Home / Leadership Team / Darren Hulem, CISA, CEH, Security +
Biography
Darren Hulem has 10 years of experience working in the Information Technology space. He has been with GRF’s Risk and Advisory services department for the last 4 years helping clients better understand the cybersecurity risks to their organizations. Darren uses his expertise to assist clients with executing detailed cybersecurity engagements in the following areas: cybersecurity risk assessments, vulnerability assessment analysis, IT audits, co-sourced internal IT audits, ISO 27001:2013 compliance internal audits, IT policy and procedure benchmarks against leading frameworks such as (ISO, NIST, PCI, HIPAA, CIS, SOC 2), penetration testing, IT training, and third-party risk assessments. He also enjoys providing presentations to clients senior leadership and board members in a digestible way.
Darren is a seasoned speaker on cybersecurity topics. He has presented at the IIA International Conference, various IIA Chapters, AICPA, MACPA, GWSCPA, Humentum, UST Education, and NYCON. He enjoys sharing his experiences from client triage and cleanup with organizations as to the importance of IT controls.
Prior to joining GRF, Darren worked with his clients as a managed service provider which has allowed him to experience a wide variety of technologies, budgets and clients. There he would recommend and implement system improvements as well as troubleshoot client networks to ensure their daily IT operations functioned. He takes pride in being to translate technical topics so that all decision makers can make informed decisions.
Education and Certifications
- M.S. in Information Systems, University of Maryland, Baltimore County
- B.S. in Business Administration, Carson – Newman College
- Certified Information Systems Auditor (CISA)
- Certified Ethical Hacker (CEH)
- Comptia Security+
- Certificate of Competency: ISO 27001:2022 Lead Auditor and Internal Auditor (TPECS)
Professional Affiliations
- Information System Audit and Control Association (ISACA)
- Institute of Internal Auditors (IIA)
- CompTIA
- EC-Council
- American Society of Association Executives (ASAE)
Expert Insights
Webinar
Your Organization’s Guide to Cybersecurity
Cybersecurity is a part of every organization’s daily life. Want to learn how to protect your organization but become overwhelmed…
Ebook, Publication
GRF eBook: Cybersecurity Risks & Mitigation Strategies
This eBook outlines 20 different cybersecurity risk categories that can impact your organization, detailing how to identify and address them.
Articles
Elements of Successful Cybersecurity
Government Contractors are more reliant on technology than ever before to deliver on their obligations. The integration of digital technology…
Articles
Enhance Trust and Security: The Advantages of SOC 2 Audits for Your Organization
Would you do business with an organization you don’t trust? Safeguarding the sensitive data your organization receives from donors, customers,…
Publication, White Paper
2025 Top Risks for Nonprofits and Associations
Our 2025 Top Risks Report explores the top risk themes of the year and the potential implications for nonprofits and…
Case Studies
Strengthening IT Security: One Nonprofit’s Journey to Meet SAS 145 Requirements
In response to growing IT and cybersecurity risks, auditors are placing greater scrutiny on IT risk and risk controls in…
Publication, White Paper
2024 Top Risks for Nonprofits and Associations
At the start of 2024, the landscape of risks facing organizations is evolving at an unprecedented pace. The Risk &…
Webinar
Virtual Cyber Symposium for Nonprofits & Associations
Virtual Cyber Symposium for Nonprofits & Associations: Tax exempt organizations are not exempt from the growing threats of cyberattacks. Nonprofit…
Articles
A Guide to Third Party Risk Management
Understanding and mitigating third party risk has become more important than ever, which makes now the perfect time for your…
Webinar
Update on DCAA Current Initiatives
Are you in the loop when it comes to the latest guidance issued by DCAA? Join GRF Principal of Outsourced…
Webinar
Cybersecurity: Is AI the Secret Weapon?
