January 2023 Chapter Meeting - Virtual / Online Only

When:  Jan 19, 2023 from 12:00 to 14:00 (MT)
Associated with  Denver Chapter

Raising the Bar on Third Party Risk Management

This will be an online only event Zoom only


  • 12:00-12:10  Chapter Business
  • 12:10-2:00  Speaker: Raising the Bar on Third Party Risk Management

Learning Objectives:

  • Raise functional level
  • Become fluid - as being flexible is too rigid!
  • Become a "Value Add" partner

Speakers: Tom Garrubba  & Dan Desko

Tom Garrubba, Director of TPRM Professional Services, Echelon Risk and Cyber

Tom Garrubba, Director of TPRM Professional Services at Echelon Risk and Cyber, is an internationally recognized thought leader, lecturer, commentator and blogger on business, cyber and privacy risk. With his more than 20 years’ experience in cyber, privacy, audit and compliance, and consulting, he’s provided thought leadership to organizations of all sizes and for countless industry outlets including Forbes, Bloomberg, The Washington Times, SC Magazine, Corporate Compliance Insights, Risk.net, CIO Magazine, Government Health IT, Future of Outsourcing Magazine, and ISACA. He’s authored the chapter on Third Party Risk for the Risk.net book “Cyber Risk” and has been featured on numerous podcasts including Business Security Weekly and the Virtual CISO Podcast. He is also an instructor for the Shared Assessments’ Certified Third Party Risk Professional (CTPRP) and Assessor (CTPRA) programs.

Previously, Tom was a Vice President at Shared Assessments where he was both a SME and their CISO. He was also a Senior Privacy Manager at a Fortune 10 US-based Healthcare company where he implemented and managed a world-class third party/vendor risk program. He is a member of the Forbes Technology Council and the InfraGard – Pittsburgh chapter. He also serves on the Board of Directors for the Pennsylvania-based non-profit, Pathways and serves as a 1st Lieutenant in the US Civil Air Patrol. He has earned both his BS and MS and Robert Morris University and holds the following certifications - Certified Information Systems Auditor (CISA), Certified in Risk & Information Systems Controls (CRISC), Certified Information Privacy Technologist (CIPT), Certified Third-Party Risk Professional (CTPRP), and the Certified Third-Party Risk Assessor (CTPRA).

 Dan Desko, CEO & Managing Partner Echelon

Dan is the CEO & Managing Partner at Echelon. He has nearly 20 years of experience within information technology, audit, risk and cybersecurity. Prior to Dan’s career in audit and cyber security, he worked in the technology departments of a Fortune 150 manufacturer and a Fortune 50 healthcare insurance provider. Prior to joining Echelon, Dan was a partner at a top 60 public accounting firm in the United States, where he led and built an IT Risk Advisory and cybersecurity practice from 4 employees to 40. Dan has a long track record building capable teams and establishing and offering new and innovative lines of professional services to meet the unique needs of his clients.

Dan has experience providing internal audit co/outsourcing and security consulting services across various industries. Services he has provided include Sarbanes-Oxley 404 control design and testing, SSAE 18 (SOC 1), (SOC 2 & 3 including SOC 2+) control design/testing/report development, vendor risk management consulting (SIG, AUP and VRMMM), general computer control development and testing, IT risk assessment/analysis, information security program development, network security assessments, internal and external network penetration assessments, information systems general control reviews, information security and privacy assessments (GLBA, HIPAA, ISO 27001, FFIEC cyber security, CMMC, GDPR and NIST), PCI-DSS compliance services, data analysis, business continuity and disaster recovery plan development and testing.



Online Instructions:
Url: http://cvent.me/0RDwAm
Login: Logon details will be provided when the event is finalized


Don Mapes