Mark Burnette is the Advisory Services Practice Leader and Shareholder-in-Charge of LBMC’s Information Security practice. He possesses 18 years of experience in information security and risk management. Mark’s background includes extensive experience in security program strategy and development, regulatory compliance, security policies and procedures, risk assessment and management, penetration testing, and security function design, development, and staffing. Mark is particularly passionate about cybersecurity leadership and growing the profession.

During his decorated career, Mark has served as the President and Global Practice Leader for a national information security consulting company and built and led information security functions for two major publicly-traded corporations. He worked for several years in key leadership roles with two of the Big 6 (now Big 4) accounting firms where he specialized in developing, implementing, assessing, and securing information technology solutions for companies in the healthcare, retail, manufacturing, banking, and insurance industries. In 2005, while serving as the Global Information Security Officer for international insurance broker The Willis Group, Mark was named the Information Security Executive of the Year at the ISE Southeast Awards. In 2008, while serving as the Executive Director of IT Operations and Security for hotelier Gaylord Entertainment Company, he was named one of Information Security Magazine’s “Security 7” top seven security leaders and was chosen by ComputerWorld Magazine as one of the Premier 100 IT Leaders for 2009. In January 2011, the Information Systems Security Association (ISSA), the international trade association for information security professionals, named Mark a Fellow. This prestigious honor, which has only been granted to a handful of individuals worldwide, is bestowed by the ISSA Fellow Program for distinguished accomplishments in the field of information security, leadership, and future service to the association and profession. Mark’s unique background allows him to bring a “walk a mile in the shoes” perspective to all of LBMC’s security engagements. His experience building and running information security functions allows him to develop solutions that are relevant, practical, and actionable.

Recognized as an IT security expert by technology think-tank Gartner, Mark has repeatedly been featured as a subject matter expert on ABC and CBS television affiliates been published in print media such as CSO, Secure Enterprise, Information Security, and ComputerWorld magazines, and quoted by ABCnews.com, among many media appearances. Mark’s engaging style has made him a popular and highly-requested speaker for international conferences and specialty groups around the world.

Mark currently serves on the American Institute of CPAs’ national Cybersecurity Working Group. That group of cybersecurity experts has worked on behalf of the AICPA to update existing cybersecurity control descriptions for the CPA profession and to develop a new cybersecurity risk management attestation standard that was published during 2017. The AICPA also tapped Mark to develop a cybersecurity toolkit for its member firms that provides guidance on how CPA firms can develop and staff a cybersecurity consulting function that will allow them to offer cybersecurity services to their clients. Mark also led the development of the AICPA’s official training curriculum on cybersecurity risk assessment and consulting services. These new training courses, delivered for the first time in 2017, are training the next generation of cybersecurity auditors and assessors in the proper scoping, evaluation, execution, review, and reporting of an entity’s cybersecurity posture.  In January 2019, Mark was recognized as one of the cybersecurity industry’s 75 “Pioneers”, having been one of the first enterprise CISOs, and, in so doing, laying the groundwork for today’s CISO role.  In March 2019, Mark delivered a wildly-popular TED talk at TEDxNashville titled “The Humanity Behind Cybersecurity Attacks”.

For his cumulative efforts as a security leader serving his community and his State, on September 11, 2008 Mark was presented with a Certificate of Appreciation from Tennessee Governor Phil Bredesen in recognition of outstanding service in the best interests and highest traditions of the State of Tennessee.

Certifications:

Certified Public Accountant (CPA)
Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
Certified Information Systems Auditor (CISA)
Certified in Risk and Information Systems Control (CRISC)
Certified in the Governance of Enterprise Information Technology (CGEIT)
Information Technology Infrastructure Library (ITIL) V3 Foundations
Payment Card Industry Qualified Security Assessor (PCI QSA)
Payment Card Industry Professional (PCIP)