Summary
Experienced IT audit and compliance leader with a focus on SOC reports and certification frameworks. linfordco+1
Practical expertise managing SOC 1/SOC 2, ISO 27001, and HITRUST engagements for service and SaaS organizations across the United States. linfordco+1
Public-facing thought leader on governance, data classification, and risk assessment practices, authoring multiple in-depth blog posts on these topics. linfordco+2
Active in professional community governance, having served on the board of a local ISACA chapter, and maintains professional certifications (CISA, CISSP). linfordco
Work
Education
Writing
IT Governance (GEIT) & SOC 2: Building Strategic Alignment
September 1, 2025Discusses how IT governance (GEIT) and SOC 2 align, the role of boards in IT governance, and implications for organizations managing emerging risks such as AI, data ethics, and supply chain resilience.
What is a Risk Matrix? When, How, And Why To Use One
July 1, 2025Provides guidance on risk assessments and explains how to build and use a risk matrix to prioritize risks by likelihood and impact as part of an entity's risk assessment process.
PII vs PHI vs PCI: Key Differences and Compliance Strategies
September 1, 2024Explains differences between Personal Identifying Information (PII), Payment Card Industry (PCI) data, and Protected Health Information (PHI), and outlines compliance and protection strategies for each.