IT Compliance Experts 2025

I’m a lifesciences compliance strategist with a passion for building real-world, right-sized programs in fast-moving environments. With deep experience in pharma and medtech, I specialize in translating regulatory complexity into practical, actionable frameworks. I’ve spent 7+ years navigating the gray areas of compliance—from training physicians on industry expectations to building startup programs from the ground up. I believe compliance should be ethical, functional, and human-centered—and that culture is built through clarity, storytelling, and respect, not fear. Outside of policy and audits, I speak regularly on startup compliance and love turning “boring” topics into memorable moments. I'm here to connect, create, and contribute.

With 20+ years' of experience in risk management and IT security, I excel at crafting secure, compliant, and efficient frameworks for businesses navigating complex regulatory landscapes. My expertise lies in developing Information Security Management Systems (ISMS) that achieve ISO 27001 certification, achieving up to 80% cost reduction in security implementations compared to traditional approaches. As an EC-Council subject matter expert for the CEH certification, my knowledge in ethical hacking and cybersecurity is both deep and broad. I take pride in the iO-GRCF , my proprietary framework designed to streamline and simplify cross-compliance. My goal is to foster partnerships within the industry to address governance, risk, and compliance challenges, while offering IT companies lucrative compliance, gap assessment, and penetration testing solutions.Professional Goals:* Forge partnerships with industry leaders to collaboratively tackle governance, risk, and compliance challenges.* Generate leads with IT companies to offer streamlined compliance, gap assessment, and penetration testing solutions, providing them with new revenue streams.Interests:Follow and engage with industry leaders and organizations that are at the forefront of cybersecurity, compliance standards, and IT innovations.

Shwetha Babu Prasad is a data security and privacy professional, speaker, and published author with nearly a decade of experience in information security. Her work focuses on advancing practical, engineering-driven approaches to protect sensitive data and reduce systemic data exposure risks. She has experience implementing data protection controls across enterprise systems to mitigate the risk of sensitive data exposure. She is the author of Why Websites Fail at Data Protection and Privacy and Data Security in the Age of AI. An active member of ISC2 and the Information Systems Security Association, she contributes to industry initiatives aligned with National Institute of Standards and Technology frameworks through the ISSA Resilience Special Interest Group. Her work advances practical, engineering driven data protection and privacy capabilities, strengthening cyber resilience across enterprise and critical infrastructure environments.

I have 24 years of experience in the credit counseling industry, specializing in operations, compliance, debt management, and consumer financial education. As Senior Manager of Compliance and Media at Money Fit, I ensure our programs meet strict standards for integrity, accuracy, and regulatory compliance. I am a HUD Certified Housing Counselor and serve on the Board of Directors for the Financial Counseling Association of America (FCAA). My work focuses entirely on nonprofit credit counseling. I help consumers understand the clear mechanics of regulated debt management versus the risks tied to for-profit debt settlement. Consumers deserve straightforward financial guidance that is realistic, responsible, and built for actual progress.

I’m Eric Garcia, the CEO of SentrIQ Labs. I have over 15 years of experience in cybersecurity, working across federal, defense, and cloud environments to help organizations design, implement, and defend security programs in highly regulated spaces. My background includes hands-on involvement with authorization processes, security control assessments, policy development, and executive-level risk advisory, with a strong focus on cybersecurity frameworks. Before founding SentrIQ Labs, I worked with organizations ranging from early-stage SaaS companies to large defense contractors, helping them navigate compliance demands without losing sight of operational reality. I have spent years inside the authorization process, working directly with engineers, compliance teams, and leadership to translate dense regulatory requirements into security controls that can actually be implemented and sustained. At SentrIQ Labs, my focus is on applying AI to reduce friction in cybersecurity compliance and audit readiness. That includes automating evidence collection, control mapping, and documentation workflows while preserving human judgment where it matters most. I am particularly interested in how AI changes the future of GRC, the risks introduced by poorly governed AI systems, and how companies can adopt automation without increasing their attack surface. I regularly share insights on cybersecurity compliance, AI development, and the evolving threat landscape, with an emphasis on practical, defensible security programs that align with real business risk rather than checkbox compliance.