Join us as we delve into the cutting-edge realm of cybersecurity and artificial intelligence. In a rapidly evolving digital landscape,…
Articles
Aligning Business Continuity Planning with Third Party Risk Management
Does your organization know all the third-party vendors who access and manage data on your behalf? In the event of…
Case Studies
Community-Based Nonprofit Proactively Addresses Cybersecurity Challenges
A medical facility serving homeless patients was dealing with a newly-hybrid work environment, increased government scrutiny on IT security, and…
Webinar
Your Organization’s Guide to Cybersecurity
Cybersecurity is a part of every organization’s daily life. Want to learn how to protect your organization but become overwhelmed…
Ebook, Publication
GRF eBook: Cybersecurity Risks & Mitigation Strategies
This eBook outlines 20 different cybersecurity risk categories that can impact your organization, detailing how to identify and address them.
Articles
Elements of Successful Cybersecurity
Government Contractors are more reliant on technology than ever before to deliver on their obligations. The integration of digital technology…
Articles
Enhance Trust and Security: The Advantages of SOC 2 Audits for Your Organization
Would you do business with an organization you don’t trust? Safeguarding the sensitive data your organization receives from donors, customers,…
Publication, White Paper
2025 Top Risks for Nonprofits and Associations
Our 2025 Top Risks Report explores the top risk themes of the year and the potential implications for nonprofits and…
Case Studies
Strengthening IT Security: One Nonprofit’s Journey to Meet SAS 145 Requirements
In response to growing IT and cybersecurity risks, auditors are placing greater scrutiny on IT risk and risk controls in…
Publication, White Paper
2024 Top Risks for Nonprofits and Associations
At the start of 2024, the landscape of risks facing organizations is evolving at an unprecedented pace. The Risk &…
Webinar
Virtual Cyber Symposium for Nonprofits & Associations
Virtual Cyber Symposium for Nonprofits & Associations: Tax exempt organizations are not exempt from the growing threats of cyberattacks. Nonprofit…
Articles
A Guide to Third Party Risk Management
Understanding and mitigating third party risk has become more important than ever, which makes now the perfect time for your…
Webinar
Update on DCAA Current Initiatives
Are you in the loop when it comes to the latest guidance issued by DCAA? Join GRF Principal of Outsourced…
Webinar
Cybersecurity: Is AI the Secret Weapon?
Join us as we delve into the cutting-edge realm of cybersecurity and artificial intelligence. In a rapidly evolving digital landscape,…
Articles
Aligning Business Continuity Planning with Third Party Risk Management
Does your organization know all the third-party vendors who access and manage data on your behalf? In the event of…
Case Studies
Community-Based Nonprofit Proactively Addresses Cybersecurity Challenges
A medical facility serving homeless patients was dealing with a newly-hybrid work environment, increased government scrutiny on IT security, and…
Webinar
Your Organization’s Guide to Cybersecurity
Cybersecurity is a part of every organization’s daily life. Want to learn how to protect your organization but become overwhelmed…
Ebook, Publication
GRF eBook: Cybersecurity Risks & Mitigation Strategies
This eBook outlines 20 different cybersecurity risk categories that can impact your organization, detailing how to identify and address them.
Articles
Elements of Successful Cybersecurity
Government Contractors are more reliant on technology than ever before to deliver on their obligations. The integration of digital technology…
News and Events
Content Delivery Network (CDN) Security: What are the risks?
GRF Cybersecurity Risk Assessment and Scorecard Blog Series Organizations use their online presence to attract donors, members, and clients…
Patch Management: Eliminating Vulnerabilities
GRF Cybersecurity Risk Assessment and Scorecard Blog Series The threat of cyberattacks is frightening, persistent, and can affect any…
Blog
Elements of Successful Nonprofit Cybersecurity
Nonprofits are more reliant on technology than ever before to deliver on their mission. The integration of digital technology into…
MACPA 2025 Government & Not-for-Profit Conference
GRF is proud to present at the MACPA 2025 Government & Not-for-Profit Conference.
