Antonina McAvoy specializes in cybersecurity, as well as data protection and privacy. She has over a decade of experience leading and performing a wide spectrum of cybersecurity reviews (i.e. NIST, COBIT, CIS, PCI, GDPR, ISO Standards), SOX 404 business control mapping and Information Technology General Control (ITGC) assessments, AICPA SOC reporting (SOC 1, 2, 3, SOC for Cybersecurity, and SOC for Supply Chain reporting), HIPAA compliance audits, HITRUST CSF readiness assessments, FFIEC ITGC examinations, Department of Defense (DoD) System Security Plans (SSP) and Plan of Action & Milestones (POA&M), DoD DFARS and CMMC readiness assessments (CMMC provisional assessor candidate), outsourced IT internal audits, and internal control assessment services.
Antonina has strong technical skills and is instrumental in performing complex data mapping exercises to identify where key data resides in an organization’s environment, assessing the design and operating effectiveness of control environments, as well as identifying control gaps and weak cybersecurity settings. Ms. McAvoy is highly skilled in analyzing the root cause and impact of IT issues through gaining a deep understanding of an organization’s operations. She is well versed in translating IT risks, recommending business solutions, and advising organizations on designing strategies to create and improve sustainable data protection and enterprise-wide risk prevention programs.
Antonina grew up in a family of accountants, with her parents serving as CFOs. Antonina followed suit with a degree in Accounting, but initially discovered her interest in information technology during her first post-college position when she was presented with the opportunity to work on an IT audit. Her experience since then has led Antonina to assist organizations across various industries, as well as both small mom-and-pop businesses to large global organizations where Antonina coordinated the information technology audits across both geographic and language barriers for multiple key international locations. She has found her passion by combining her love for networking with applying the technical knowledge she gained from helping companies identify control gaps and security weaknesses. Her innate ability to connect with people allows her to effectively communicate weaknesses identified and make strong recommendations to management to help improve their cyber-environment.
A decade has passed since she first started assisting companies with their IT environments, yet the fear of cybersecurity preparedness by boards and upper management has only increased as high-profile cyber-attacks become more common and the need for digital trust intensifies. It is Antonina’s mission to help companies strengthen their business and cyber-resilience to reduce the risk of a cyber-incident occurring that could have a significant financial, operational, legal and reputational impact.
Prior to joining PBMares in 2018, Ms. McAvoy worked with other accounting firms, including a five-year tenure in the Information Systems Assurance group of the fifth largest accounting firm in the world, and a three-year tenure with the Risk Assurance group of a prestigious “Big Four” accounting firm.
PROFESSIONAL ASSOCIATIONS:
- American Institute of Certified Public Accountants (AICPA)
- ISACA (formerly the Information Systems Audit and Control Association)
- Risk Management Association (RMA) Carolinas and Virginias (CAVA) Board Member
- Junior League of Virginia Beach
- Hampton Roads Chamber of Commerce
EDUCATION:
- Master of Science in Cybersecurity with a concentration in Cyber Operations from Utica College
- Bachelor of Science in Business Management with a concentration in Accounting from Babson College
- Associate of Science in Business Administration with a concentration in Accounting from Massachusetts Bay Community College
PUBLICATIONS:
Pursuing a master’s degree was a lifelong academic goal of Antonina’s, which culminated in her first publication The Secret to Mastering the Defense Federal Acquisitions Regulation Supplement Cybersecurity Requirements (ProQuest No 27672340).
CERTIFICATIONS:
- Certified Information Systems Auditor (CISA) by ISACA
- Certified Information Security Manager (CISM) by ISACA
- Qualified Security Assessor (QSA) by PCI Security Standards Council
- Payment Card Industry Professional (PCIP) by PCI Security Standards Council
- Cybersecurity Advisory Services Certificate by AICPA
- Cyber Operations Certificate by the Center of Academic Excellence in Cyber Defense Education on behalf of Utica College, the National Security Agency, the United States Department of Homeland Security and the National IA Education and Training Programs
ARTICLES:
HITRUST Certification Just Became More Affordable