Senior Compliance Specialist dedicated to bridging the gap between complex regulation and practical engineering. Over a decade of hands-on experience in EMC, Product Safety and Global Market Access. Currently focusing on Cybersecurity.

Vijay Amin is the Founder & CEO of VertiComply, an AI-powered no-code platform that generates owned, exportable, production-ready healthcare app code with 15+ compliance frameworks enforced at the code level — including HIPAA, GDPR, SOC 2, FDA 21 CFR Part 11, EU AI Act, ISO 27001, HITRUST, ABDM, and DPDP. With 21 years of enterprise IT experience across healthcare, cloud infrastructure, and AI, Vijay has spent his career at the intersection of highly regulated industries and emerging technology. He founded VertiComply after seeing the same pattern repeat across digital health teams: AI-generated code that looked compliant but failed the moment a real audit, security review, or partner onboarding arrived. The platform is built for healthcare startups, digital health teams, and non-technical founders who need to ship fast without compromising on ownership, security, or regulatory rigor. Vijay's areas of expertise include: 1. Healthcare data privacy and HIPAA compliance 2. AI-generated code risk in regulated industries 3. The EU AI Act and its impact on US healthcare and digital health companies 4. Multi-framework compliance overlap (HIPAA + GDPR + FDA 21 CFR Part 11 + SOC 2) 5. No-code and low-code platforms for healthcare app development 6. Cloud security and infrastructure for HIPAA-regulated workloads 7. Compliance challenges for early-stage healthcare and digital health startups 8. India's digital health stack (ABDM, DPDP Act) and cross-border compliance He is available for expert quotes, background commentary, and contributed articles on healthcare IT, AI compliance, cybersecurity, digital health, and the evolving regulatory landscape for AI in regulated industries. Vijay can also connect journalists with healthcare CTOs, compliance officers, and digital health founders within VertiComply's network for additional sourcing. Based in Ahmedabad, India, Vijay leads VertiComply alongside co-founder and CTO Garvita Solanki, who brings 15 years of engineering experience.

CISO and advisor helping FinTechs turn DORA/NIS2/PSD2, PCI DSS, ISO 27001, and GDPR into practical resilience and business value. 20+ years across architecture, incident response, and program build-out. I prioritise KPIs, clear board communication, and continuous improvement, not checkbox compliance. Highlights: led DORA/NIS2 readiness for cross-border teams (faster audits; 30%+ lower regulatory risk), stood up vCISO/vDPO programs with cloud-native controls, vendor risk, and privacy automation. Community: OWASP Riga and Cloud Security Alliance Chapter Lead. Need to get regulator-ready? Let’s connect.

Josh Fleming is the Risk Advisory & GRC practice lead at Echelon Risk + Cyber, where he helps organizations strengthen resilience against today’s most complex cyber and physical threats. He brings a unique ability to bridge technical expertise with executive strategy, enabling leaders to make confident, informed decisions during both preparation and crisis. With extensive experience across industries such as healthcare, manufacturing, financial services, and energy, Josh has partnered with organizations to identify risks, fortify defenses, and implement effective governance strategies. His work spans from building incident prevention programs to leading executive tabletop exercises, risk assessments, and crisis response planning. Josh regularly advises executive teams, C-suites, and boards on incident response readiness and strategic risk management. He is known for developing actionable frameworks and clear decision-making playbooks that reduce risk exposure, accelerate response, and build stakeholder trust. As an industry thought leader, Josh is committed to advancing the conversation around governance, risk, and compliance. He stays at the forefront of emerging trends and regulations, particularly in areas such as AI governance and cybersecurity resilience, to ensure his clients and partners are not only compliant, but future-ready. Above all, Josh is recognized as a trusted advisor who combines technical depth, business acumen, and a client-centric approach to deliver lasting value. His mission is to help organizations move beyond compliance to achieve true resilience and competitive advantage in an evolving risk landscape.

As a Digital Privacy Advocate and Lead SEO at Adult Advisor, I specialize in auditing digital platforms for user safety, subscription transparency, and data security. My work involves reverse-engineering complex web architectures and ensuring platforms adhere to strict consumer protection standards. With extensive experience in technical SEO and digital marketing, I help bridge the gap between user experience and web security, analyzing how online ecosystems can protect consumers from predatory billing and data breaches. I frequently share insights on technical SEO strategy, affiliate marketing, and digital privacy.