GRF Cybersecurity Symposium Insights
GRF’s 2nd annual Cybersecurity Symposium brought together industry leaders to discuss the evolving landscape of data privacy, cybersecurity, and enterprise…
GRF GovCon Summit 2024
Join GRF’s Government Contracting experts for a virtual summit designed to equip you with the knowledge and tools necessary to…
GRF Cyber Symposium
GRF’s second annual Virtual Cyber Symposium is designed to provide a 360-degree overview of the latest strategies for improving cybersecurity…
Cybersecurity and Best Practices for Client Privacy and Risk Management
Join GRF and APCPA at the Manor Country Club in Rockville, MD, for an engaging discussion on cybersecurity, technology best…
Article
Current State of AI’s Transformative Impact on Cybersecurity Strategies
In this session, GRF will review the existing landscape of cybersecurity, technology, and AI. We’ll emphasize significant trends and address…
MACPA 2024 Government and Not-for-Profit Virtual Conference
Join us online for the MACPA 2024 Government and Not-for-Profit Conference. The conference will feature general sessions from GRF’s experts…
Key Takeaways from GRF’s Cyber Symposium for Nonprofits & Associations
GRF’s first annual Virtual Cyber Symposium for Nonprofits & Associations brought together experts in cybersecurity, privacy, and insurance to share…
Cybersecurity Checklist: Is your organization secure?
Cybersecurity threats are always changing and hackers are busy finding ways to exploit your assets. Download a PDF copy of…
Virtual Cyber Symposium for Nonprofits & Associations
Virtual Cyber Symposium for Nonprofits & Associations: Tax exempt organizations are not exempt from the growing threats of cyberattacks. Nonprofit…
Cybersecurity: Is AI the Secret Weapon?
In this engaging session, we’ll guide you through an immersive journey where technology meets security, and human expertise joins forces…
Update on DCAA Current Initiatives
Join us for a review of DCAA’s current guidance on audit procedures including incurred cost proposals, business systems and defective…
GRC Conference 2023 (Governance, Risk & Control)
The GRC Conference gathers leading minds from around the world to provide dedicated professionals like you with the most up…
Blog
Essential stages of a third party risk management program
Developing and maintaining a third party risk management (TPRM) program can help to reduce the overall risk to your organization.…
Blog
Four Things You Can Do Today to Improve Your Cybersecurity Posture
Cybersecurity is always changing and evolving as threats grow. Here are ideas that you can start on today that will…
IIA Long Island Chapter Dual Track Conference for IT & Banking
Is your organization focused on the right issues when it comes to privacy, IT asset protection and third party risk…
Reputation Risk as Part of Your Cybersecurity Program
This session is being presented in collaboration with UST Education.
MACPA 2023 Government and Not-for-Profit Conference
Join us online and in-person at the Maritime Conference Center in Linthicum, MD, for the MACPA 2023 Government and Not-for-Profit…
Reputation Risk as Part of Your Cybersecurity Program
This session is being presented as a re-broadcast of the 2022 GWSCPA Nonprofit Symposium.
Reputation Risk as Part of Your Cybersecurity Program
This session is being presented in collaboration with UST Education.
Getting Started with Cybersecurity Training
TLDR: End user cybersecurity training is essential for preventing malicious actors from gaining unauthorized access to your organization’s network. Creating…
What’s a Cybersecurity Program?
This session will cover some of the top cyber frameworks and how to customize controls to the context of your…
Obtaining Cyber Insurance For Your Organization
By Darren Hulem, CISA, CEH, Security +, Senior Manager, Risk & Advisory Services As cyberattacks grow in frequency and complexity,…
Reputation Risk as Part of Your Cybersecurity Program
This session is being presented as part of the 2022 GWSCPA Nonprofit Symposium.
Cybersecurity – Let’s Get Back to the Basics
Join GRF’s risk advisory services team to discuss possible vulnerabilities and weaknesses that malicious actors may already know about, and…
Your Organization’s Guide to Cybersecurity
Cybersecurity is a part of every organization’s daily life. Want to learn how to protect your organization but become overwhelmed…
DC Top Risks Summit
Don’t miss the opportunity to take home advice from some of the most influential leaders in the risk community! Join…
Fraudulent Domains: Are You a Victim of Typosquatting?
