Steven Ursillo CPA, CITP

Partner, Cherry Bekaert

Steve is a Partner in Cherry Bekaert's Risk Assurance & Advisory Services (RAAS) group and serves as the National Leader for the Information Assurance & Cybersecurity practice. He specializes in technology risk management, internal control over financial reporting, information system security, privacy, cyber fraud, cybersecurity governance, IT assurance and IT advisory services. 

With more than 20 years of experience, Steve provides a variety of IT audit and security services for his clients across multiple industries. His background and knowledge with risk assurance and advisory engagements include information security readiness, cybersecurity, security and privacy attestation services, third-party assurance including HITRUST, cyber risk assessments, vendor risk assessments, disaster recover reviews, privacy reviews, Service Organizational Control (SOC) reporting including SOC 1, 2 & 3, as well as other types of attestations and readiness assessments on third party criteria such as NIST, FFIEC, HIPAA/HITECH, ISO, PCI, ALTA, and CSA/CSM. 

In the area of information security, Steve’s experience ranges from security consulting and implementation to security assessments involving network and web application penetration testing. Steve holds several professional designations that are relevant to his experience and the firms’ practice consisting of the following: CPA, CIA, CGMA, CFE, CISA, CISM, CITP, CISSP, CGEIT, CRISC, CEH and CCSFP.

Steve is a nationally recognized writer and speaker on issues in the forefront of cybersecurity, risk and technology publications. He has delivered numerous presentations for various professional organizations and the public. In addition, Steve has provided end-user security awareness training to several clients’ staff, managers, directors, board members and to the general public. He has also performed live hacking demonstrations on simulation systems including network, wireless, mobile, application and web application attacks.