Regions icon
Membership icon
Certification icon

Welcome to the CREST Americas Chapter

About us

We have been very active in the Americas since the opening of the USA Chapter in September 2016.

Our Americas Chapter is represented and managed by the Americas Council comprising elected member representatives. The Chair of the Americas Council, Tom Brennan, also represents the region on our International Council.

CREST Americas offers programs across six core cyber security stakeholder communities:

• Government
• Regulators
• Buying community
• Service suppliers
• Training and academia
• Professional bodies

The Americas Chapter exists to build capability, capacity, consistency and community in the industry working with governments, regulators, buyers and suppliers at home and abroad to develop and support internationally recognized schemes. These goals help to enhance cyber resiliency and open up markets for our member companies in the Americas and opportunities for qualified individuals.

We have a global viewpoint, and our strategy has been to arm the global cybersecurity industry with the skills, knowledge and competency to address what is truly an international threat.

We offer a full range of disciplines to the American market:

• Penetration Testing
• Incident Response
• Threat Intelligence
• Security Operations Centres

 

CREST Americas Council

The Americas Council Members were elected in December 2021. They will serve for three years at which point, to ensure continuity, half will retire by rotation by mutual agreement and be eligible for re-election for a further three-year term if they so wish. The other half will retire by rotation the following year.

The serving Americas Council Members are listed below in alphabetical order. Hold your cursor over each for more information.

Kyle Bork

Triaxiom Security LLC

[Portfolio: Penetration Testing]

Kyle is a business professional with over 10 years experience working in financial institutions before transitioning into cybersecurity. He served in various roles including project management, account management, and various other roles. In his current role, Kyle is an account manager with Triaxiom Security and manages the end-to-end process across a vast portfolio of clients requiring Kyle to stay abreast of all things cyber security in order to ensure all client requirements are met. Kyle continues to remain involved in the cyber security community evidenced by his recent election into the Americas Council.

Tom Brennan

Chair

Tom chairs the Americas Council and works with government and commercial organizations to optimize our value as a cybersecurity accreditation body and industry standards advocate. His focus is the cybersecurity and infrastructure security agency’s 16 critical infrastructure sectors which are vital to US security, national economy and public health and safety. He spearheads strategic plans for our organizational growth while also serving as an industry evangelist and educator on the value of using accredited cybersecurity products and professionals to improve consumer privacy, security and protections worldwide. Tom is a US Marine veteran and has been involved with CREST since 2016. He is currently the Chief Information Officer of the national law firm Mandelbaum Salsburg where he oversees critical infrastructure, privacy and security operations. He is also an Advisory Board Member of Gerson Lehrman Group, a Cyber Fellows Advisory Council Member, Member of the Information Technology Advisory Committee of the County College of Morris, Senior Advisor and Industry Advisory Board Member of the New Jersey Institute of Technology, and a Cyber Fellows Advisory Council Member of the NYU Tandon School of Engineering. Previous experience also includes working with OWASP (Open Web Application Security Project).

Nick Britton

Protiviti Inc

[Portfolio: Research]

Nick is a Director in Protiviti’s Global Attack Penetration Testing practice, where he focuses on assisting organizations in proactively identifying vulnerabilities and risks through targeted technical testing including network penetration tests, application security assessments, cloud security assessments, and red team/adversary simulation activities.  Prior to his current role, Nick was a penetration tester and red teamer and led the execution of hundreds of engagements for organizations in the financial services, healthcare, and technology industries.  Nick is passionate about offensive security research and knowledge sharing and has presented at multiple security and audit conferences, including BSides and PancakesCon on topics ranging from securing IoT devices to collecting and leveraging previously breached credentials for a more robust penetration testing methodology.

Michael Gargiullo

Pivot Point Security Inc

[Portfolio: Regulators]

Mike has worked in IT for almost 30 years and has worked strictly in security for the last 16 years. Currently, Pivot Point Security’s Security Assessment Practice Manager, performing penetration tests against networks, applications, and IoT devices, across physical and cloud environments. With a wide breadth of experience across a wide range of industries, Mike has helped hundreds of companies understand their current security posture and assisted them in formulating a remediation plan and overall security roadmap. Mike is passionate about information security, learning how things work, and sharing his knowledge with others.

