development positions at OSF, Digital Equipment Corporation, Data General, and Bell Laboratories. Brad holds a Bachelor of Arts degree in Computer Science from Rutgers University and a Master of Science degree in Applied Management from Lesley University.


Peter S. McLaughlin, Vice President of Business Development

Pete McLaughlin joined us from Accenture, where he was the North America Sales Director for its security practice. This is his second tour with SystemExperts.

Pete has helped organizations of all sizes identify solutions to their specific challenges and scope engagements that meet their unique needs. He sees himself as an extension of his clients’ teams, prides himself on being easy to work with, and knows that responsiveness, thoroughness, and consistency are cornerstones of trusted relationships.

Pete’s sales career started in the S/390 world at Amdahl Corporation where he was responsible for all new accounts in Georgia. From there, he opened the Northeast territory for angel backed start-up INSUREtrust, the first company globally to provide Electronic Information Error and Omissions Insurance Policies (Breach of Security Insurance) combined with security risk assessments.

Pete lives in New Hampshire, has three boys including identical twins. He was drafted by the National Hockey League’s Pittsburgh Penguins, won the 41st annual Beanpot, and toiled in the minor leagues for the Detroit Vipers and Baton Rouge King Fish.

Pete has a BA in History from Harvard University.


Paul B. Hill, Senior Consultant

Paul Hill has worked with SystemExperts as a principal project consultant for more than twelve years assisting on a wide range of challenging projects across a variety of industries including higher education, legal, and financial services. He joined SystemExperts full time in March 2012 and coordinates the SMARTday practice.

Paul joined the IT Department of the Massachusetts Institute of Technology in 1991. During his tenure, he has played a leadership role in the evolution of identity services for the Institute and the industry as a whole. He is also recognized as one of the industry’s foremost experts in Microsoft technology.

Paul was responsible for the evolution of MIT’s identity services. He led the project to design, deploy, maintain, and support MIT’s Shibboleth infrastructure. He also extended MIT’s central authorization management system, known as Roles. The support included consulting with business teams on campus, working with multiple teams to improve and enhance MIT’s LDAP system, and to improve and streamline the provisioning of new hires and new students.

Paul built and led the team responsible for the creation and development, initial deployment, and ongoing operations of MIT’s central Windows Active Directory domain. The domain was integrated into MIT’s existing identity services including the campus Kerberos infrastructure and centralized group management and campus DNS. The team worked extensively with Microsoft’s internal developers on Kerberos interoperability issues, and provisioning AD from external sources. The team was also involved in the evolution of the AFS client for Windows and created the first test suite for the AFS client on Windows. He also worked with many colleges and universities and the MIT Kerberos team to resolve cross-real interoperability issues.

Paul was also involved in the creation of the Kerberos Consortium, including the development of the initial business plan. He also played a leading role in the development of Internet2 specifications, including ongoing participation in the Middleware Architecture Committee for Education, particularly the MACE Privilege Management and Access working group (MACE-PACCMAN).

Paul continues to participate in the IETF; he served as Steering Committee Chair of the Calendaring and Scheduling Consortium and contributed to several of the drafts created by the calendaring and scheduling working group.

Paul attended Syracuse University and later Northeastern University, studying Aerospace and Mechanical engineering.


Alexander Chaveriat, Practice Lead – Security Assessment


Alex Chaveriat is the Security Assessment Practice Lead at SystemExperts specializing in network and application security.

Alex’s passion for information security spans from the physical layer to the application layer. Alex approaches projects with new and innovative ideas, works and collaborates with existing security staff, and loves to share his excitement for security. Alex has extensive experience performing vulnerability and penetration tests against all types of systems and software.

Prior to SystemExperts, Alex worked for General Electric on the Corporate IT Risk Team uncovering vulnerabilities within GE products and internal software. Alex led and participated in small and large scale security assessments approaching tasks as an adversary or as a security architect. These assessments were across many platforms including GE client/server applications, web applications, HMIs, embedded systems, SCADA equipment, smart grid technologies, and more.

Along with actively contributing to industry security groups and conferences, Alex volunteers his knowledge to non-profit organizations, helping secure systems that would otherwise remain vulnerable to attack. In 2014, Alex won the prestigious DEF CON Black Badge by coming in first place in the DarkNet competition and won the DarkNet competition again in 2015: the only person to ever win it back-to-back. In 2016, Alex was invited to work as part of the DarkNet staff for the Black Badge competition. His responsibilities include leading teams of players through the most difficult DarkNet challenges. In August 2016, Alex won a cryptography challenge for the Grand Rapids Security Conference (GrrCon) that remained unsolved for 3-years. The challenge was a multistep process including tasks such as cracking multiple layers of encryption including a binary with a polymorphic mutation engine, steganography, and completing the Smash the Stack BlackBox reverse engineering challenge.

