Skip to the content


Cybersecurity threats are evolving daily. From social engineering to detailed spear phishing emails, hackers are becoming more sophisticated. As those threats have increased, so too have governmental requirements for business owners. Whittlesey’s technology team works with small- to medium-sized businesses and nonprofits to conduct network security reviews, testing and risk assessments, create security policies, train employees, assure compliance, and protect assets. 

Our dedicated cybersecurity team is staffed by Certified Information Systems Auditors, Cyber Forensic Analysts and Information Systems Risk Consultants who specialize in helping businesses identify, prevent, detect, remediate, and recover from cybersecurity incidents.

Our clients think of us as an extension of their leadership team, providing trusted technology advice when it’s most needed.

Accelerate your business innovation & security and manage risk

If you are experiencing a cybersecurity incident, contact the Whittlesey team to help.

In the case of an incident, we’re here to investigate and remediate systems, comply with the proper authorities, and facilitate the road to recovery.

Education and Awareness

Only one user has to fall for a phishing or malicious email to cause a security incident or data breach. We work with partners, such as KnowBe4, to conduct employee security awareness training, which includes social engineering testing and monitoring.

Learn more 

Executive Advisory Services

We offer outsourced Chief Information Officer and Chief Information Security Officer governance services, strategic technology planning, and assistance with creating and monitoring the IT environment.

Security and Risk Consulting

We assess, reduce and manage your security risk. Our experts conduct policy reviews, secure your assets, and develop business continuity and disaster recovery plans.

IT Audit and Assurance

We work with businesses and organizations to ensure their infrastructure provides the protection they need to comply with governance requirements and industry best practices. We provide:

Compliance Services

Whether you want to take advantage of incentives provided by new cybersecurity laws, reduce your organization’s actual risk profile, prevent a costly breach, or simply comply with your state’s or regulator’s cybersecurity mandates, we are here to help. We help businesses and nonprofit organizations across various industries develop or improve their Cybersecurity Programs (sometimes called a WISP – Written Information Security Program) to comply with the following regulatory bodies/standards:

  • AICPA SOC 1, SOC 2, SOC 3
  • NIST
  • ITAR
  • State Cyber Laws
  • CMMC
  • FDIC  
  • SEC
  • NCUA  
  • FTC  
  • And more

Latest Resources


How Auditors Assess Cyber Risks

Data security is a critical part of the audit risk assessment. If your financial statements are audited, your audit team will tailor their procedures to answer critical questions about cyber risks and the effectiveness of your internal controls...Continue Reading

Providing Optimal IT Support for Remote Employees

If you were to ask your IT staff about how tech support for remote employees is going, they might say something along the lines of, “Fantastic! Never better!” However, if you asked remote workers the same question, their response could be far less enthusiastic...Continue Reading

Get In Touch

Mark Torello
Partner-in-Charge, Technology 
Hartford | Hamden | Holyoke

Main Contact

Mark Torello has more than 25 years of experience in consulting, with an emphasis on security and accounting systems technology. Active in his industry, Mark is a member of the Information Systems Audit & Control Association (ISACA), the National Association of Certified Fraud Examiners, the Connecticut Society of Certified Public Accountants (CTCPA) and the American Institute of Certified Public Accountants (AICPA). 

Get In Touch