IT Compliance Experts 2025

I’m a lifesciences compliance strategist with a passion for building real-world, right-sized programs in fast-moving environments. With deep experience in pharma and medtech, I specialize in translating regulatory complexity into practical, actionable frameworks. I’ve spent 7+ years navigating the gray areas of compliance—from training physicians on industry expectations to building startup programs from the ground up. I believe compliance should be ethical, functional, and human-centered—and that culture is built through clarity, storytelling, and respect, not fear. Outside of policy and audits, I speak regularly on startup compliance and love turning “boring” topics into memorable moments. I'm here to connect, create, and contribute.

With 20+ years' of experience in risk management and IT security, I excel at crafting secure, compliant, and efficient frameworks for businesses navigating complex regulatory landscapes. My expertise lies in developing Information Security Management Systems (ISMS) that achieve ISO 27001 certification, achieving up to 80% cost reduction in security implementations compared to traditional approaches. As an EC-Council subject matter expert for the CEH certification, my knowledge in ethical hacking and cybersecurity is both deep and broad. I take pride in the iO-GRCF , my proprietary framework designed to streamline and simplify cross-compliance. My goal is to foster partnerships within the industry to address governance, risk, and compliance challenges, while offering IT companies lucrative compliance, gap assessment, and penetration testing solutions.Professional Goals:* Forge partnerships with industry leaders to collaboratively tackle governance, risk, and compliance challenges.* Generate leads with IT companies to offer streamlined compliance, gap assessment, and penetration testing solutions, providing them with new revenue streams.Interests:Follow and engage with industry leaders and organizations that are at the forefront of cybersecurity, compliance standards, and IT innovations.

Shwetha Babu Prasad is a data security and privacy professional, speaker, and published author with nearly a decade of experience in information security. Her work focuses on advancing practical, engineering-driven approaches to protect sensitive data and reduce systemic data exposure risks. She has experience implementing data protection controls across enterprise systems to mitigate the risk of sensitive data exposure. She is the author of Why Websites Fail at Data Protection and Privacy and Data Security in the Age of AI. An active member of ISC2 and the Information Systems Security Association, she contributes to industry initiatives aligned with National Institute of Standards and Technology frameworks through the ISSA Resilience Special Interest Group. Her work advances practical, engineering driven data protection and privacy capabilities, strengthening cyber resilience across enterprise and critical infrastructure environments.

I spent eight years in cloud infrastructure and site reliability engineering before founding CRA Evidence. During that time I scaled and secured high-traffic systems for companies including Deutsche Telekom and FREE NOW. That work shaped how I think about compliance. At real scale, you learn how quickly software supply chains fracture, and how hard it is to keep track of every dependency, patch, and third-party component. Security that actually holds up gets built into the systems people use every day. It doesn't live in a folder of documents. CRA Evidence brings that thinking to the EU Cyber Resilience Act. Reporting obligations are live from September 2026 and the full requirements land in December 2027, so manufacturers and importers have to rethink how they handle product security. A lot of them are treating it as a legal problem when the real work is engineering. We help them generate, scan, and track their Software and Hardware Bills of Materials (SBOMs and HBOMs) right inside their developer pipelines, so meeting EU regulations becomes part of how they build instead of a separate process bolted on afterward. I look at the CRA the way an SRE would, not an auditor. My focus stays on what teams can realistically automate and ship.

Regulatory compliance consultant and trainer based in Cyprus, specialising in EU financial services regulation. CFA charterholder with CySEC Advanced and AML certifications. Founder of CPDs.Academy, a CySEC-accredited online training platform for compliance professionals. Former Head of Compliance at XM (Trading Point) and founder of Hesper Capital, a CySEC-authorised AIFM. Available to comment on MiFID II, MiCA, AML/CFT and the EU AML Package, DORA, market abuse and insider dealing, CySEC enforcement, suitability and product governance, and the EU Retail Investment Strategy. Recent regulatory analysis has covered MiCA implementation across the EU, MAR insider dealing enforcement, MOKAS findings on financial crime in Cyprus, and ESMA's 2025 supervisory action on marketing communications. Educated at Bayes Business School, City, University of London. Writes regularly for CPDUK and publishes regulatory analysis at CPDs.Academy.

