Antonina McAvoy specializes in cybersecurity, as well as data protection and privacy. She has 14 years of experience leading and performing a wide spectrum of cybersecurity reviews (i.e. NIST, COBIT, CIS, PCI, GDPR, ISO Standards), SOX 404 business control mapping and Information Technology General Control (ITGC) assessments, AICPA SOC reporting (SOC 1, 2, 3, SOC for Cybersecurity, and SOC for Supply Chain reporting), HIPAA compliance audits, HITRUST CSF readiness assessments, FFIEC ITGC examinations, Department of Defense (DoD) System Security Plans (SSP) and Plan of Action & Milestones (POA&M), DoD DFARS and CMMC readiness assessments (CMMC provisional assessor candidate), outsourced IT internal audits, and internal control assessment services.
Antonina has strong technical skills and is instrumental in performing complex data mapping exercises to identify where key data resides in an organization’s environment, assessing the design and operating effectiveness of control environments, as well as identifying control gaps and weak cybersecurity settings. Ms. McAvoy is highly skilled in analyzing the root cause and impact of IT issues through gaining a deep understanding of an organization’s operations. She is well versed in translating IT risks, recommending business solutions, and advising organizations on designing strategies to create and improve sustainable data protection and enterprise-wide risk prevention programs.
Antonina grew up in a family of accountants, with her parents serving as CFOs. Antonina followed suit with a degree in Accounting, but initially discovered her interest in information technology during her first post-college position when she was presented with the opportunity to work on an IT audit. Her experience since then has led Antonina to assist organizations across various industries, as well as both small mom-and-pop businesses to large global organizations where Antonina coordinated the information technology audits across both geographic and language barriers for multiple key international locations. She has found her passion by combining her love for networking with applying the technical knowledge she gained from helping companies identify control gaps and security weaknesses. Her innate ability to connect with people allows her to effectively communicate weaknesses identified and make strong recommendations to management to help improve their cyber-environment.
Over a decade has passed since she first started assisting companies with their IT environments, yet the fear of cybersecurity preparedness by boards and upper management has only increased as high-profile cyber-attacks become more common and the need for digital trust intensifies. It is Antonina’s mission to help companies strengthen their business and cyber-resilience to reduce the risk of a cyber-incident occurring that could have a significant financial, operational, legal and reputational impact.
Prior to joining PBMares in 2018, Ms. McAvoy worked with other accounting firms, including a five-year tenure in the Information Systems Assurance group of the fifth largest accounting firm in the world, and a three-year tenure with the Risk Assurance group of a prestigious “Big Four” accounting firm.
PROFESSIONAL ASSOCIATIONS:
- American Institute of Certified Public Accountants (AICPA)
- ISACA (formerly the Information Systems Audit and Control Association)
- Hampton Roads Chamber of Commerce
EDUCATION:
- Master of Science in Cybersecurity with a concentration in Cyber Operations from Utica College
- Bachelor of Science in Business Management with a concentration in Accounting from Babson College
- Associate of Science in Business Administration with a concentration in Accounting from Massachusetts Bay Community College
PUBLICATIONS:
Pursuing a master’s degree was a lifelong academic goal of Antonina’s, which culminated in her first publication The Secret to Mastering the Defense Federal Acquisitions Regulation Supplement Cybersecurity Requirements (ProQuest No 27672340).
CERTIFICATIONS:
- Certified Information Systems Auditor (CISA) by ISACA
- Certified Information Security Manager (CISM) by ISACA
- Qualified Security Assessor (QSA) by PCI Security Standards Council
- Payment Card Industry Professional (PCIP) by PCI Security Standards Council
- Cybersecurity Advisory Services Certificate by AICPA
- Cyber Operations Certificate by the Center of Academic Excellence in Cyber Defense Education on behalf of Utica College, the National Security Agency, the United States Department of Homeland Security and the National IA Education and Training Programs
ARTICLES:
Webinar | Cybersecurity in Construction & Real Estate
Learn effective strategies needed to mitigate your financial and IT risks to address the sophisticated ransomware and social engineering attacks facing businesses today,
How to Create a Comprehensive SSP and Calculate Your SPRS Score: Steps to Confident CMMC Compliance
Navigating CMMC requirements can be daunting, especially when it comes to developing a comprehensive System Security Plan (SSP) and calculating your Supplier Performance Risk System (SPRS) score. Learn how you can confidently complete the necessary steps to compliance, including performing a self-assessment against the NIST SP 800-171r2 controls to develop a robust SSP and SPRS score.
