Home Services Cybersecurity and Privacy Advisory Services

Cybersecurity and Privacy Advisory Services

Fundamental to every organization’s continuity and success is protecting systems, networks and information resources from attack, damage and unauthorized access. To help our clients achieve this vital imperative, our cybersecurity and privacy professionals serve as trusted advisors, assessing and measuring security across the full range of IT environments and recommending practical, effective solutions.

Meet The Leader


Thomas DeMayo
Managing Partner, PKF Advisory


View Bio 

Safeguarding system, network and information resources while promoting data-driven growth.

Expertise. Talent. Commitment.

Accredited in all aspects of information technology, privacy and cybersecurity, our engagement team members recognize the intricacies of today’s interconnected global marketplace. They translate complex issues clearly, enabling sound decision-making by senior management and board members.

Our specialists also acquire an in-depth understanding of our clients’ organizations and operations in order to customize internal education programs. Not only does this provide employees with an enhanced awareness of cybersecurity and privacy threats, it also enables them to identify their own roles in protecting the organization and its data.

Our comprehensive services include:

  • Cybersecurity and Privacy Assessments
    • Vulnerability Assessments and Scanning
    • Threat Modeling
    • Security and Privacy Awareness Training
    • Privacy Notice Development and Review
    • Configuration Reviews
  • Privacy Regulation Compliance Support
    • General Data Protection Regulation (GDPR)
    • California Consumer Privacy Act (CCPA)
    • Family Education Rights and Privacy Act (FERPA)
  • Virtual Chief Information Security Officer (vCISO) and DPO
  • M&A IT and Cyber Due Diligence
  • Network Penetration Testing
  • Web Application Testing
  • NIST Cybersecurity Framework
  • CMMC/NIST 800-171, RMF/NIST800-53
  • SEC Cyber and Privacy Regulations
  • Strategy and Program Development
    • Incident Response
    • Disaster Recovery
    • Business Continuity
  • Digital Forensics
    • Server/PC/Laptop/Cloud/Mobile Devices
  • HIPAA Security Rule Compliance Reviews and Risk Assessments
  • PCI-DSS Gap Analysis and Scope Reduction Assessments
  • SEC OCIE Cybersecurity Assessments
  • FFIEC Cybersecurity Assessment
  • NY DFS Cybersecurity Assessments and Compliance (23 NYCRR Part 500)
  • ISO 27001 Framework Assessments

When it is impractical to employ a full-time IT senior security professional, securing the expertise of a virtual Chief Information Security Officer or “vCISO” is essential. Our vCISO program provides an experienced information security and data privacy professional to help reduce data, privacy and regulatory risk and protect against reputational and financial liability. Collaborating with an organization’s internal teams, our vCISO professionals help develop strategic corporate security goals, implement and monitor effective IT governance, assure adherence to security policies and procedures, protect against threats and respond to breaches immediately and effectively.

Combining in-depth assurance and tax accounting experience with forensics, analytical and litigation finesse, we help today’s organizations identify occurrences of fraud, internal policy violations and compromised security. Leveraging backgrounds in new and emerging technologies, threats and trends, we investigate the full range of devices that store digital data – from mobile phones, USBs, tablets and computers to social media, cloud environments, file and mail servers. Supporting clients in both the private and public sectors, we help design prevention strategies, pursue vulnerabilities and resolve incidents for corporate human resources, legal and internal audit departments as well as defense and prosecuting attorneys, law enforcement officers and government representatives.

To protect against the debilitating seizure of corporate credentials, we help detect stolen assets and other personally identifiable information (PII) before they can be used for identity theft, data breaches or other crimes. Deploying both human and artificial intelligence, we operate continuously in areas where confidential information is most vulnerable, including criminal chat rooms, websites, blogs, bulletin boards, botnets, peer-to-peer networks, forums, private networks and other black-market sites. Our advanced credential monitoring capabilities are the same as those used by numerous Fortune 500 companies and have proven indispensable at preventing the disastrous consequences of Dark Web crime.

A sound data governance framework directs an organization’s data asset management, encompassing security, privacy, integrity, usability, integration, compliance, quality, availability and associated data flows. To help businesses become data-driven, we design standardized controls, policies, procedures and best practices to manage, utilize and protect data assets – all critical to improving data quality, reducing data risk and gaining insights that maximize value and optimize decision making and communication.

To secure mandated cybersecurity certification and enhance DoD contract competitiveness, defense contractors and suppliers rely on us for independent third-party accreditation, readiness assessments and compliance implementation. This vital certification affirms the level of “maturity,” or effectiveness, of a prime or subcontractor’s cybersecurity safeguards. We evaluate the full range of technology platforms and engineer customized solutions to protect classified information resources. We produce clear, easily understood findings and can help correct compliance deficiencies.