CEH Scheme Committee


Joseph Juchniewicz (Chair)

Joseph A. Juchniewicz is a Risk and Compliance Senior Consultant that provides high-level consulting services to customers primarily in the area of information security, including the design and implementation of security solutions, conducting security assessments, as well as assisting with the alignment of operational procedures with information security best practices. He has extensive experience in vulnerability and penetration testing, social engineering, physical security assessments, investigations, incident response, and computer forensics.


Steve Petrie (Vice Chair)

Steve Petrie is a Senior Security Engineer at Telos Corporation with over 30 years of experience in the information technology field. He provides high-level technical services for the Department of Defense and various commercial entities. He has experience providing technical security assessments, physical security assessments, vulnerability and penetration testing. Mr. Petrie holds a BS in Information Technology and currently holds several certifications including CEH, CHFI, ECSA, OPST, and CISSP.

bill varhol

Bill Varhol

VP, Security Assessment Team Lead

Mr. Varhol has a well diversified background with many years of experience within information technology and information security. He has earned a variety of industry recognized certifications and contributes to the information security community by volunteering in different capacities. He has consulted on and performed many technical security assessments for large retailers, technology companies, manufacturers, banks, universities, and others across the United States. He is currently Security Assessment Team Lead with AlixPartners, a global management consulting firm.


Kristopher Thomas

Cyber Systems Engineer – Senior Technical Specialist, Perspecta

Kris Thomas is a cybersecurity practitioner that works closely with clients to solve complex problems and provide innovative solutions. Mr. Thomas background includes in-depth knowledge and expertise in cybersecurity principles, concepts, methods, standards, and practices through progressive technical roles leveraging Windows-based products and U.S. Federal policy implementation and monitoring.


Austin Embry

Manager, Global Cybersecurity and Security Operations, Deloitte & Touché LLP

Austin Embry is a cybersecurity professional, leader, and trusted advisor with experience building robust security programs. He has a deep understanding of how cyber risk management, security operations, and threat intelligence is applied across numerous industry sectors and organizations. Further, he is specialized in identifying and mitigating attack vectors, reducing exposure to cyber threat actors, as well as identifying countermeasures to reduce the likelihood and potential impact of an attack on an organization.


Timothy Robinson

Practice Manager; Public Sector Cybersecurity, World Wide Technology

Tim recently joined the WWT Security Practice from Leidos, Inc. where he served as a Chief System Engineer, Cyber Research Analyst, and Cyber Operator. Prior to that, he spent over 20 years as a Unites States Marine and served a large part of it as a Communications and Information Systems Officer.
As a Practice Manager for Cybersecurity, his role is to focus specifically on leveraging WWT’s Security Portfolio to support the Public Sector Customers’ needs. He is a part of the Federal Technology and Innovation Group where he drives innovative solutions for security and information technology at scale with WWT’s OEMs. He is the primary author for WWT’s Integrated Endpoint Security Architecture and worked on a team to bring this solution market for our customers.
Tim has a BS in Management Science & Information Technology with a focus on Decision Support Systems from Virginia Tech. His MS is in Operations Research/Analysis from the Naval Postgraduate School. He is currently pursuing his doctorate in Cybersecurity from Capitol Technology University in Maryland.


Rusty O’Callaghan

A decree educated security professional with over 30 years’ experience. He has a varied background with many years of experience within information technology and information security. He has earned a variety of industry recognized certifications. He has extensive experience in vulnerability and penetration testing, social engineering, physical security assessments, investigations, incident response, and computer forensics. He has completed assignments in the public space for UK MOD, FCO, Central and Local Government departments. Also, International Defence, Aerospace and Maritime clients. Has held the highest security clearances for UK and NATO. Has also completed assignments for International Financial and Legal clients. Has provide training and management of multinational team personnel from various technical disciplines in various security cleared environments.


Marcelo A. Gallardo

Senior Enterprise Security Engineer, TelosCorporation

Mr. Gallardo has over 31 years of IT experience, including 21 years’ experience in applied security engineering, and seventeen years’ experience conducting certifications and accreditations (C&As) of systems and networks. He currently conducts security assessments and penetration testing for DoD and Federal systems, which involves analyzing the security architecture, conducting certification testing and vulnerability assessments, and determining security risks, in accordance with DoD and Federal regulations and guidelines.


Anthony Dayrit

Anthony Dayrit is a security researcher, has a Bachelor of Science degree on Electronics & Communications Engineering, with 16+ years of IT experience 10 of which is focused on Information Security & Risk Management.
Worked with various MNC firms such as Cisco-Linksys, Trend Micro, Barclays Capital and Leo Tech Services (a software development house HQ in Singapore) as IT Security Compliance Manager where he also served as the Data Protection Officer, Global Blue and now with an Insurance company leading the Governance, Compliance and Cyber Risk Management.
He maintains various certifications, some of which were:
SANS GCIH – GIAC Certified Incident Handler, EC Council – C|EH Certified Ethical Hacker, L|PT Licensed Penetration Tester, (ISC)2 – Certified Information Systems Security Professional, ISO/IEC 27001:2013 Lead Auditor, SISA – Certified Payment Card Industry Security Implementer, Regular contribution to multiple security interest groups: Director, (ISC)2 Singapore Chapter, Member - Open Web Application Security Project Singapore Chapter.