I have 24 years of experience in the credit counseling industry, specializing in operations, compliance, debt management, and consumer financial education. As Senior Manager of Compliance and Media at Money Fit, I ensure our programs meet strict standards for integrity, accuracy, and regulatory compliance. I am a HUD Certified Housing Counselor and serve on the Board of Directors for the Financial Counseling Association of America (FCAA). My work focuses entirely on nonprofit credit counseling. I help consumers understand the clear mechanics of regulated debt management versus the risks tied to for-profit debt settlement. Consumers deserve straightforward financial guidance that is realistic, responsible, and built for actual progress.

I’m Eric Garcia, the CEO of SentrIQ Labs. I have over 15 years of experience in cybersecurity, working across federal, defense, and cloud environments to help organizations design, implement, and defend security programs in highly regulated spaces. My background includes hands-on involvement with authorization processes, security control assessments, policy development, and executive-level risk advisory, with a strong focus on cybersecurity frameworks. Before founding SentrIQ Labs, I worked with organizations ranging from early-stage SaaS companies to large defense contractors, helping them navigate compliance demands without losing sight of operational reality. I have spent years inside the authorization process, working directly with engineers, compliance teams, and leadership to translate dense regulatory requirements into security controls that can actually be implemented and sustained. At SentrIQ Labs, my focus is on applying AI to reduce friction in cybersecurity compliance and audit readiness. That includes automating evidence collection, control mapping, and documentation workflows while preserving human judgment where it matters most. I am particularly interested in how AI changes the future of GRC, the risks introduced by poorly governed AI systems, and how companies can adopt automation without increasing their attack surface. I regularly share insights on cybersecurity compliance, AI development, and the evolving threat landscape, with an emphasis on practical, defensible security programs that align with real business risk rather than checkbox compliance.

Senior Compliance Specialist dedicated to bridging the gap between complex regulation and practical engineering. Over a decade of hands-on experience in EMC, Product Safety and Global Market Access. Currently focusing on Cybersecurity.

Vijay Amin is the Founder & CEO of VertiComply, an AI-powered no-code platform that generates owned, exportable, production-ready healthcare app code with 15+ compliance frameworks enforced at the code level — including HIPAA, GDPR, SOC 2, FDA 21 CFR Part 11, EU AI Act, ISO 27001, HITRUST, ABDM, and DPDP. With 21 years of enterprise IT experience across healthcare, cloud infrastructure, and AI, Vijay has spent his career at the intersection of highly regulated industries and emerging technology. He founded VertiComply after seeing the same pattern repeat across digital health teams: AI-generated code that looked compliant but failed the moment a real audit, security review, or partner onboarding arrived. The platform is built for healthcare startups, digital health teams, and non-technical founders who need to ship fast without compromising on ownership, security, or regulatory rigor. Vijay's areas of expertise include: 1. Healthcare data privacy and HIPAA compliance 2. AI-generated code risk in regulated industries 3. The EU AI Act and its impact on US healthcare and digital health companies 4. Multi-framework compliance overlap (HIPAA + GDPR + FDA 21 CFR Part 11 + SOC 2) 5. No-code and low-code platforms for healthcare app development 6. Cloud security and infrastructure for HIPAA-regulated workloads 7. Compliance challenges for early-stage healthcare and digital health startups 8. India's digital health stack (ABDM, DPDP Act) and cross-border compliance He is available for expert quotes, background commentary, and contributed articles on healthcare IT, AI compliance, cybersecurity, digital health, and the evolving regulatory landscape for AI in regulated industries. Vijay can also connect journalists with healthcare CTOs, compliance officers, and digital health founders within VertiComply's network for additional sourcing. Based in Ahmedabad, India, Vijay leads VertiComply alongside co-founder and CTO Garvita Solanki, who brings 15 years of engineering experience.

