In this podcast episode, Edward Pereira, CPA, CGA, discusses how he used his CPA background to dive into the cybersecurity space and is now advocating for CPA careers in cybersecurity. Hosted by Vince Kanasoot, communications specialist, CPABC. Part of our Coffee Chats with CPABC podcast series.
This past year, CPABC recognized Edward Pereira, CPA, CGA with the Distinguished Service Award for his remarkable commitment and dedication to giving back to his community. He received this honour alongside Jennifer Cudlipp, CPA, CGA.
Ed (photographed here by Kent Kallberg Studios) is a principal consultant at Carmel Info-Risk, a cybersecurity consultancy. Among his past achievements, Ed co-founded and helped grow the BC Aware Campaign, an annual conference that has been instrumental in raising cybersecurity and privacy awareness among B.C.’s government, business, and education sectors. This body of work eventually led to the Information Systems Audit and Control Association’s (ISACA) Vancouver chapter earning an Outstanding Chapter Achievement Award from ISACA International in 2018.
BC Aware Campaign evolved into the globally-focused Vancouver International Privacy & Security Summit, and Ed remains involved as a member of its industry advisory council. He is also an active volunteer with the B.C. Government’s Provincial Security Advisory Council, where he co-developed the council’s mission and regularly shares key insights with other cyber leaders from across the province.
Ed also volunteers his expertise by leading seminars with the CPABC Technology Forum and contributed to the new CPA Competency Map in 2021. Ed mentors CPAs, promoting alternative career paths in IT through his work at ISACA where he’s been a board volunteer since 2011 including one year as chapter president.
CPABC recently spoke with Ed about his career journey and how he’s used his CPA background to innovate in the cybersecurity space. You can hear the full interview in our podcast episode with him. Below are some highlights of the conversation.
You earned a Bachelor of Commerce in finance and transportation from the UBC Sauder School of Business. What inspired you to pursue this degree and how did that lead to a CPA designation?
Ed: I was interested in the airline business, because I had family members who were involved. In particular, I wanted to pursue airline management, as I’m very analytical and thought it would be a great fit. UBC Sauder was one of the few schools in Canada that offered specialization in transportation and logistics.
After I graduated from UBC, I worked at Canadian Airlines (a predecessor to Air Canada) for 10 years. The airline industry is very labour and capital intensive, requiring knowledgeable accountants to oversee profitability. I was told early on that if I wanted to move up within the company, the next step would be to become a CPA.
Why did you leave the airline industry after 10 years and what did this lead to?
Ed: Canadian Airlines essentially merged with Air Canada and if I wanted to stay with the organization, I would need to relocate to its accounting centres in either Winnipeg, Toronto, or Montreal. I chose to stay in my hometown of Vancouver, instead, and pursue an emerging opportunity in the dot.com boom of the late 1990s. I spent four years developing a software-as-a-service (SaaS) business for the events and conventions industry that helped event planners manage their hotel blocks online.
I eventually sold my SaaS company to a Los Angeles outfit and moved there briefly to help integrate the two companies. I returned to Vancouver intending to work in an IT career for good, first as an IT Project Manager. I realized I could transfer project management skills from my previous internal audit experience as well as my technology development skills that I’d honed during the dot.com boom. In 2004, I was presented with an opportunity to help start up an enterprise audit function within Intrawest ULC, and then a year and a half later, another opportunity to start up their enterprise cybersecurity function.
After about eight years as a director of cybersecurity for two different companies, and having started the cybersecurity program for them, I felt that a cybersecurity tsunami was coming with increased cyber threats, and that it was going to hit everybody. So from that point on, my consulting focus was on providing cybersecurity leadership, starting up programs where there were none before, or remediating cybersecurity programs at the corporate level. On that basis, I launched a cybersecurity consultancy, Carmel Info-Risk in 2013.
Tell me about your current role with Carmel Info-Risk Consulting Group.
Ed: Carmel Info-Risk is primarily what you'd call a virtual chief information security officer (CISO) consulting practice, similar to a virtual CFO-for-hire practice. On a part-time or ad hoc basis, we help organize and execute cybersecurity strategies and plans for small-to-medium-sized businesses that can't afford a full-time cybersecurity leader.
By working with a variety of diverse businesses, I have been exposed to more clients, more IT teams and environments, and IT compliance regimes than I would have if I had stayed at one employer. This has allowed me to keep up, somewhat, with the rapid pace of cybersecurity and share my experiences to the benefit of all of my clients. So, it’s been fun - never a dull day in cybersecurity.
You’ve been a strong advocate for educating CPAs on cybersecurity. Why is that?
Ed: When I graduated from university, cybersecurity wasn't a thing. It wasn't even a field unless you were in banking. But now, I think all graduating students, whether they're coming out of university or just finishing up their CPA program, need to be educated on cybersecurity. Digital transformation is changing in a way that may not even be foreseeable at this point. As a long-time cyber and IT compliance practitioner, I feel I am well qualified to advocate for more cybersecurity education for CPAs.
How did you get involved with ISACA and the BC AWARE campaign?
Ed: After I received my CPA, I was looking for ways to volunteer my time and give back to the community. I found that ISACA is a great organization where, as a volunteer, you get back as much as you put into it, if not more. I eventually became president of ISACA Vancouver. During my term, we introduced a cybersecurity conference in Vancouver called BC AWARE. The conference enjoyed great success over seven years; but eventually, we had to partner with a third-party professional event planner to allow the conference to continue to grow.
The conference is now known as the Vancouver International Privacy and Security Summit. At this time, we’ve held two annual conferences held under the new name. Over the past nine years, we’ve brought in a lot of speakers from different parts of the world to speak at our conferences, and it has been very satisfying to be a volunteer.
What else would you like to achieve in your career?
Ed: I'd like to do more consulting with clients outside of North America, including Europe. One of the benefits of the pandemic was opening the world to remote work. I'm very happy with what I do, including training and teaching cybersecurity awareness, and I want to continue.
After 17 years, I still love the cybersecurity and IT business because it’s so dynamic, whether it be process, or technology, or people issues, every day is different and there's always interesting new surprises and developments.
Vince Kanasoot is a communications specialist for CPABC