Brian Brunelle loves a good laugh, but don’t let that fool you – he’s dead serious about protecting our clients from cybersecurity threats! As the Director of Risk Management & Audit at GraVoc, Brian plays a key role in providing our clients with strategic cybersecurity advisory and helping them proactively implement security measures.

Check out our employee spotlight video and Q&A to learn more about Brian and what he does at GraVoc!

Tell us a little bit about yourself & what you do at GraVoc:

My name is Brian Brunelle, I am the Director of Risk Management & Audit within the Information Security practice at GraVoc. I grew up in GraVoc’s favorite city – Peabody, Massachusetts!

At GraVoc, I lead the Information Security practice along with my co-director, Michael Kannan. I oversee the work we do for IT audits, social engineering testing, and risk management. This involves everything from writing policies and procedures, conducting audits, and performing readiness assessments for ISO 27001 to assisting with security compliance. We also work with a lot of financial institutions, which again involves audits, managing information security programs, and sitting on tech and security steering committees.

What is some of your favorite work as a cybersecurity expert?

My personal favorite is the social engineering work, where we send phishing emails to get people to click. Basically, anything you would get a mass email communication from, we’ve tried to spoof at some point. We also do these exercises in person or over the phone, trying to get people to let us remote in or give us their passwords, or give us access to server rooms and non-public areas.

I find these social engineering exercises very engaging and interesting. It all creates a learning opportunity and good conversation about security awareness and education, which is very important.

What do you enjoy the most about working for GraVoc?

I like that every day is different. We’re always busy, no two days are the same. In fact, throughout the day, I rotate between tasks, so things never get stale. It’s always something different, which is an interesting challenge, but it keeps you fresh, aware, and disciplined.

Cybersecurity is an extremely wide and deep field; the constant changing of exposure is how you stay current with the latest and greatest.

Where are we likely to find you outside of work?

Outside of work, I’m a father of three young boys, so that eats up most of my time and it’s wonderful but also draining. Sometimes my wife and I joke that coming to work, especially a place like GraVoc, is the relaxing part of my day. Also, I enjoy being outdoors in nature with my older kids!

What’s one piece of cybersecurity advice you would give to businesses/individuals?

One of the best thing businesses or individuals can do is avoid being the low-hanging fruit – don’t reuse passwords, don’t use short, guessable passwords, and don’t have your password be the same as your username. The average bad actor is not targeting you as an individual or company, they’re looking for the easiest target to exploit. If you spend a little time and money to do the minimum, that’s usually enough so the bad actor will be unsuccessful in their initial hacking attempts and move on to next target. Do the basics well and you’ll be better off than a lot of your industry peers.

learn more about our team

Click below to check out our company overview page or to view our information security services!

Related articles