Cyber Security Consultant and Tech Enthusiast with 10+ years of experience helping businesses strengthen digital security, optimize technology strategies, and drive innovation across the Cyber Security, Business Consulting, Technology, and SaaS industries. Skilled in identifying security risks, implementing resilient solutions, and advising organizations on secure digital transformation initiatives. Passionate about emerging technologies, PKI, cloud security, SaaS ecosystems, and helping startups and enterprises build scalable, secure, and future-ready systems. Known for combining technical expertise with business insight to deliver practical solutions that enhance operational efficiency, compliance, and cybersecurity resilience.

CISO and advisor helping FinTechs turn DORA/NIS2/PSD2, PCI DSS, ISO 27001, and GDPR into practical resilience and business value. 20+ years across architecture, incident response, and program build-out. I prioritise KPIs, clear board communication, and continuous improvement, not checkbox compliance. Highlights: led DORA/NIS2 readiness for cross-border teams (faster audits; 30%+ lower regulatory risk), stood up vCISO/vDPO programs with cloud-native controls, vendor risk, and privacy automation. Community: OWASP Riga and Cloud Security Alliance Chapter Lead. Need to get regulator-ready? Let’s connect.

Josh Fleming is the Risk Advisory & GRC practice lead at Echelon Risk + Cyber, where he helps organizations strengthen resilience against today’s most complex cyber and physical threats. He brings a unique ability to bridge technical expertise with executive strategy, enabling leaders to make confident, informed decisions during both preparation and crisis. With extensive experience across industries such as healthcare, manufacturing, financial services, and energy, Josh has partnered with organizations to identify risks, fortify defenses, and implement effective governance strategies. His work spans from building incident prevention programs to leading executive tabletop exercises, risk assessments, and crisis response planning. Josh regularly advises executive teams, C-suites, and boards on incident response readiness and strategic risk management. He is known for developing actionable frameworks and clear decision-making playbooks that reduce risk exposure, accelerate response, and build stakeholder trust. As an industry thought leader, Josh is committed to advancing the conversation around governance, risk, and compliance. He stays at the forefront of emerging trends and regulations, particularly in areas such as AI governance and cybersecurity resilience, to ensure his clients and partners are not only compliant, but future-ready. Above all, Josh is recognized as a trusted advisor who combines technical depth, business acumen, and a client-centric approach to deliver lasting value. His mission is to help organizations move beyond compliance to achieve true resilience and competitive advantage in an evolving risk landscape.

As a Digital Privacy Advocate and Lead SEO at Adult Advisor, I specialize in auditing digital platforms for user safety, subscription transparency, and data security. My work involves reverse-engineering complex web architectures and ensuring platforms adhere to strict consumer protection standards. With extensive experience in technical SEO and digital marketing, I help bridge the gap between user experience and web security, analyzing how online ecosystems can protect consumers from predatory billing and data breaches. I frequently share insights on technical SEO strategy, affiliate marketing, and digital privacy.

As a strategic advisor, alliance builder, and subject matter expert with over two decades of experience, I help global enterprises and public sector organisations navigate the complexities of data management, eDiscovery, and cyber risk in an era of accelerating digital regulation and unstructured data growth. My background spans leadership roles in enterprise technology sales, consulting, and service delivery, focusing on data-intensive environments where compliance, litigation readiness, and operational intelligence are critical. With hands-on experience in incident response, breach investigation, and regulatory frameworks like GDPR and NIS2, I’ve helped organisations transform reactive data chaos into strategic business insight. Through my consultancy work, I lead programmes that address the core challenges enterprises face today: outdated storage architectures, fragmented data strategies, and the proliferation of ROT (redundant, obsolete, and trivial data) and “dark data” information collected but never utilised. I enable clients to regain visibility, reduce risk, and comply with strict data retention requirements such as GDPR’s 7-year rule, DSARs and Right to be Forgotten. My expertise is underpinned by next-gen tools like Lightning IQ capable of indexing up to 1.3 billion files per hour enabling scalable, low-impact analysis of petabyte-scale unstructured data environments. This supports advanced use cases, from compliance and litigation readiness to AI enrichment, ESG reporting, and cloud transformation. Whether advising C-level stakeholders, partnering with global system integrators, or leading high-impact data optimisation projects, my goal is always the same: to convert complexity into clarity, and risk into opportunity.

