My short bio updated 2/1/2013:

James DeLuccia IV a published author, practitioner, auditor, inventor and currently a Senior Manager with Ernst & Young brings first hand research and experience on Cloud and global security operating frameworks. DeLuccia is certified as a CIA, CISA, CISM, CISSP, CPISA, CPISM and has degrees in Risk Management, Management Information Systems and an M.B.A. in Finance. His book, “IT Compliance and Controls: Best Practices for Implementation,” is globally available. His ongoing efforts focus on supporting and developing global information protection programs. He leads the E&Y’s Americas’ ISO Security Program including building, design and certification activities.

I believe in transparency when it comes to meeting regulations and therefore have dedicated this simple site to communicating and clarifying what I come to understand from building and creating global enterprise information technology, compliance, and security programs.  This leads me down the road of 100+ regulations at a time, but I do try to be focused and eliminate the ‘it depends’ language that plagues the IT, infosec, and general professional services field. I will try to differentiate opinions from fact when possible.

I wrote a book with John Wiley and Sons and have backed up that work with 300+ articles, speeches, research papers, and such over the past few years.  I spend a majority of time establishing programs that balance the business requirements (revenue generation, speed to market, agility and respect to customers) with the needs of the systems themselves (resiliency, compliance, security, and appropriate risk management).

See my LinkedIN CV for greater detail and updates professionally.  I am always interested in new ventures and pursuits.

I also have developed my own patents and am in constant iteration of new ideas and startups that I share with the community.  I am a creator and hope you will join me.

I have been fortunate to be a featured speaker at the most recent Association of Certified Fraud Examiners annual conference, the Institute of Internal Auditors Risk and Control Conference, ISACA, ISSA, RSA, RSA Europe, and for the Payment Industries recent seminar series.

I have sat through and passed the VISA certification exam and am currently a QDSP, CIA, CISA, CISM, CPISA, CPISM, CISSP, and hold an MBA in Finance.

This site is an open discussion – please add your experiences so we may all grow together.  Of course, my writings and the associated comments are the sole opinion of the author’s and do not reflect any employer or regulatory opinion.

Best regards,

James DeLuccia IV


This work is licensed under a Creative Commons License.

6 responses to “About

  1. James,

    I’m the online editor for http://www.complianceexecutive.com, a site being launched in January. It will focus on governance, risk, compliance, and data intergrity. One section I’m looking to include is a ‘Blog Spot’. This isn’t for our own site, but instead it’s a showcase for other blogs discussing issues relating to Compliance Executive.

    Each week I was hoping to feature a different blog, including the most recent/pertinent comment, and a link the blog, with a bit more info about the content, purpose, etc.

    I was therefore hoping to establish whether you would be happy for me to use your blog for this purpose.

    I appreciate you’ll want more info, but if you are interested please feel free to email me and I will do my best to answer any questions you may have.

    Thanks for your time and I look forward to hearing from you.

    Kind regards,

  2. Hello,

    I am the engagement manager at PwC for the PCI emerging technology research project that was publically announced yesterday. Please contact me directly so that we can collaborate. We want to listen to the industry. Look forward to hearing from you.

    Best regards,

  3. My name is Michael Sasaki and we (OuterJoin, Inc.) are the new owner of The Compliance Authority (www.thecomplianceauthority.com). Our goal with The Compliance Authority is to offer highly visible areas of our leading compliance website as a marketing tool for compliance service providers and vendors, who are experts in compliance and want to write compliance articles, blog posts, press releases, and white papers for The Compliance Authority. Additionally, The Compliance Authority is an expert in hosting compliance webinars, which takes the stress away from the company presenting and allows them to focus strictly on their presentation.

    We have partnered with LeadForce1, which allows us to pass on to you qualified leads that have read your articles, blog posts, press releases, white papers and attended your webinars. The leads that we pass on to you have full contact information (company name, individual name, phone number, email address, how long they spent on a specific article, etc.). I am interested in working with you in any way you think is beneficial. The Compliance Authority will prove to be extremely beneficial to you from a marketing and lead generation standpoint. Please feel free to contact me and we can discuss further.

    Best regards,

    Michael Sasaki
    The Compliance Authority

  4. Really nice blog James.

    Bookmarked and will revisit 🙂

  5. Hi,

    I was hoping you might have links / resources on how to map the critical controls to the pci requirements. 😦 Do you have any idea on where I should go for that info?

    Any help you can give would be appreciated.


  6. Hi Michael. Do accept guest post from professionals or experts in PCI DSS? Please let me know. Thanks!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s