Alex holds a Bachelors of Science degree in Network Security and is an Offensive Security Certified Expert (OSCE), Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP), and a Wurldtech Systems Certified Achilles Tester (WST).


Jeff VanSickel, Compliance Practice Lead

ISC2/CISSP, PCI/QSA, ISACA/CISM, Cisco Certified Network Architect (CCNA)

Based in the Philadelphia area, Jeff VanSickel is a seasoned Information Security Professional with over 20 years’ experience in the areas of Information Security, Information Technology, Audit Compliance, Risk and Project Management. Jeff, being a Payment Card Industry (PCI) Qualified Security Assessor (QSA), a certified CISSP and CISM, he is highly knowledgeable about US Federal and State Law (including SOX, HIPAA, GLBA and Breach Law), US Regulations, ISO-27001/2, NIST, and PCI-DSS.

Just prior to joining SystemExperts, Jeff was Director of Information Security Policy and Audit Assurance for Barclays Bank Delaware, a large US credit card issuing bank. This position enabled Jeff to gain in-depth exposure and insight into ongoing development, implementation and enforcement of controls for the bank, its bank vendors and partners.

Before Barclays, Jeff was Vice President of Vendor Management for MBNA America/Bank of America where he established controls over external sharing of sensitive customer Personally Identifiable Information (PII) for Outsourced Third Parties, Service Providers and Vendors to ensure compliance with federal laws, state breach laws and Payment Card Industry (PCI) requirements.

Jeff’s consulting background includes work for major consulting firms (Deloitte), as well as smaller consulting firms (Jefferson Wells and Computer Task Group) where he managed individual security, risk and vulnerability assessments. He has also developed Information Security Policies, Standards and Procedures for many companies spanning multiple industries, including government agencies, banks, broker-dealers, retail, health, pharma, and packaged goods manufacturing. He developed and taught OCC, FFIEC and NCUA IT audit training for over 900 credit union auditors. He has also led GLBA, OMB-A-130 and FISMA audits for numerous private and public companies including a $41 billion private investment company (Bessemer Group Inc.), the Federal Reserve Bank headquarters, World Bank and the Pension Benefit Guarantee Corporation, which protects $44 million worker pensions. He also developed a compliance strategy for a bio-technical company (Chrysalis Technologies) based on FDA (21 CFR 11), Export Administration Regulations (EAR), Good Laboratory Practices (GLP), ITAR and HIPAA.

Jeff is a CISSP and has a Bachelor of Science in Electrical Engineering and a Master’s of Engineering in Computer Science.


Nancy B. Zanga, Project Manager

Nancy Zanga serves as the Project Manager for SystemExperts and works closely with the Vice President of Business Development to ensure each project meets and ideally exceeds the client’s expectations.

Nancy is a seasoned professional who brings over two decades of experience providing outstanding planning, coordination, and execution of consulting projects. Clients appreciate her responsiveness, clarity, professionalism, and ability to shepherd multiple projects to successful completion.

Before joining SystemExperts in February of 2012, Nancy worked with a national fundraising- consulting firm for over 15 years. During her time there, she fulfilled a variety of roles including all coordination and communication between the consulting team and the firm’s clients including The National Geographic Society, Vassar College, Rensselaer Polytechnic Institute, Museum of Fine Arts Boston, Scripps Research Institute, and the New York Public Library.

Nancy resides in New Hampshire and has two daughters. She also has served on numerous non- profit boards and committees within her community.


Jonathan Shuffler, Consultant

Jonathan Shuffler is an information security advocate and consultant at SystemExperts. Jonathan graduated in 2016 from Pennsylvania State University with a B.S. in Security and Risk Analysis (SRA) – Information Cyber Security (ICS).

At the 2016 “At Large Collegiate Cyber Defense Challenge,” Jonathan led the Pennsylvania State University – Altoona Collegiate Cyber Defense Challenge (CCDC) team to third place, the highest in university history.