Founder & CEO of Genbounty - AI safety & compliance testing. Genbounty is a an AI safety testing hub and provider of EU AI Act compliance and certification. About me AppSec SME, AI Engineer, Developer | BSc, MBA, PRINCE2, CompTIA+, CISSP

At Trainings Time, we believe learning shouldn’t be limited by time. As a dedicated Compliance Training Provider, we offer flexible, expert-led courses designed to fit into your busy life. From live sessions to on-demand webinars and CEU-accredited programs, our goal is to help you stay ahead in your career without added stress. Whether you’re chasing professional growth or meeting compliance goals, we’re here to make learning easy, affordable, and truly impactful—whenever and wherever you need it.

As a Cybersecurity Auditor operating at the intersection of complex digital infrastructures and human systems, my mission is to build resilience in an increasingly volatile world. With over 20 years of experience in Global MNCs, I’ve realized that protecting a network is only half the battle; the ultimate firewall is the clarity and alignment of the professional mind. ​I am a published author of three works that explore the architecture of security and the science of patterns: ​'The Interview': A deep dive into the technical and psychological nuances of Cybersecurity. ​'Cosmic Catalyst' & 'Beyond Constellations': Research into systemic cycles, predictive analytics, and ancient pattern-recognition frameworks. ​ My methodology is unique. By day, I audit global cybersecurity frameworks for US-based clients. Beyond the code, I am a dedicated researcher of Bio-Energetic Systems and Chronobiological Trends. I have successfully applied these 'multidimensional' patterns to predict global events and organizational shifts with high accuracy—bridging the gap between the measurable and the metaphysical. Through my research I offer high-performance philosophy to fellow cybersecurity professionals. My goal is to help leaders navigate 'zero-day' life challenges with the same precision they apply to their digitalecosystem. ​ I believe the future of leadership belongs to those who can traverse both the logical and the intuitive. I am here to help you audit your path to sovereign success.

I have over 30 years experience as an Electrical Engineer, Technical Writer, and Documentation Manager. I worked in technical areas including avionics, systems integration, mobile software, SaaS. Several years ago I left the corporate world to care for sick parents. I supported myself building websites, writing technical “how-to” books, and leading online courses. Now, with family issues behind me, I have the time to take on some freelance clients. My atypical career path taught me to work well with a wide range of clients and audiences. Clients like Honeywell and Microsoft, McGraw-Hill and other book publishers, even pre-IPO startups. Audiences from computer beginners, to B2B buyers, to engineers building aircraft systems. I'm skilled at learning complex technologies like VPNs and cryptocurrencies. And I excel at turning that raw data into understandable content for a target audience. I am looking to contribute to projects that need these skills. I'm particularly interested in subjects that empower individuals such as online privacy.

Luke Irwin is a cybersecurity strategist, speaker, and Founder of Aegis Cybersecurity, an Australian consultancy focused on cybersecurity governance, risk, compliance, and strategic advisory. He works with organisations to strengthen cyber resilience through clearer leadership, stronger governance, and practical security programs aligned to business priorities. He is known for helping boards, executives, and business leaders understand cybersecurity as a whole-of-business risk rather than a purely technical issue. His work centres on translating complex security and compliance requirements into commercially grounded decisions that support resilience, accountability, trust, and long-term performance. Luke advises across frameworks and standards including ISO 27001, SOC 2, Essential Eight, NIST, and SMB1001. His experience spans cybersecurity strategy, security maturity uplift, policy and control development, third-party risk, governance improvement, and fractional CISO support, particularly for small to mid-market and regulated organisations. Alongside his advisory work, Luke is a regular speaker and industry commentator on cyber risk, governance, vendor risk, and modern security leadership. He is recognised for his direct, practical perspective and his ability to bridge the gap between technical security expectations and executive decision-making.

Strategist, advisor, mentor, author, speaker, and global cyber leader. Internationally experienced cyber security executive and senior advisor with 20+ years of service to the world's largest private and public-sector entities, Fortune 100 firms, US legislative and executive branches, and regulatory agencies.