Stewart Fey, QSA, CISSP, CISA

Shareholder, Information Security

Image of Stewart Fey

University of Tennessee, Knoxville, Bachelor’s degree in business with an Information Systems concentration

Stewart Fey is a Shareholder within our risk services division of LBMC, PC.

Stewart serves as LBMC’s service line leader for the PCI Compliance practice area and also is heavily involved in other technical service offerings including penetration testing. With 20 years of experience in the IT Security and Compliance space, Stewart recognizes an organization’s security objectives must be balanced with its growth and operational objectives. He brings a unique blind of deep technical expertise along with experience managing various security teams. Stewart has developed our PCI and Pen Testing teams to take a common sense and risk-based approach to our work, allowing our consultants to dig deeper into important areas while being flexible on less risky ones. Recognized nationally as a premiere expert in PCI Compliance, Stewart and his team are highly sought after to help companies navigate PCI Compliance.

Before joining LBMC, Stewart was a senior manager in the IT internal audit department with a Fortune 100 healthcare company. The insights he gained into the unique security risks and challenges faced by healthcare organizations allow him to design and implement solutions that best fit their operational and control environment.


  • Certified Information Systems Auditor (CISA)
  • Certified Information System Security Professional (CISSP)
  • Payment Card Industry Qualified Security Assessor (QSA)
  • HITRUST Common Security Framework (CSF) Assessor
Stewart is one of those unique information technology professionals with an understanding of both business and technology. [He] understands the purpose of IT is to enable and support the business.
CISO client

Thought Leadership

What Every Business Should Know About Social Engineering Cyber-Attacks
Reducing PCI Scope, What Makes Good Network Segmentation?
Five Steps for Maintaining PCI Compliance in the Cloud