HITRUST was once considered by many small and medium-sized businesses to be out of reach due to an exorbitant price tag. But there are new cost-effective options companies can leverage to increase their transparency, integrity, and reliability.
Shields Up: 3 Proactive Steps to Take Right Now

In a call to action that’s being called “Shields Up,” the U.S. Cybersecurity and Infrastructure Security Agency continues to warn Russia could escalate destabilizing activities that may impact countries well beyond Ukraine. In light of these threats, U.S. businesses of all sizes should take steps immediately to shore up cyber defense.
Webinar: Cyber Resilience in Times of Conflict

Threat actors have been very transparent about focusing their efforts on businesses with fewer resources. Join our panel discussion on Cyber Resilience to better position your organization to handle a cyberattack.
Take 3 Steps Now to Survive a DOL Cybersecurity Audit

Hacking and ransomware have the potential to create havoc for the assets and sensitive data housed in benefit plans across the country. As a result, in 2021, the DOL scaled up its interest in how administrators are addressing and responding to cybersecurity risks.
Case Study | Not-for-Profit Overcomes a Financial Hack and Comes Back Stronger

A small Virginia nonprofit thought they were doing all the right things in terms of cybersecurity, cyber insurance and safety. They found out the hard way that it wasn’t enough to avoid the damage from a hacker that knew how to manipulate their weak points.
Webinar Recording | Challenges and Opportunities for Not for Profits

Learn about the top challenges and opportunities facing not-for-profit organizations in 2022. Topics include tax updates, the impact of new legislation, succession planning challenges, industry best practices and the importance of a robust cybersecurity program.
Webinar Recording | What Can You Do to Prepare for the Next Cyber Attack?

PBMares’ October 13th webinar reviews the three most common cyber misconceptions and exposures for your organization, including guidance on controlling these risks through IT standards, best practices, and insurance coverage.
Top Cyber Risks for the Real Estate Industry

Half of all real estate companies report being unprepared for a cyber attack. Understanding where risk comes from and how to prevent and mitigate data breaches can help companies avoid the costly effects of cybercrimes.
Cybersecurity Risks and Prevention Strategies for the Construction Industry

One in six construction companies fall victim to ransomware every year. They are at high risk for cyberattacks, yet most do not have a cybersecurity strategy. Understanding where risk comes from is a good start; proactively mitigating it takes teamwork.
10 Key Considerations to Take When Evaluating Managed Service Providers

More organizations are using Managed Service Providers (MSPs) to help fulfill ongoing needs, like cybersecurity and outsourced accounting. Before hiring an MSP, it’s helpful to understand the top ten areas that can impact the engagement’s success.
Preventing Ransomware Attacks at Your Business

Ransomware attacks have become a major threat to many private businesses. The possibility of having critical business data encrypted by cybercriminals who then demand millions for data release is fast becoming a reality.
For Many SMBs in the U.S. Defense Industrial Base, CMMC 1 is a Business Critical Challenge

Learn how small government suppliers can meet the looming CMMC Level 1 compliance challenge.
Sec-U-rity Starts with You!

Two events will shape everyone’s memory of 2020: COVID-19 and humankind’s increased dependence on the Internet across the world for business and personal use.
Sec_rity Is Not Complete Without U!

While technical cybersecurity controls are a vital part of your organization’s information security framework, they are not in and of themselves sufficient to secure all of your information assets.
Cloud Computing Security Risk Management Update

The emergence of cloud computing has opened the door for financial institutions to take advantage of the many benefits offered by emerging technology.
How DoD Contractors Can Prepare for CMMC Implementation in 2020

Cybercrime costs the U.S. economy between $57 billion and $109 billion every year. Although there have been guidelines for meeting cybersecurity benchmarks in the past, all DoD contractors are now subject to Cybersecurity Maturity Model Certification (CMMC).