Michael Hughes

Michael Hughes

Michael Hughes is a Head of Information Security for a global law firm, responsible for all aspects of information security including: the design and implementation of security solutions, conducting security assessments, internal audits, internal investigations, compliance with ISO27001:2013 as well as assisting with the alignment of operational procedures with information security best practices. He has extensive experience in risk management, policy development, ISO27001, vulnerability management, auditing of IT and physical security, investigations, incident response and computer forensics across the legal, commercial and government sectors.

Sharon Smith

Sharon Smith

Principal Security Consultant, Verizon

Since 2005 Sharon has worked globally with companies from a single location to Fortune 50 providing consulting and advisory services around their security and compliance initiatives. Sharon’s past work has spanned a broad security spectrum as a principal security consultant, auditor, and advisor. Sharon has taught Security+ certification courses and cybersecurity fundamentals and enjoys helping those new to the cybersecurity understand their career options. As a conference speaker and Webinar guest, Sharon often speaks on leadership, career, and diversity within the cybersecurity industry. Sharon received her BBA in Accounting from Eastern Michigan University and her Masters in Forensic Science, High Technology Crimes from The George Washington University. Sharon is currently a Certified Information Systems Security Professional (CISSP) and Certified CISO (CCISO). She has previously held the Certified Information Systems Auditor (CISA), Certified Ethical Hacker (CEH), Certified Fraud Examiner (CFE), and Payment Card Industry Qualified Security Assessor (PCI-QSA) certifications.

Shannon Stewart

Shannon Stewart

Shannon has a broad experience in work that encompasses many different areas of interest. Twenty-eight years of ministerial ministry, over 10 years of Retail Management, owned his own construction company and over fifteen years in the IA/ IT field. His IA/IT adventures start with the Dos system in a telephone company’s infrastructure to working with Telos Corp for over twelve years.
With Telos Corp, Shannon provides IA/IT related services, technical services, and system related documentation for satisfying security requirements and C&A of DoD automated information systems. He prepares certification documentation in accordance with the NIST, RMF, DCID & DHA; routinely provides input and comments to draft A&A documentation; supports, analyzes, and tests various DHA and Navy Medical local area networks for compliance with DoD, DHA, & Navy configuration policies. He serves as a team lead, where team leads are responsible for testing the security of various Navy Medical applications utilizing database, source code, and application scanning software. He is a member of EC-Council's Scheme Committee. Shannon has Security+ and CEHv6 certifications along with a verity of specialty courses in the IA/IT field.

Steve Lindley

Steve Lindley

Steve Lindley has over 15 years of Information Technology and Information Security experience. He is currently the Information Security Officer for the County of Sonoma. He also has experience working in the public safety and financial industries, where he has gained real life, hands on experience defending sensitive networks against cyber-attacks. Steve also has extensive experience performing vulnerability scans, penetration tests, and social engineering tests. He also holds numerous industry certifications including the EC-Council ECSA, CEH, ECIH, and ECES certifications, CompTIA PenTest+, CySA+, Security+, Network+, and A+ certifications, and has his B.S. in Cybersecurity and Information Assurance.

First Name Last Name Designation Company/Organization
Anthony Dayrit Information Security Lead AXA Technology Services
Dulan Wickramasinghe Deputy Manager – Information Security National Development Bank PLC
Anjanette Harris Cyber Security Analyst Alta IT Services
Chad Hayes Cyber and Mobile Security Consultant Bryodyn Technologies LLC
Michael Hughes Director & Principle IA Consultant Teeke Consulting, UK
Jon Marler Security Engineer Trustwave
Denis O'Callaghan Security Consultant – Cyber Defence NATO SHAPE, Casteau Belgium
Phil Patrick Application Security Analyst The Juiceplus Company
Steven Petrie Enterprise Security Consultant Telos Corporation
Timothy Robinson Cyber Capabilities Researcher Leidos, Inc
Shannon Stewart Enterprise Security Consultant Telos Corporation
Kristopher Thomas Cyber Security Consultant Deloitte
Alejandro Villegas Security Engineer Amazon

The specific duties and responsibilities of the SC members include:

  • Approve key policies governing the operation of EC-Council Certification Division.
  • Assuring consistency of decision making as well as the criteria used therein.
  • Serve on appeals and complaints task groups as appointed by the SC Chair.
  • Promote and provide guidance to promote EC-Council certifications.
  • Provide guidance regarding international initiatives supporting EC-Council certifications.
  • Provide guidance to support educational initiatives related to EC-Council certifications.
  • Determine areas of research required to improve EC-Council certifications.
  • Serve on task forces / subcommittees as appointed by the SC Chair.

Note: Next SC scheduled meeting: May 2021.

Disclaimer: None of the EC-Council | Scheme Committee members are part of the management team of the International Council of E-Commerce Consultants (EC-Council) and as such, they should not be construed to be part of the Board of Directors of EC-Council.