Updated September, 2016


Peter H. Gregory

Peter H. Gregory

Peter H. Gregory, CISM, CCISO, CISA, CISSP, CRISC, CCSK, PCI-QSA, is a career technologist, executive advisor, published author, public speaker, adjunct professor, and commentator in the fields of data security, business security, and business use of technology. He is an expert on a wide variety of business and technology issues including:

  • Development of strategies for the protection of critical assets
  • Protection of corporate assets, both physical and information-based
  • Compliance with U.S. laws including Sarbanes Oxley 404, CA SB 1386, FISMA, and HIPAA
  • Compliance with international standards such as ISO27001, NIST 800-53, and PCI-DSS
  • Management of SOC 1 / SSAE16 / SAS70 / ISAE3402 service provider audits
  • Security policy, controls, governance, risk management, training, and business processes
  • Key business processes that support security, including risk management, change and configuration management, vulnerability management, identity management, access management, and the software development life cycle
  • Business continuity planning and disaster recovery planning, including pandemic contingency planning
  • Adjunct professor and advisory board member, University of Washington certificate program on Information Systems Security
  • Advisory board member, University of Washington certificate programs in Information Security and Risk Management, and Cloud Transition Strategies and Management

He is currently employed as a strategic security advisor and a mentor to CISOs in North America in a North America-based security consulting organization.

Industry Certifications

  • CISSP (Certified Information Systems Security Professional), 2000
  • CISA (Certified Information Systems Auditor), 2002
  • DRCE (Disaster Recovery Certified Expert), 2008 (expired)
  • CRISC (Certified in Risk, Information Security, and Control), 2010
  • CCSK (Cloud Computing Security Knowledge), 2010
  • CCISO (Certified Chief Information Security Officer), 2012
  • PCI-ISA (Payment Card Industry Internal Security Assessor), 2013 (expired)
  • PCI-QSA (Payment Card Industry Qualified Security Assessor), 2014
  • CISM (Certified Information Security Manager), 2017

Published Author

Mr. Gregory has published over forty books in five languages on security and technology, including:

  • CISA Certified Information Systems Auditor All-In-One Exam Guide, 1st, 2nd, and 3rd editions
  • CISSP Guide to Security Essentials, 1st and 2nd editions
  • IT Disaster Recovery Planning for Dummies
  • CISSP for Dummies (1st, 2nd, 3rd, 4th, and 5th editions)
  • Solaris Security
  • Blocking Spam and Spyware for Dummies
  • Computer Viruses for Dummies
  • Biometrics for Dummies
  • VoIP Security for Dummies

Expert Witness

Mr. Gregory was an expert witness (Amicus Curiae) in a successful federal prosecution of a cybercriminal in 2006.

Published Articles

He has written over twenty articles in publications including:

  • Computerworld
  • BusinessWeek
  • SearchSecurity
  • Software Magazine
  • Dark Reading Daily, where his analysis of the TJX 10-K filing topped their “Best of the Web” listing


Mr. Gregory is regularly interviewed for industry news articles. His comments have been quoted in:

  • Forward View
  • Computerworld
  • CIO Magazine
  • CSO Magazine
  • Information Security Magazine
  • SC Magazine
  • Tech Republic
  • C|Net News
  • Seattle Times
  • Direct Marketing Association
Peter H Gregory on the stage

Peter H Gregory on the stage

Event Speaker

He has also spoken at numerous security conferences and events throughout the United States and Canada, including:

  • RSA, San Francisco
  • SecureWorld Expo, Seattle, Portland, Atlanta, Philadelphia, and Boston
  • Interop, Las Vegas
  • Victoria Privacy and Security Conference, Victoria, B.C.
  • Optiv Enterprise Security Solutions Summit (ES3), Seattle, Denver
  • Dark Reading Cyber Security Summit, Las Vegas
  • Tech Junction, Albuquerque
  • ISACA (Information Systems Audit and Control Association), Seattle
  • West Coast Security Forum, Vancouver
  • Washington Technology Industry Association, Seattle
  • InfraGard, Seattle
  • Western Pension and Benefits Conference, Seattle
  • Veritas Worldwide User Conference, Phoenix
  • International Gaming Business Exposition, Las Vegas
  • Society for Information Management, Bellevue
  • University of Nevada, Reno
  • IT Connect Expo, Santa Clara
  • Security Professionals Information Exchange, Calgary

As an event speaker, Mr. Gregory is effective and entertaining whether the audience is highly technical or highly non-technical.

Advisory Boards

Mr. Gregory has served on several advisory boards, including:

  • InfraGard, the Evergreen State (Washington) Chapter (Emeritus)
  • University of Washington certificate program for Information Security and Risk Management, one of the first such programs certified by the National Security Agency
  • University of Washington certificate program for Information Systems Security
  • SecureWorld Expo Conference (Emeritus)

Community Work

He has also been involved in various community service efforts, including:

  • Founder and manager of several international online communities, some numbering over four thousand members
  • Co-founder and group manager for the Pacific CISO Forum (Emeritus)
  • Proctor at CISSP certification exams (Emeritus)
  • Developer of CISA, CRISC, and CISSP certification exam questions (Emeritus)
  • Graduate of the FBI Citizens’ Academy
  • Member of the FBI Citizens’ Academy Alumni Association
  • Contributor, Security Guidance for Critical Areas of Focus in Cloud Computing, Cloud Security Alliance
  • Certification Board, Cloud Security Alliance
  • Board Member Emeritus, Seattle InfraGard

Trade Association Memberships

Mr. Gregory is a member of the following trade associations, including:

  • Pacific CISO Forum (Emeritus)
  • FBI Citizens Academy Alumni Association
  • InfraGard
  • (ISC)² (International Information Systems Security Certification Consortium)
  • ISACA (Information Security Audit and Control Association)
  • IAPP (International Organization of Privacy Professionals)
  • EC-Council


Mr. Gregory can be reached by filling out the inquiry form below. This will be sent directly to Mr. Gregory’s publicist and business manager in confidence.