Rocco Grillo

Alvarez & Marsal Global Cyber Risk Services

[Portfolio: Industry Buyer Group]

Rocco is a Managing Director with Alvarez Marsal and leads the firm’s Global Cyber Risk and Incident Response Services practice. He has been a trusted partner of multiple government agencies, including the FBI and the US Secret Service, where his cyber expertise was instrumental in investigating and resolving a variety of cyber-based crimes. He has advised clients on some of the most complex cybersecurity initiatives and coordinated incident response efforts for some of the largest security breaches over the last 14 years. Prior to joining AM, Rocco held leadership positions at professional services organizations including Stroz Friedberg/Aon Cyber Solutions, where he served as the Global Leader of the firm’s cybersecurity services. Prior to Aon Cyber Solutions, Rocco was a founding member of Protiviti’s Cybersecurity Practice and led the development of the firm’s Global Incident Response and Forensics Investigations Practice. Rocco is an affiliate board advisor for the Retail Hospitality ISAC and has assisted with other thought leadership initiatives for the FS-ISAC; and assists in creating its annual Compromise Against Payments Systems (CAPS), the simulated industry cyberattack exercise.

Grayson Lenik

Trustwave

[Portfolio: Intelligence-led Testing]

Grayson is the Director of Consulting and Professional Services for Trustwave Government Solutions. He has more than 20 years of experience in information security and digital technology, working as an Avionics Technician, Systems Administrator, Network Administrator, Security Systems Architect, Private Consultant, Incident Responder and Team Leader. Grayson works regularly with state, local and federal law enforcement teaching cyber security and digital forensics topics. Grayson is a former member of the International Association of Financial Crimes Investigators (IAFCI), the SANS Advisory Board and was previously a member of the Seattle and Los Angeles Electronic Crimes Task Force (ECTF). Grayson is a GCFA, CISSP and carries the CMMC-RP certification.

Tim Luck

Pen Test Partners Inc

[Portfolio: Incident Response]

Tim has worked in information/cybersecurity for over 10 years, particularly focused within penetration testing and general GRC (governance, risk and compliance) consultancy, with experience working for CREST member companies. Currently based out of New York, Tim is a regular at many conferences and events in the industry, including co-hosting round table user groups and presenting at conferences and to clients directly, on various topics. Tim has presented to the Global Connected Aircraft Summit, ISSA chapters, the US Chamber of Commerce and several of the API’s Oil Natural Gas Cybersecurity Conferences. As well as working closely with large financial institutions, technology innovators, pharmaceutical and retailers (amongst others) to deliver mature security services, including red and purple teaming, Tim is also strongly active within the energy, maritime, automotive and aviation sectors, working closely with the ISACs in these areas.

Greg Mosher

VerSprite LLC

[Portfolio: Training and Academia]

Greg is a passionate information security consultant with nearly 30 years of professional experience in software development, design and architecture.  Of these, more than 20 years have been in the cyber security industry.  Many of his roles have been anti-malware focused as was a co-founder of Exploit Prevention Labs in 2005.  Later he assumed executive positions including the global lead of the B2B product and engineering organizations for both AVG and Avast. Greg currently is part of the VerSprite LLC team as VP of Products and Security Operations.  His consulting role focuses heavily on assessing architecture and infrastructure security for both on- premises and cloud native applications. Key areas in which Greg is a SME are authentication/authorization, network and data security/privacy. Greg also drives assisted remediation and DevSecOps technology/automation for VerSprite’s customers. Finally, he also leads VerSprite’s product development initiatives by building products for both Cloud Security and Threat Intel in support of VerSprite’s managed services.

Chris Oakley

Nettitude

[Portfolio: Threat Intelligence and Academia]

Chris is the VP of Technical Services at Nettitude.  He has also served as a CREST assessor since 2016 and has been a member of our Americas Council since 2021.  Originally from a software development background, Chris moved to full-time cybersecurity in 2010.  He specializes in an array of offensive security disciplines, such as penetration testing, and is experienced in building high performing security teams internationally.  Today, Chris directs the Americas operation at Nettitude, with particular focus on ensuring technical excellence across all areas of service.

Paul Underwood

Emagined Security Inc

[Portfolio: Penetration Testing]

Paul is currently the Chief Operations Officer at Emagined Security and has more than 30 years’ experience in the field of network and information security management. Paul is experienced in both executive and technical management and an accomplished technically skilled consultant. Many technical services offered by the Emagined Security Consulting Services Division were created or adapted by Paul to ensure they meet and exceed client expectations. He is experienced with incident response, penetration testing services, security architecture and design, identification and authorization systems, security policies and procedures, security assessment services, certificate authorities, encryption, and Security Operations Centers. Paul has also served on several boards previously including the Colorado State OIT board and Emagined Security.