John G. Roman, Jr. | CISSP
John is the President & Chief Operating Officer of the Bonadio Group’s cybersecurity division, FoxPointe Solutions. John is also Chief Information Officer of The Bonadio Group. For FoxPointe Solutions, he is responsible for all aspects of the operations of a national cybersecurity consultancy. In his CIO role, he is responsible for the firm-wide information technology strategy of a national, multi-million-dollar accounting firm. He has over 35 years of information technology/security experience. He is a published writer, featured speaker, and press advisor relating to information security and technology trends.
- IT Management
- Virtual CIO/CISO
What do you focus on?
My primary focus is on assisting our FoxPointe Solutions clients with strengthening their overall information security postures at both organizational and departmental levels as their virtual CIO and CISO. As CIO of The Bonadio Group, it is my responsibility to provide strategic IT direction on how technology can be used to better serve our employees and clients within the accounting and audit business.
I manage the day to day business operations of the firm’s cybersecurity consultancy that focuses on assisting our clients with compliance/attestation, IT audits, vendor risk management, and penetration testing.
Information Technology Strategy
Working with Bonadio management, I lead the firm’s information technology strategy in terms of high availability, information security, employee productivity, and client collaboration.
Information Technology Management
I am currently responsible for the firm’s 99.99% uptime of information technology for 725-users including two redundant data centers and over thirty employees.
I am the firm’s primary focal point for the confidentiality, integrity, and availability of information systems, employee, and client data. My role is ensuring the firm has the appropriate, policies, procedures, and controls to mitigate the risks associated with cyber threats.
During my tenure at Nixon Peabody, I was a member of the firm’s data privacy and security practice advising clients on a range of information security compliance, trends, and challenges. Most recently, I led the effort to get Nixon Peabody ISO 27001 information security certified. I also consulted with Nixon Peabody clients on the development of information security readiness and policies and procedures, as well as planning for adherence of state and federal security regulations.
I am also an adjunct professor at The Rochester Institute of Technology and Monroe Community College where I teach information security, legal technology, and law firm practice management.
Articles on professional services management, e-discovery, and security in:
- “Can't Afford a Full-time CISO? Try the Virtual Version”, Dark Reading, December 1, 2020
- Auditmatics Tech Talk Series, May 2020
- “With 5G comes increased awareness of bad actor opportunities”, Rochester Business Journal, February 18, 2020
- “Cybersecurity Experts and Forensic Accountants – “Did We Just Become Best Friends?”, FoxPointe Security Hub Blog, November 8, 2019
- “Companies look to employees to stop phishing attacks”, Rochester Business Journal, October 30, 2019.
- “What every New York business needs to know about cybersecurity”, Crain’s NY, October 24, 2019.
- “9 Tips to Safely Use Cloud Storage,” Law Technology News, May 29, 2014
- “Panic Panacea: Bring E-Discovery Inside Your Law Firm,” Law Technology News, September 11, 2013
- “SPEED ZONE; SSD may be a faster and safer storage option, but it comes at a price,” Law Technology News, February 2012
- “Virtual Machines are Great — If Properly Secured,” Law Technology News, September 2010
- “An IT Inventory to Meet Your EDD Needs,” Law Technology News, February 2009
- “Disaster Recovery — Leverage Budgets,” Law Technology News, February 2008
- “Tips for Selling Your Firm’s EDD Capabilities,” Litigation Support Today, August/September 2007
Presentations on network computing and productivity, information technology/data security, and e-discovery issues at:
- Excelsior College, “Fraud, Forensics, and Cybersecurity”, November 2020
- Capital Region U, “Fraud Didn’t Stop for COVID-19”, October 2020
- CPA Academy: “Leveraging Technology to Deliver a “best in class” Service Organization”, September 2020
- Rochester Rotary: Panel Discussion, “The Business of Cybersecurity”, May 2020
- Rochester Chamber of Commerce Rochester TRENDS: New York’s Electronic Data Security (SHIELD) Act, January 2020
- Institute of Internal Auditors: Cybersecurity for Accounting Professionals, December 2019
- NYS Banker’s Association Conference, 2019
- The Technology Executive Network, The Rochester Security Summit, and ILTA on various electronic discovery and information/data security topics
- NYS Chief Justice’s Panel on Technology
- eDiscovery Series, Monroe County Bar Association, 2011, 2012, 2015
- “Dispelling Electronic Discovery Myths,” Association of Litigation Support Professionals (ALSP)
- “Predicting the Costs of e-Discovery Through Planning,” International Legal Technology Association (ILTA)
- “How Secure is your Client Data?”, ALM Legal Tech Conference
- Certified Information Systems Security Professional (CISSP) by the International Information Systems Security Certification Consortium (ISC2)
- Literacy Rochester President’s Award
- Numerous achievement awards, including three Xerox President’s Club Awards
- Gold Award for editorial excellence from the American Society of Business Publication Editors
- President of the Board, Literacy Rochester
- Editorial Advisory Board, Law Technology News
- Member of NYS Chief Justice’s Task Force on Technology