Skip to main content

Sarah Pavelek


Sarah has over twenty years of cybersecurity consulting experience in a number of industries, including technology, service, insurance, financial institution, and healthcare. Sarah is one of the leaders in the System and Organization Controls (SOC) practice and her experience includes SOC readiness assessments & examinations, Microsoft Data Protection Requirements (DPR) assessments, IT risk assessments, IT audits, application security controls reviews, privacy assessments (GLBA, HIPAA Security), HITRUST, and Sarbanes-Oxley 404 IT compliance reviews. Sarah has a BS in Accounting from the University of Alabama (Summa Cum Laude) with a minor in Computer Science. Sarah is Certified in Risk and Information Systems Control (CRISC), Information Systems Security (CISSP), and is a HITRUST Certified CSF Practitioner (CCSFP). She is a member of the Information Systems Audit & Control Association (ISACA) and the International Information Systems Security Certification Consortium (ISC)². She has also achieved the Advanced SOC for Service Organizations Certificate from the AICPA. Sarah has presented on cybersecurity related topics in various white papers, newsletters, TV outlets, webinars, and conferences.