TOM SCOTT, CISA, CRISC, CISSP, PMP
Thomas Scott (Tom) is the Chief Information Security Officer for Synergi Partners, the largest privately owned tax credit, incentive consulting, processing company in the United States. He has been a key leader in the cyber education, cyber workforce development, and cyber protection efforts in both South Carolina and across the nation.
Tom recently led the cybersecurity team at South Carolina’s Medicaid agency protecting the data and privacy of the State’s most vulnerable citizens. In this role, he led a team in managing a $5.2M security and compliance budget for a $8.8B enterprise. Prior to that he completed a two-year grant-funded project at the University of South Carolina developing a cyber ecosystem within the Palmetto State. These efforts have led to the development of the CyberSC initiative supporting both a cyber education-oriented Foundation and corresponding Professional Trade Association.
With over 30 years of State Government experience in both Florida and South Carolina, Tom has developed a wealth of knowledge and experience in protecting State critical infrastructure and cyber assets.
He currently holds certifications in information security, information auditing, security leadership, critical infrastructure protection and project management – And is also recognized as a FEMA Continuity of Operations Planning (COOP) Practitioner. He is a former member of the Governor's Critical Infrastructure Cyber Security (CICS) task force, the Maritime Association of South Carolina’s cybersecurity committee and also works closely with the SC Army National Guard and SC State Guard cyber units.
Tom is an active member of the FBI’s InfraGard program having led the IMA (Infragard Members Alliance) formation efforts of the Tallahassee chapter and having served as its initial President. He recently served the SC Infragard Chapter in the role of Executive Vice President.
He has actively participated in the federal information security community by serving as an elected member of the MS-ISAC’s Executive Committee as well as participating on the NIST/NICE Competitions Workgroup and the NICE K12 Conference Committee. Tom serves as the Past President of the SC ISACA (Information Systems Audit and Control Association) chapter.
In South Carolina, he participates as a member on industry advisory boards for the USC Integrated IT program, ECPI University-Charleston, ECPI-Columbia, Charleston Southern, and LexRich5 Center for Advanced Technical Studies and the Dutch Fork High School Cyber program. He is committed to helping the legal community address cybersecurity by participating as a member of the USC School of Law Cyber Task Force.
In his community, Tom is working actively as a volunteer and soccer referee for various youth groups.
Course Descriptons:
"5 Stages of Cyber Grief Abstract:"
In the face of increasing cyber threats, organizations often experience emotional and strategic challenges that hinder their ability to build a resilient cybersecurity culture. In this engaging presentation, Tom Scott, Executive Director of CyberSC and Founder of Cybersecurty consulting firm ‘CyberSherpas’, explores the 5 Stages of Cyber Grief—Denial, Anger, Bargaining, Depression, and Acceptance—as outlined in Mathieu Gorge’s Cyber Elephant in the Boardroom. These stages reflect the common organizational responses to cybersecurity challenges, from dismissing risks to feeling overwhelmed by regulatory demands.
Through real-world examples and actionable insights, Tom Scott will guide attendees in identifying these stages within their organizations and provide practical strategies to navigate and overcome them. Attendees will learn how to foster cyber accountability, shift from reactive to proactive strategies, and build a culture of resilience. This session is essential for leaders looking to elevate their organization's cybersecurity posture and thrive in today’s digital landscape.
"Business Email Compromise Abstract:"
In the digital age, Business Email Compromise (BEC) has emerged as a sophisticated threat that can lead to significant financial losses for organizations of all sizes. Tom Scott, a seasoned cybersecurity expert with over three decades of experience, offers a deep dive into the dynamics of BEC and its implications for businesses. Drawing from a notable incident managed during his tenure as Chief Information Security Officer, Scott outlines the sophisticated methods employed by cybercriminals to manipulate internal communications and authorize fraudulent transactions.
In his presentation, Scott will dissect a BEC scenario that targeted his organization, detailing the initial detection, rapid response, and the critical steps taken to prevent financial loss. He emphasizes the importance of multi-factor authentication, real-time monitoring, and the need for continuous employee education to recognize and respond to phishing attempts. Through his comprehensive analysis, Scott will provide actionable strategies to enhance email security protocols, implement effective preventative measures, and develop a structured rapid response plan for cybersecurity threats.