As a strategic advisor, alliance builder, and subject matter expert with over two decades of experience, I help global enterprises and public sector organisations navigate the complexities of data management, eDiscovery, and cyber risk in an era of accelerating digital regulation and unstructured data growth. My background spans leadership roles in enterprise technology sales, consulting, and service delivery, focusing on data-intensive environments where compliance, litigation readiness, and operational intelligence are critical. With hands-on experience in incident response, breach investigation, and regulatory frameworks like GDPR and NIS2, I’ve helped organisations transform reactive data chaos into strategic business insight. Through my consultancy work, I lead programmes that address the core challenges enterprises face today: outdated storage architectures, fragmented data strategies, and the proliferation of ROT (redundant, obsolete, and trivial data) and “dark data” information collected but never utilised. I enable clients to regain visibility, reduce risk, and comply with strict data retention requirements such as GDPR’s 7-year rule, DSARs and Right to be Forgotten. My expertise is underpinned by next-gen tools like Lightning IQ capable of indexing up to 1.3 billion files per hour enabling scalable, low-impact analysis of petabyte-scale unstructured data environments. This supports advanced use cases, from compliance and litigation readiness to AI enrichment, ESG reporting, and cloud transformation. Whether advising C-level stakeholders, partnering with global system integrators, or leading high-impact data optimisation projects, my goal is always the same: to convert complexity into clarity, and risk into opportunity.

Founder & CEO of Genbounty - AI safety & compliance testing. Genbounty is a an AI safety testing hub and provider of EU AI Act compliance and certification. About me AppSec SME, AI Engineer, Developer | BSc, MBA, PRINCE2, CompTIA+, CISSP

At Trainings Time, we believe learning shouldn’t be limited by time. As a dedicated Compliance Training Provider, we offer flexible, expert-led courses designed to fit into your busy life. From live sessions to on-demand webinars and CEU-accredited programs, our goal is to help you stay ahead in your career without added stress. Whether you’re chasing professional growth or meeting compliance goals, we’re here to make learning easy, affordable, and truly impactful—whenever and wherever you need it.

As a Cybersecurity Auditor operating at the intersection of complex digital infrastructures and human systems, my mission is to build resilience in an increasingly volatile world. With over 20 years of experience in Global MNCs, I’ve realized that protecting a network is only half the battle; the ultimate firewall is the clarity and alignment of the professional mind. ​I am a published author of three works that explore the architecture of security and the science of patterns: ​'The Interview': A deep dive into the technical and psychological nuances of Cybersecurity. ​'Cosmic Catalyst' & 'Beyond Constellations': Research into systemic cycles, predictive analytics, and ancient pattern-recognition frameworks. ​ My methodology is unique. By day, I audit global cybersecurity frameworks for US-based clients. Beyond the code, I am a dedicated researcher of Bio-Energetic Systems and Chronobiological Trends. I have successfully applied these 'multidimensional' patterns to predict global events and organizational shifts with high accuracy—bridging the gap between the measurable and the metaphysical. Through my research I offer high-performance philosophy to fellow cybersecurity professionals. My goal is to help leaders navigate 'zero-day' life challenges with the same precision they apply to their digitalecosystem. ​ I believe the future of leadership belongs to those who can traverse both the logical and the intuitive. I am here to help you audit your path to sovereign success.

I have over 30 years experience as an Electrical Engineer, Technical Writer, and Documentation Manager. I worked in technical areas including avionics, systems integration, mobile software, SaaS. Several years ago I left the corporate world to care for sick parents. I supported myself building websites, writing technical “how-to” books, and leading online courses. Now, with family issues behind me, I have the time to take on some freelance clients. My atypical career path taught me to work well with a wide range of clients and audiences. Clients like Honeywell and Microsoft, McGraw-Hill and other book publishers, even pre-IPO startups. Audiences from computer beginners, to B2B buyers, to engineers building aircraft systems. I'm skilled at learning complex technologies like VPNs and cryptocurrencies. And I excel at turning that raw data into understandable content for a target audience. I am looking to contribute to projects that need these skills. I'm particularly interested in subjects that empower individuals such as online privacy.

