LBMC Security & Risk Services’ Leadership Team
The LBMC Security & Risk Services’ talent bench is deep. You benefit from that experience and unlike some firms, our personalized service means you’ll get to know the faces of our leadership team
Thomas Lewis, QSA, CISA
Thomas Lewis has almost two decades developing security solutions in complex environments for Fortune 500 clients, and state and federal government agencies. He has extensive experience working with clients on compliance strategies for FISMA, CMS, HIPAA, PCI, GLBA and the NIST framework. A frequent speaker on information security, Thomas also shares his expert insight with media locally and nationally. A graduate of David Lipscomb University, Thomas earned his Master of Accountancy with an information systems concentration at the University of Tennessee. Founding president of the Middle Tennessee Information Systems Security Association, Thomas holds or has held the following designations: PCI Qualified Security Assessor, Certified Information Systems Security Professional, Microsoft Certified Systems Engineer and Certified Information Systems Auditor.
Mark Fulford, CISSP, CISA, QSA, ABCP
Mark Fulford’s 20-plus years of experience in information systems enable him to expertly advise clients in many areas, including IT audits, information security, continuity planning and general IT management. He assists clients ranging from technology-driven startups to Fortune 500 firms to deliver auditing and consulting services to ensure security, availability and reliability of electronic information. Mark also spearheads the members of LBMC Security & Risk Services team dedicated to providing IT compliance and audit services, including SSAE 16/SAS 70, HITRUST, GLBA, HIPAA, HITECH and SOX. A founding member of Information Systems Security Association’s Middle Tennessee chapter, Mark is a graduate of David Lipscomb University. He is a Certified Information Systems Auditor, Certified Information Systems Security Professional, PCI Qualified Security Assessor and Associate Business Continuity Planner.
Director - Risk Services
Mark has 16 years of experience in information security and risk management. His background includes extensive experience in security program strategy and development, regulatory compliance, security policies and procedures, risk assessment and management, penetration testing, and security function design, development, and staffing. Mark has served as the President and Global Practice Leader for a national information security consulting company, has built and led information security functions for two major publicly-traded corporations and worked for several years in key leadership roles with two of the Big 6 accounting firms where he specialized in developing, implementing, assessing, and securing information technology solutions for companies in the healthcare, retail, manufacturing, banking, and insurance industries.
In 2005, while serving as the Global Information Security Officer for international insurance broker The Willis Group, Mark was named the Information Security Executive of the Year at the ISE Southeast Awards. In 2008, while serving as the Executive Director of IT Operations and Security for hotelier Gaylord Entertainment Company, he was named one of Information Security Magazine’s “Security 7” top seven security leaders, and he was chosen by ComputerWorld Magazine as one of the Premier 100 IT Leaders for 2009. In January 2011, the Information Systems Security Association (ISSA) named Mark a Fellow. This prestigious honor, which has only been granted to a handful of individuals worldwide, is bestowed by the ISSA Fellow Program for distinguished accomplishments in the field of information security, leadership, and future service to the association and profession. Mark’s unique background allows him to bring a “walk a mile in the shoes” perspective to all of LBMC’s security engagements.
Stewart Fey,CISA, CISSP, QSA
Stewart Fey leads the LBMC team in the area of security assessment services. Over his career, Stewart has continuously demonstrated the ability to compromise systems using techniques that represent an incredible simulation of an actual attacker. Stewart uses his extensive experience in the healthcare industry to assist clients with their information security needs. Before joining LBMC Security & Risk Service, he was the senior manager of IT internal audit at a Fortune 100 healthcare company. A graduate of University of Tennessee, Stewart is a Certified Information Systems Auditor, Certified Information System Security Professional and PCI Qualified Security Assessor.
Frank Knobbe has nearly two decades of experience in information technology and applied security, serving clients from small and medium-size businesses to enterprise markets. Using his extensive security, network and system management experience, Frank successfully managed a variety of large integration, migration and security projects. He has the unique ability to think and work on a packet level, while understanding and correlating items in the larger context of security. He is the author of several open-source/freeware utilities and is an adjunct administrator on the Bleeding-Edge/Emerging Threats project. Frank has or held the following designations: PCI Qualified Security Assessor, Microsoft Certified Systems Engineer, Microsoft Certified Professional+Internet and Microsoft Certified Professional and holds other certified designations.
phone: (615) 309-2312
Craig Zimberg brings over 12 years of information security and internal audit experience to the LBMC team. Six years of his experience working with a Big 4 Accounting firm and most recently served six years as Executive Director of Corporate Security for BMI.. His certifications include Certified Public Accountant (CPA), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), and Certified Internal Auditor (CIA). Craig was named the Chief Information Security Officer of the Year by the Nashville Technology Council in October of 2011, and recently finished a term as President of the Middle Tennessee Chapter of the ISSA. He is a graduate of Rutgers University with a bachelor’s degree in accounting and earned his MBA at Auburn University.
phone: (615) 309-2249
Ken Swain has well over a decade of experience assisting clients with all aspects of their security needs and is a recognized leader in the field of information security. His areas of expertise are security incident and event management, web application security, mobile device security, network monitoring, system configuration management, network and system hardening and penetration testing. During his career Ken has been responsible for the development and deployment of security functions at hospitality, power, telecommunication, oil and gas, and technology firms.