GRF Cybersecurity Risk Assessment and Scorecard Blog Series Fraudulent domains look very similar to your organization’s domain name and…
Information Disclosure: Are you up to date on privacy laws?
GRF Cybersecurity Risk Assessment and Scorecard Blog Series Securing the privacy of your organization’s employee and customer data is…
Social Network: Knowing the Narrative Surrounding your Organization
GRF Cybersecurity Risk Assessment and Scorecard Blog Series Social media has allowed organizations to connect with customers around the…
Identity and Access Management (IAM): Who is accessing your data?
GRF Cybersecurity Risk Assessment and Scorecard Blog Series Simply put, Identity and Access Management (IAM) is the discipline of…
Application Security: Are you protecting important information on your website?
GRF Cybersecurity Risk Assessment and Scorecard Blog Series Web applications are a top target for attackers. Hackers are constantly…
Assessing Your Digital Footprint: What do people see about your organization?
GRF Cybersecurity Risk Assessment and Scorecard Blog Series It’s crucial for your organization to have an online presence to…
Website Security: Is your front door open?
GRF Cybersecurity Risk Assessment and Scorecard Blog Series Identifying and mitigating website risks Data breaches are costly, and the…
Content Delivery Network (CDN) Security: What are the risks?
GRF Cybersecurity Risk Assessment and Scorecard Blog Series Organizations use their online presence to attract donors, members, and clients…
Patch Management: Eliminating Vulnerabilities
GRF Cybersecurity Risk Assessment and Scorecard Blog Series The threat of cyberattacks is frightening, persistent, and can affect any…
Blog
Elements of Successful Nonprofit Cybersecurity
Nonprofits are more reliant on technology than ever before to deliver on their mission. The integration of digital technology into…
MACPA 2025 Government & Not-for-Profit Conference
GRF is proud to present at the MACPA 2025 Government & Not-for-Profit Conference.
GRF Cybersecurity Symposium Insights
GRF’s 2nd annual Cybersecurity Symposium brought together industry leaders to discuss the evolving landscape of data privacy, cybersecurity, and enterprise…
GRF GovCon Summit 2024
Join GRF’s Government Contracting experts for a virtual summit designed to equip you with the knowledge and tools necessary to…
GRF Cyber Symposium
GRF’s second annual Virtual Cyber Symposium is designed to provide a 360-degree overview of the latest strategies for improving cybersecurity…
Cybersecurity and Best Practices for Client Privacy and Risk Management
Join GRF and APCPA at the Manor Country Club in Rockville, MD, for an engaging discussion on cybersecurity, technology best…
Article
Current State of AI’s Transformative Impact on Cybersecurity Strategies
In this session, GRF will review the existing landscape of cybersecurity, technology, and AI. We’ll emphasize significant trends and address…
MACPA 2024 Government and Not-for-Profit Virtual Conference
Join us online for the MACPA 2024 Government and Not-for-Profit Conference. The conference will feature general sessions from GRF’s experts…
Key Takeaways from GRF’s Cyber Symposium for Nonprofits & Associations
GRF’s first annual Virtual Cyber Symposium for Nonprofits & Associations brought together experts in cybersecurity, privacy, and insurance to share…
Cybersecurity Checklist: Is your organization secure?
Cybersecurity threats are always changing and hackers are busy finding ways to exploit your assets. Download a PDF copy of…
Virtual Cyber Symposium for Nonprofits & Associations
Virtual Cyber Symposium for Nonprofits & Associations: Tax exempt organizations are not exempt from the growing threats of cyberattacks. Nonprofit…
Cybersecurity: Is AI the Secret Weapon?
