Denny Wan is a cyber risk expert and a certified auditor in ISO 27001 and PCI DSS, with over 20 years of experience in IT security audit and risk management consulting. He is a recognised expert in the Open Group FAIR Cyber risk quantification framework. FAIR is recognised by the National Institute of Standards and Technology (NIST) as a primary quantification framework for managing the maturity of a cyber risk program.
Denny is a thought leader in threat modelling, policy-based mitigation strategy development and process integration design. He helps business and cyber leaders to unify their risk management under Enterprise Risk Management (ERM). He is a frequent speaker and presenter at conferences and webinars.
He has demonstrated expertise in supply chain risk management and supplier risk assurance through the SOC2 audit process. He has delivered SOC2 (Type I & Type II) under the supervision of a qualified CPA for the Australian subsidiaries of global service providers to satisfy mandatory supplier security certification requirements for large Australian listed companies. He completed his Master of Research in 2020 with High Distinction at Macquarie University. The research was funded by an Australian Government Commonwealth Scholarship to develop an incentive model for cyber risk management in supply chains. Such insights have direct applications to current business IT security challenges arising from APRA CPS 234, Notifiable Data Breach (NDB), GDPR and Open Banking.