AI in Real Estate: Balancing Innovation and Risks
AI is reshaping the real estate industry, offering unprecedented efficiency and precision. However, while AI brings significant opportunities, it also introduces challenges that must be carefully managed.
AI in Construction: Navigating the Balance Between Risks and Rewards
AI offers incredible opportunities for the construction industry, but it also brings challenges that require careful management. By thoroughly evaluating the risks and rewards, construction companies can unlock AI’s full potential, driving unprecedented innovation and growth in their projects.
Foreign Companies Expanding into the United States: Navigating Cybersecurity Compliance
Foreign companies entering the U.S. market should understand the SOC 2 and PCI DSS cybersecurity standards. Learn more about why they are what is required to stay complaint.
Red Flags in Your Cyber Insurance Policy: What Non-Profits Need to Know
Many non-profit organizations find themselves facing challenges when it comes to understanding and navigating their cyber insurance policies. Here are some key red flags in your cyber insurance policy that non-profits need to watch for to ensure they are adequately protected.
Top 5 Lessons Learned from the Microsoft Outages Caused by a CrowdStrike Software Glitch
The recent global Microsoft outages attributed to a CrowdStrike software glitch have highlighted significant vulnerabilities in our interconnected digital ecosystem. Learn about the key lessons learned to help organizations enhance their resilience.
Navigating the Future of Cybersecurity: A Deep Dive into NIST CSF 2.0
The recent release of the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) 2.0 marks a significant milestone in the evolution of cybersecurity standards. Learn about the key updates in NIST CSF 2.0 and explore how these changes will shape the future of cybersecurity and risk management.
Bridging the Compliance Gap: The Unseen Challenge of SOC 2 and PCI DSS
In today’s rapidly evolving digital landscape, maintaining robust security and compliance mechanisms is not just a regulatory requirement; it’s a business imperative. Two primary frameworks dominate this landscape: SOC 2 and PCI DSS. However, the market presents a unique challenge: the intersection of firms that can proficiently handle both SOC 2 reports and PCI DSS assessments.
Navigating Data Security in Healthcare: Understanding the Distinctions Between HIPAA and HITRUST
Comparing HIPAA and HITRUST is a bit like comparing apples and oranges because they serve different purposes within the realm of healthcare compliance. Understanding their distinctions is essential for any healthcare entity striving to achieve comprehensive data security.
Embracing HITRUST CSF 11.3.0: A Strategic Imperative for Healthcare Companies Handling PHI
While many have been striving to meet HIPAA requirements for years, the landscape is shifting with the recently released HITRUST CSF version 11.3.0, which introduces critical updates designed to address emerging cyber threats and evolving regulatory demands.
Safeguarding the Foundations: Cybersecurity in the Construction Industry
Discover why the construction sector is particularly vulnerable to cybersecurity threats, the financial and operational impacts these threats can have, and pragmatic steps that business owners and key stakeholders can take to mitigate these risks.
Process Optimization for Healthcare: Streamlining for Efficiency and Resilience
In the dynamic and high-stakes environment of healthcare, process optimization isn’t just about cutting costs—it’s about enhancing service delivery, boosting patient outcomes, and improving operational resilience. Here are key strategies to consider for 2024.
Navigating the Path to SOC 2 Compliance: Key to Building Trust and Competitive Edge
In today’s rapidly evolving business landscape, the demand for Service Organization Control (SOC) 2 report compliance has skyrocketed. This surge, guided by the AICPA framework, is more than just a trend—it’s a testament to a significant transformation within the business ecosystem.
Navigating Cyber and Risk Challenges in the Healthcare Industry: 2024 Key Trends
Explore key trends impacting the healthcare industry, including advanced threat detection, data privacy, process optimization, HIPAA and HITRUST compliance, and telehealth security measures.
Securing Grants: Decrypting OMB’s Latest Uniform Guidance for a Secure Funding Future
Learn more about the recent revisions issued by The Office of Management and Budget (OMB) to the Uniform Guidance, with a notable emphasis on cybersecurity.
Podcast | Risk Advisory & Cybersecurity
In this podcast, PBMares Partner, Antonina McAvoy dissects what risk means to businesses and organizations and how we can help you turn risk from a foe to a force for growth.