In this engaging session, we’ll guide you through an immersive journey where technology meets security, and human expertise joins forces…
Update on DCAA Current Initiatives
Join us for a review of DCAA’s current guidance on audit procedures including incurred cost proposals, business systems and defective…
GRC Conference 2023 (Governance, Risk & Control)
The GRC Conference gathers leading minds from around the world to provide dedicated professionals like you with the most up…
Blog
Essential stages of a third party risk management program
Developing and maintaining a third party risk management (TPRM) program can help to reduce the overall risk to your organization.…
Blog
Four Things You Can Do Today to Improve Your Cybersecurity Posture
Cybersecurity is always changing and evolving as threats grow. Here are ideas that you can start on today that will…
IIA Long Island Chapter Dual Track Conference for IT & Banking
Is your organization focused on the right issues when it comes to privacy, IT asset protection and third party risk…
Reputation Risk as Part of Your Cybersecurity Program
This session is being presented in collaboration with UST Education.
MACPA 2023 Government and Not-for-Profit Conference
Join us online and in-person at the Maritime Conference Center in Linthicum, MD, for the MACPA 2023 Government and Not-for-Profit…
Reputation Risk as Part of Your Cybersecurity Program
This session is being presented as a re-broadcast of the 2022 GWSCPA Nonprofit Symposium.
Reputation Risk as Part of Your Cybersecurity Program
This session is being presented in collaboration with UST Education.
Getting Started with Cybersecurity Training
TLDR: End user cybersecurity training is essential for preventing malicious actors from gaining unauthorized access to your organization’s network. Creating…
What’s a Cybersecurity Program?
This session will cover some of the top cyber frameworks and how to customize controls to the context of your…
Obtaining Cyber Insurance For Your Organization
By Darren Hulem, CISA, CEH, Security +, Senior Manager, Risk & Advisory Services As cyberattacks grow in frequency and complexity,…
Reputation Risk as Part of Your Cybersecurity Program
This session is being presented as part of the 2022 GWSCPA Nonprofit Symposium.
Cybersecurity – Let’s Get Back to the Basics
Join GRF’s risk advisory services team to discuss possible vulnerabilities and weaknesses that malicious actors may already know about, and…
Your Organization’s Guide to Cybersecurity
Cybersecurity is a part of every organization’s daily life. Want to learn how to protect your organization but become overwhelmed…
DC Top Risks Summit
Don’t miss the opportunity to take home advice from some of the most influential leaders in the risk community! Join…
Fraudulent Domains: Are You a Victim of Typosquatting?
GRF Cybersecurity Risk Assessment and Scorecard Blog Series Fraudulent domains look very similar to your organization’s domain name and…
Information Disclosure: Are you up to date on privacy laws?
GRF Cybersecurity Risk Assessment and Scorecard Blog Series Securing the privacy of your organization’s employee and customer data is…
Social Network: Knowing the Narrative Surrounding your Organization
GRF Cybersecurity Risk Assessment and Scorecard Blog Series Social media has allowed organizations to connect with customers around the…
Identity and Access Management (IAM): Who is accessing your data?
GRF Cybersecurity Risk Assessment and Scorecard Blog Series Simply put, Identity and Access Management (IAM) is the discipline of…
Application Security: Are you protecting important information on your website?
GRF Cybersecurity Risk Assessment and Scorecard Blog Series Web applications are a top target for attackers. Hackers are constantly…
Assessing Your Digital Footprint: What do people see about your organization?
GRF Cybersecurity Risk Assessment and Scorecard Blog Series It’s crucial for your organization to have an online presence to…
Website Security: Is your front door open?
GRF Cybersecurity Risk Assessment and Scorecard Blog Series Identifying and mitigating website risks Data breaches are costly, and the…
Content Delivery Network (CDN) Security: What are the risks?
GRF Cybersecurity Risk Assessment and Scorecard Blog Series Organizations use their online presence to attract donors, members, and clients…
Patch Management: Eliminating Vulnerabilities
GRF Cybersecurity Risk Assessment and Scorecard Blog Series The threat of cyberattacks is frightening, persistent, and can affect any…
Blog
Elements of Successful Nonprofit Cybersecurity
Nonprofits are more reliant on technology than ever before to deliver on their mission. The integration of digital technology into…