Attendees will gain valuable insights into best practices for safeguarding against BEC, enhancing their understanding of both technological and procedural defenses. Scott’s session is designed to equip attendees with the knowledge and tools necessary to fortify their organizations against the ever-evolving landscape of email-based threats.
DAVID VARNER, CIA, CISA, CMA, CFE, CRMA, CFSA, CFM
David has 25 years of extensive, firsthand experience within multiple industries. He has served as a Chief Audit Executive for two publicly traded companies. David’s experience includes assignments for companies located in the United States and abroad.
David earned his Master of Business Administration (MBA) from Elon University and his Bachelor of Science in Accounting from the University of North Carolina at Greensboro. He also holds each of these distinctive certifications:
• Certified Internal Auditor (CIA)
• Certified Information Systems Auditor (CISA)
• Certified Management Accountant (CMA)
• Certified Fraud Examiner (CFE)
• Certification in Risk Management Assurance (CRMA)
• Certified Financial Services Auditor (CFSA)
• Certified Financial Manager (CFM)
Course Description:
"Building A Lasting Enterprise Risk Management Program For Your Organization"
Presentation Description: Enterprise Risk Management (ERM) is an important tool that Managers can use to safeguard an organization’s success and address risks before they can develop into larger issues. This workshop will guide you through the process of managing risks, from assessment to action, with a focus on practical and effective strategies. You will learn how to evaluate risks, prioritize responses, and develop meaningful risk metrics that are easy to track and use. By the end, you’ll be equipped to build a strong risk management program that supports your organization’s stability and long-term goals.
LISA CARTER
Lisa Carter is the founder of SpartanTec, Inc, a top technology provider of IT Services across North Carolina and South Carolina. In Cyber Security for more than 20 years, Lisa is quick to point out that for everything that touches an organization’s network, “Security is Key”. In fact, Lisa has always known that she wanted to work in IT security. Armed with a Bachelor in Marketing, and experience selling managed firewalls, she recognized a need in the marketplace and SpartanTec was born.
With more than 23 years under her belt, she now proudly leads a dynamic engineering department and sales team and ensures all SpartanTec clients are handled with the highest quality and professionalism.
A Loris, South Carolina resident, Lisa enjoys reading and hanging out with her husband Chris and their 2 daughters, Kinsey and Lauren.
Course Description:
In today's interconnected digital landscape, safeguarding information has become more critical than ever. "Cybersecurity Essentials" delves into the fundamental principles and practices necessary to protect sensitive data from ever-evolving cyber threats. This presentation will equip you with the knowledge to identify potential vulnerabilities, implement robust security measures, and respond effectively to incidents, ensuring the integrity, confidentiality, and availability of your digital assets. Join us as we explore the core components of cybersecurity, empowering you to secure your digital environment confidently.
CLIFTON DAVIS, CISA, CRISC, CDPSE, CISSP
Clifton Dickens has spent 30 Years in Information Technology and Information Security. He has worked for organization in the private sector, fortune 500, state and local government.
Over the years Clifton has held positions as: Information Security Officer (ISO), Manager of Information Security, Sr. Information Security Analyst and Sr. Information Security Auditor. Clifton has certifications from ISACA such as the CISA, CRISC, CDPSE and the CISSP from ISC2. Mr. Dickens also holds 6 SANS certifications in security, legal, and audit.
Currently Cliff is the Information Security Manager for a Virginia based organization and the ISACA Virginia Chapter President. He is an accredited ISACA instructor for several ISACA certification as well as a global cyber mentor. Several times a year he presents in-person at security conferences around the country and via webinars. His lectures have spanned topics on Artificial Intelligence, the importance of legal considerations in Cybersecurity, and Cybersecurity equality for The National Association of African American Studies.
Course Description:
"How to Ensure Vendor Compliance & Mitigation of Third-Party Risks.
Ensuring vendor compliance and mitigating third-party risks resemble a three-body problem, where the dynamic interactions between risk, governance, and compliance create a complex and often chaotic landscape. This presentation explores strategies to manage these interdependent forces, emphasizing structured frameworks for compliance, continuous monitoring, and robust risk mitigation practices applied to third-party vendor management techniques. By drawing parallels to the unpredictable yet manageable nature of the three-body problem, we demonstrate how good governance, clear contractual language, and a culture supportive of compliance goals can stabilize relationships and minimize risks. Attendees will leave equipped with actionable insights to harmonize these forces and safeguard organizational assets and interests.