Securing the Fort: Expert Strategies for Government Contractors Facing DCSA Audits
Learn more about risk advisory services that are designed to prepare government contractors for the unpredictable rhythms of DCSA audits.
Cybersecurity Awareness Month: Spotlight on the Construction Industry
During Cybersecurity Awareness Month, construction contractors are reminded of the proactive steps they can take to mitigate digital risk from ransomware and other cyberattacks.
Cybersecurity Awareness Month: Reminders for Cyber Hygiene
October is Cybersecurity Awareness Month. Four basic tips, including how to recognize and respond to phishing attacks, can better protect online data and deter cyber criminals.
HITRUST Certification Just Became More Affordable
HITRUST was once considered by many small and medium-sized businesses to be out of reach due to an exorbitant price tag. But there are new cost-effective options companies can leverage to increase their transparency, integrity, and reliability.
Shields Up: 3 Proactive Steps to Take Right Now
In a call to action that’s being called “Shields Up,” the U.S. Cybersecurity and Infrastructure Security Agency continues to warn Russia could escalate destabilizing activities that may impact countries well beyond Ukraine. In light of these threats, U.S. businesses of all sizes should take steps immediately to shore up cyber defense.
Webinar: Cyber Resilience in Times of Conflict
Threat actors have been very transparent about focusing their efforts on businesses with fewer resources. Join our panel discussion on Cyber Resilience to better position your organization to handle a cyberattack.
Take 3 Steps Now to Survive a DOL Cybersecurity Audit
Hacking and ransomware have the potential to create havoc for the assets and sensitive data housed in benefit plans across the country. As a result, in 2021, the DOL scaled up its interest in how administrators are addressing and responding to cybersecurity risks.
Case Study | Not-for-Profit Overcomes a Financial Hack and Comes Back Stronger
A small Virginia nonprofit thought they were doing all the right things in terms of cybersecurity, cyber insurance and safety. They found out the hard way that it wasn’t enough to avoid the damage from a hacker that knew how to manipulate their weak points.
Webinar Recording | Challenges and Opportunities for Not for Profits
Learn about the top challenges and opportunities facing not-for-profit organizations in 2022. Topics include tax updates, the impact of new legislation, succession planning challenges, industry best practices and the importance of a robust cybersecurity program.
Webinar Recording | What Can You Do to Prepare for the Next Cyber Attack?
PBMares’ October 13th webinar reviews the three most common cyber misconceptions and exposures for your organization, including guidance on controlling these risks through IT standards, best practices, and insurance coverage.
Top Cyber Risks for the Real Estate Industry
Half of all real estate companies report being unprepared for a cyber attack. Understanding where risk comes from and how to prevent and mitigate data breaches can help companies avoid the costly effects of cybercrimes.
Cybersecurity Risks and Prevention Strategies for the Construction Industry
One in six construction companies fall victim to ransomware every year. They are at high risk for cyberattacks, yet most do not have a cybersecurity strategy. Understanding where risk comes from is a good start; proactively mitigating it takes teamwork.
10 Key Considerations to Take When Evaluating Managed Service Providers
More organizations are using Managed Service Providers (MSPs) to help fulfill ongoing needs, like cybersecurity and outsourced accounting. Before hiring an MSP, it’s helpful to understand the top ten areas that can impact the engagement’s success.
Preventing Ransomware Attacks at Your Business
Ransomware attacks have become a major threat to many private businesses. The possibility of having critical business data encrypted by cybercriminals who then demand millions for data release is fast becoming a reality.
For Many SMBs in the U.S. Defense Industrial Base, CMMC 1 is a Business Critical Challenge
Learn how small government suppliers can meet the looming CMMC Level 1 compliance challenge.
Sec-U-rity Starts with You!
Two events will shape everyone’s memory of 2020: COVID-19 and humankind’s increased dependence on the Internet across the world for business and personal use.
Sec_rity Is Not Complete Without U!
While technical cybersecurity controls are a vital part of your organization’s information security framework, they are not in and of themselves sufficient to secure all of your information assets.
Cloud Computing Security Risk Management Update
The emergence of cloud computing has opened the door for financial institutions to take advantage of the many benefits offered by emerging technology.
How DoD Contractors Can Prepare for CMMC Implementation in 2020
Cybercrime costs the U.S. economy between $57 billion and $109 billion every year. Although there have been guidelines for meeting cybersecurity benchmarks in the past, all DoD contractors are now subject to Cybersecurity Maturity Model Certification (CMMC).