Our Team

Unmatchable experience in various verticals ranging from technology start-ups, software development, highly regulated financial and publicly traded firms.

• Former Engineer's, Webmaster's, Developer's, CISO’s and CTO’s
• Real-world Practitioners and Experts
• Finance, Cyber, Tech, Risk, Audit and Privacy Industry Veterans
• CPA, JD, MS, CISSP, CISM, CISA and CIPP certifications and credentials 
• Average over 20 Years of real-world Experience
• NIST, SEC, FINRA, NYDFS, SOC-2, GDPR, ISO, CCPA, PCI, HIPAA, experience

Michael Marrano is the founder of Riskigy and a cybersecurity professional focused on providing Virtual CISO and Cybersecurity services for clients. With his boutique cybersecurity consulting and advisory firm, he provides high-quality services to organizations of all sizes. Michael has been honing his skills as a real-world technology and information security practitioner over the last three decades. Michael is a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and Certified Information Systems Auditor (CISA) with extensive experience in consulting, audit and business leadership roles. Michael is the author of “The Human Firewall Builder – Weakest Link to Human Firewall in Seven Days”, a Cyber and Homeland Security master’s scholar from Fairleigh Dickenson University (NJ) and previously held roles such as Senior Principal Cybersecurity Consultant, Managing Director, a former Chief Technology Officer (CTO) and Chief Information Security Officer (CISO).

Erica Chu leads Riskigy Compliance and Operations programs. Her background as a Brooklyn Law School alumni, licensed in New York with 15+ years of progressive legal, regulatory compliance, risk and operations experience in global financial institutions and emerging Fintech firms makes her an asset to the team. She also brings extensive experience as a senior Regulatory Compliance Advisor and Consultant providing in-depth knowledge of regulation from federal and state regulators, as well as leading the program development, onboarding and training of regulatory experts and consultants.

Pravin Prasad leads development operations and software development for Riskigy. With over 20 years of professional experiencing in designing and developing enterprise platforms for various industries including the financial services, regulatory compliance and information technology sectors. His breadth of knowledge around secure coding, operations, automation, machine learning and artificial intelligence have contributed to his success as an entrepreneur and business owner. Prior to Riskigy, Pravin founded CenterSys Systems where he developed Trade Data Warehouse platforms, Front/Middle and Back-Office automation of Trades, Commissions, Syndication with full integration with Clearing Houses, Risk Management Front Office Trading and P/L, and Risk Analytics. Pravin is a contributor to application testing and secure development operations assessments where his unmatched level of expertise and experience are an asset to assessing an organization's security posture.

Tom Gancarski is a CPA with a focus on cybersecurity. He primarily works with SMBs to provide security and privacy solutions which include SOC 2/SOC for Cybersecurity examinations, and readiness/mock examinations relating to NYDFS, SEC, GDPR, FTC, and state privacy/data breach laws and regulations. Tom’s academic experience includes working as a continuing professional education (CPE) instructor, and he has authored several courses on cybersecurity and cloud computing. He has spoken at cybersecurity events and seminars for CPA and CISO audiences on multiple topics including cybersecurity, privacy, governance, and vendor risk management. Prior roles include regulatory compliance and risk management positions at Deutsche Bank, HSBC, and BNY Mellon. He also worked as an auditor at a regional CPA firm. He holds CPA licenses in Indiana and Alaska. Tom is also a Certified Information Privacy Professional/Europe (CIPP/E) and a Certified Information Systems Auditor (CISA).