For his Senior Capstone Project, Jonathan worked with the University’s Head of Division of Business, Engineering, and Information Sciences and Technology and the Senior Technical Staff Member at IBM to develop an Android application capable of guessing the location of Wireless Access Points using only the pre-existing hardware commonly found in an Android device.

Jason Kite, Consultant


Jason is a consultant at SystemExperts specializing in network security and penetration testing working out of Colorado Springs.  Jason holds a Bachelor of Science in Information Technology from Colorado Technical University and is an Offensive Security Certified Professional (OSCP).

Jason assists students at Colorado Technical University with furthering their education in the IT arena.

Jason enjoys participating in Capture the Flag security competitions and continues to prepare for further certifications.  He has a strong interest in all aspects of security, works with Android rooting and modification, and home networking in his spare time.

Joseph M. Kurfehs, Senior Consultant


Joe is a senior consultant at SystemExperts focusing on compliance.

Joe brings over 30 years of managerial and technical expertise in IT governance, risk management, security, privacy and regulatory compliance to SystemExperts. He has extensive experience with the implementation of NIST and ISO 27000 standards, as well as compliance with GLBA, PCI-DSS, SOX, HIPAA, 21 CFR Part 11, US-EU Safe Harbor/Privacy Shield, and GDPR.

Just prior to joining SystemExperts, Joe held dual roles as Global Director of Security and Head of Risk and Compliance at Grey Group, Cohn and Wolfe, and GreyHealth Group within WPP, a world leader in marketing communications.

In this position, Joe implemented a global application vulnerability scanning program and a global GRC solution to manage and track risks in all operating groups and offices. This included a third party vendor risk management program, as well as compliance to SOX and GDPR.  He also managed the security and compliance program for the world’s largest IT Transformation program during the outsourcing of IT operations to IBM.

Joe’s IT consulting background includes work for KPMG, Federal Reserve Bank of NY, University Medical Center at Princeton, Bristol Myers Squibb Co, and Horizon Blue Cross Blue Shield.  Joe also has 19 years of full time IT experience in the financial sector with Prudential Financial and First Investors.

Joe holds professional certifications for: CISSP, PCIP-QSA, CGEIT, CRISC, CISM, DABCHS, and CHS-III. He holds a Bachelors of Science degree in Management Sciences from Kean University, Union, NJ.

Joe currently resides on the Jersey Shore with his wife and their combined seven kids.

Steve McGee, Senior Project Consultant


Steve McGee is a senior project consultant with SystemExperts specializing in developing and improving our clients’ overall operational security.

Steve is an authority on HIPAA/HITECH, NIST SP 800-30 and SP 800-39, ISO 27002, Center for Internet Security (CIS) Controls and OWASP Top Ten Project, and understands the legal and regulatory aspects of working with vendors and partners in healthcare, HIEs and IDNs.  He also has extensive experience reviewing, negotiating, and writing service agreements, business associate agreements (BAAs), security incident management and breach notification processes, security and use policies for healthcare-based SaaS solutions, and written information security programs (WISP).

Prior to SystemExperts, Steve worked for Curaspan Health Group leading the Information Security Team and nurturing the organization’s security program while creating a healthy culture of security within all departments and staff.  Steve was responsible for conducting a wide range of security audits and assessments, from vulnerability management to continuity of operations, imbedding scalable security controls around product and service offerings and awareness training.  These assessments were across multiple systems and workflows including web applications, inventory and asset management, product security, vendor and partner risk management, and social engineering.

Steve has years of experience ensuring critical assets remain protected throughout their lifecycle by utilizing penetration testing (Nessus, Nikto, Metasploit), vulnerability analysis and patch management solutions (Nipper Studio, wireshark, nmap, Burp Suite, Whitehat Sentinel Dynamic and Sentinel Source, WSUS, SolarWinds), threat management tools and services (National Health-ISAC, Anomali-Threatstream, US-CERT, SANS Internet Storm Center, the NIST National Vulnerability Database (NVD), VirusTotal, BugTraq), mobile device management solutions (MobileIron, AirWatch), SIEM and event log management approaches (QRadar, Dell SecureWorks LogVaulting service).  Steve also has strong knowledge and experience relating to cloud vs. on-prem vs. hybrid approaches to storage and automated process management (AWS, SharePoint, Rackspace) and managed security services.

Steve earned a Bachelor’s of Science degree in Computer Technology, holds a current GIAC Security Leadership Certification (GSLC), is HIPAA-Masters Certified, and has completed the SANS Securing the Human Security Awareness and Leadership Program.