Shyam Gajula is a Cybersecurity Professional specializing in Endpoint Security, Identity & Access Management (IAM), Zero Trust Architecture, and Cloud Security with 9+ years of experience securing enterprise and hybrid environments. He helps organizations strengthen security posture by implementing identity-centric architectures, continuous risk reduction frameworks, and compliance-focused controls across AWS, VDI, and distributed infrastructures. Shyam holds the AWS Certified Solutions Architect credential and has hands-on expertise in cloud security design, endpoint hardening, authentication frameworks (including SAML 2.0 / SSO), access governance, EDR/agent policy optimization, and secure cloud operations. His research and practical work focus on real-world defenses against modern threats, endpoint risk scoring, and identity-driven security automation. He is a published cybersecurity researcher, an international keynote speaker, and serves as a judge and evaluator for global cybersecurity awards and innovation competitions. Shyam frequently contributes to peer review panels and provides expert insights on best practices for Zero Trust adoption, cloud risk mitigation, and securing modern digital workplaces. Orcid Research Profile: https://orcid.org/0009-0001-4279-9629

For over 20 years, I've been on the front lines of cybersecurity, working with global organisations to help them answer critical questions like: "How effective are our security measures against a cyber attack?" My passion is empowering companies to identify and fortify their attack surface. I help leadership teams evaluate their security stack's effectiveness and build actionable roadmaps. Some of the topics I cover are Enterprise cybersecurity and strategy, culture and how it impacts cyber resilience. Emerging attacks and attacker innovation in ransomware and increasingly AI security risks. This passion for sharing actionable knowledge is why I also started writing my blog. It's my way of sharing ideas and providing insights for enterprise security defenders and educate the wider community. In my day-to-day role at Pentera, I lead a team of talented security engineers. We partner with leading organisations who are ready to embrace change. As a speaker and mentor, I enjoy challenging the norms, introducing disruptive technologies, and sharing best practices to raise the bar.

Michel Fotsing is a CISSP-certified cybersecurity architect specializing in AI governance for organizations navigating emerging regulations (EU AI Act, NIS2, Quebec Law 25, GDPR). He consults for Quebec's government through Levio and serves on the ISC2 Exam Review Commission, contributing to international cybersecurity certification standards. Author of "L'Architecte Numérique: Orchestrer les intelligences à l'ère de l'IA" (2026, distributed by Hachette), he developed the Three Zones Framework for classifying AI-augmented security decisions. He also created StructureClerk.ca, a free compliance tool covering 169 jurisdictions. Michel can speak to: AI governance and shadow AI risks for businesses, cybersecurity strategy for SMEs, the human-AI decision boundary in critical systems, and data privacy compliance across international frameworks.

A pragmatic leader with experience guiding, building, and scaling cybersecurity and privacy programs across sectors. I formerly led the Information Security program for Udemy an EdTech firm. Implemented company-wide cybersecurity and data privacy governance programs for payment organizations, Led service delivery strategy, audits and penetration testing engagements for Consulting organizations and help company stakeholders understand likely business threats and practical methods to minimize risk.

Cybersecurity leader and straight-talking advisor with global experience who turns complex risks into clear action, helping Australian organisations make smarter, defensible security decisions. ____________________________________________________________________ Adri has spent nearly three decades on both sides of the security equation, as a global cybersecurity manager for a major European corporation, embedded in the Visa payment network across South America, and as a trusted adviser to countless Australian organisations in government, financial services, energy, education and beyond. Having lived the client side of security decisions, he brings a clarity that most consultants can't: he knows what a board actually needs to hear, not what a technical team wants to say. Adri is passionate about mentoring the next generation of cyber professionals and hosts Cliffside's free fortnightly sessions on our YouTube channel. -Global cybersecurity manager, European multinational -Visa payment network security, South America -ISO 27001 Lead Auditor since 2008 -Security architecture & vCISO practice lead -APRA CPS 234 & Essential Eight practitioner Free fortnightly mentoring on YouTube