Gordon Smith - Co-Founder (Retired)

Gordon Smith, Co-Founder of Canaudit, Inc., has over 30 years of progressive audit experience. Specializing in high-tech auditing, Gordon is a recognized expert on auditing complex networks, operating systems, databases, and forensic auditing. He is the original developer of the Canaudit Penetration Testing methodology.

Gordon is a distinguished career auditor with both internal and external audit experience. He co-founded Canaudit in 1985 to provide professional development and consulting services to the international audit community. Through Canaudit, Gordon has provided training and audit consulting services to many of the larger organizations such as banks, utilities, insurance companies, retail, government, and manufacturing concerns and has provided extensive services in the medical services industry.

Gordon was the recipient of the 2002 Wasserman Award for Outstanding Achievement in the field of Information Systems Auditing and Control. He is a Certified Management Accountant (Canada) who graduated in 1981. He is also a Certified Government Financial Manager and a member of The Institute of Internal Auditors and The Association of Government Accountants. Gordon is listed in the Who’s Who of Leading American Executives and has published two books titled Network Auditing: A Control Assessment Approach and Control and Security of E-Commerce, both published by John Wiley and Sons.

Kevin Nibler - Senior Manager, Security and Audit Services

Kevin Nibler, an Associate of (ISC)2, is a Senior Manager of Security and Audit Services at Canaudit. He has been with Canaudit for over five years and holds a Bachelor of Science in Computer Science from California State University of Northridge. Kevin is responsible for heading the company’s research and development. In this capacity, he directs staff in Canaudit’s efforts to identify new IT audit and security risks and develop new tools to automate audits.

Kevin is experienced in a broad range of penetration and security auditing techniques. Since starting at Canaudit, he has specialized in the audit and penetration testing of client’s Internet, web applications and web mail and has helped develop many of the tools used. He is also responsible for managing Internet audits, web application assessments and external vulnerability testing.

As a member of the Canaudit Penetration Team, Kevin is adept at identifying vulnerabilities. In the Windows environment, he is easily able to discover the single flaw in a machine that has the capability of compromising the entire domain. Kevin is also well versed in networking technologies. His work on Cisco, Nortel and Juniper vulnerability identification and assessment enables him to quickly determine needed improvements in client networks.

In addition to his capabilities as a member of the Canaudit Penetration Team, Kevin developed the Canaudit audit approach and security baseline regimen for Voice over Internet Protocol (VoIP). His approach enables the speedy identification of configuration flaws that can lead to the VoIP network being compromised. Kevin also developed and implemented the enhanced Canaudit Microsoft SQL audit approach. His software enhancements and scripts simplify the process of digging deeply into the database structure to assess the controls and suggest improvements in the configuration, security and other database controls.

Kevin has accomplished much during his career at Canaudit and continues to expand his knowledge in order to create the tools needed to pioneer innovative new techniques in technical auditing and IT security.

Kevin Kalbfleish - Manager, Security and Audit Services

Kevin Kalbfleish is a Manager of Security and Audit Services at Canaudit and has been with the company for over two years. He specializes in internal and external network penetration techniques. he is particularly adept at identifying control weakness in the Windows and database environment and external-facing systems. He is a former United States Marine with an extensive IT background and is currently pursuing his Bachelors of Science in Computer Information Systems. Prior to joining Canaudit, Kevin had six years of IT-related experience maintaining a regulated information systems environment at a global medical products and services company.

Jonathan Carr - Security and Audit Specialist

Jonathan Carr is a Security and Audit Specialist at Canaudit and has been with the company for over a year. He specializes in internal and external network penetration techniques. His main focus is networking devices, databases and modems. He is particularly adept and knowledgeable in compromise methods for networking devices and databases, and is able to readily identify sensitive data files within the network on these systems and devices. With some aid of special software, he also performs external modem hunts to identify and classify modems, following with a risk assessment of each individual modem. Once a modem is identified and quantified, he uses the necessary specific skills and tools to gain access to the internal network. Prior to his work at Canaudit, he was in a managerial position overseeing a team of four and performing quality control duties. He holds a Bachelor of Arts in Economics from California State University of Northridge and is familiar with Perl, C++, web development languages and SQL.