Tom Brennan is the CIO of a 90-year-old law firm, a partner in a cybersecurity solutions company, and leads the U.S. arm of CREST International. In this role, he works with government and commercial organizations to optimize the value of CREST as a cybersecurity accreditation body and industry standards advocate, particularly for companies in the Cybersecurity & Infrastructure Security Agency’s 16 critical infrastructure sectors which are vital to U.S. security, national economy and public health and safety. As CREST USA Chairman, Brennan spearheads strategic plans for CREST USA’s organizational growth while also serving as an industry evangelist and educator on the value of using accredited cybersecurity products and professionals to improve consumer privacy, security, and protection worldwide.

A proud U.S. Marine veteran, Brennan first became involved with CREST International in 2016 while serving the Global Board of Directors for the Open Web Application Security Project (OWASP). Seeing similar goals, he became more active in the CREST organization and was nominated to lead the organization’s U.S. Advisory in 2019. Over his career, Brennan has amassed security expertise across the cybersecurity spectrum, including in the areas of penetration testing, vulnerability assessment, application security, threat intelligence and more. In addition to being CREST USA Chairman, he is the Chief Information Officer of the national lawfirm Mandelbaum Salsburg where he oversees critical infrastructure, privacy and security operations. He is also an Advisory Bord Member of the information services advisory Gerson Lehrman Group, a Cyber Fellows Advisory Council Member, Member of the Information Technology Advisory Committee of the County College of Morris, Senior Advisor and Industry Advisory Board Member of the New Jersey Institute of Technology, and a Cyber Fellows Advisory Council Member of the NYU Tandon School of Engineering.

Brennan is a frequent speaker, a published author, and an active evangelist on security best practices. He is FEMA Community Emergency Response Team (CERT) certified, an (ISC)2 Certified Information Systems Security Professional (CISSP), an EC-Council Certified Ethical Hacker (C|EH) and holds a certification on the National Security Agency INFOSEC Assessment Methodology (IAM).