Stewart Fey, QSA, CISSP, CISA

Director of Technical Services

Image of Stewart Fey

University of Tennessee, Knoxville, Bachelor’s degree in business with an information systems concentration

Stewart Fey is the Director of Technical Services within our risk services division of LBMC, PC.

He keeps his clients one step ahead of cybercriminals and other vulnerabilities in his role managing LBMC’s penetration testing and Payment Card Industry (PCI) compliance engagements.

With nearly 15 years of experience performing penetration testing and other social and physical security tests for a variety of businesses, Stewart recognizes an organization’s security objectives must be balanced with its growth and operational objectives. This risk-based approach to testing and evaluation of security controls allows him to dig deeper to find potential weaknesses that other consultants miss.

Stewart helps his clients assess their security risk posture by:

  • Performing risk-based testing and assessments to achieve compliance with PCI Data Security Standards and other security standards
  • Identifying the organization’s comprehensive information security risks using real-world techniques, such as internal and external penetration testing (hacking), social engineering, web application and wireless network assessments
  • Reducing the organization’s risks through practical remediation recommendations that are tailored to the environment

Before joining LBMC in 2004, Stewart was a senior manager in the IT internal audit department with a Fortune 100 healthcare company. The insights he gained into the unique security risks and challenges faced by healthcare organizations allow him to design and implement solutions that best fit their operational and control environment.

“Stewart is one of those unique information technology professionals with an understanding of both business and technology. [He] understands the purpose of IT is to enable and support the business.” –CISO client


  • Certified Information Systems Auditor (CISA)
  • Certified Information System Security Professional (CISSP)
  • Payment Card Industry Qualified Security Assessor (QSA)
  • HITRUST Common Security Framework (CSF) Assessor

Thought Leadership

Tips for Securing Office365
Common ASV Vulnerability Scan Misconfigurations
2 Key Thoughts from 2018 PCI North America Community Meeting