Beyond Checking the Box: Implementing a Pragmatic Risk Management Program

As the manager for BARR’s cybersecurity consulting practice, Larry supports small-to-medium sized and enterprise companies in need of a virtual CISO (or CISO on retainer). He plans and executes various engagements including readiness assessments, policy and procedure documentation, vendor risk management assessments, and external audit assistance.

As an experienced cybersecurity professional, Larry specializes in navigating IT governance, risk, and compliance within complex digital landscapes. His expertise extends across implementing robust cybersecurity programs, conducting comprehensive compliance audits, and designing solutions tailored to the unique needs of our clients, ranging from emerging tech startups to established enterprises.

Holding CISSP, CISA, and CRISC certifications, Larry brings a wealth of knowledge and a proven track record in bolstering security postures, ensuring regulatory compliance, and fostering resilient digital ecosystems.

Committed to continuous learning, he keeps up on the latest cybersecurity trends, threats, and innovations, particularly those influencing cloud-based ecosystems. His approach is described as a blend of strategic foresight, technical acumen, and a keen understanding of the evolving cyber threat landscape, empowering our clients to achieve their business objectives securely and compliantly.

As manager of BARR’s attest services practice, Steve works closely with organizations in the healthcare industry to identify and mitigate cybersecurity threats by planning and executing risk assessments and audits against frameworks including HITRUST, NIST SP 800-53, PCI, SOC 1, and SOC 2. Steve is an ISO 27001 Lead Auditor, a Certified Information Systems Auditor (CISA), and a HITRUST Certified CSF Practitioner.

Prior to joining BARR, Steve was a senior consultant in Wolf & Company’s IT Assurance practice. He holds a Bachelor of Science in Information Systems from Bentley University.