- Client Login
David has over 14 years of extensive experience in information technology (IT) systems across multiple industries, including healthcare, banking, and retail payments. David leads Delap’s PCI DSS and SOC reporting practices, providing domestic and international clients with information security services including risk assessments, internal control reviews, network security analysis, and information security consulting.
| Principal | CTGA | QPA | CISM | CISA
Andrea has spent over 20 years in the financial services industry, cultivating and narrowing her technical expertise to focus in PIN Security and Key Management related to POS and ATM transactions. She developed and implemented the most extensive Processor‑driven PIN Security and Key Management compliance reporting program in the retail banking industry. As a subject matter expert, she provides risk review and consulting services to banks, processors, merchant processors, device manufacturers, certificate authorities, remote key delivery hosts, and key injection facilities in the U.S. and internationally.
Andrea is vice chairperson of the ASC X9F6 Working Group, serving as the Technical Editor for the extensive rewrite of ANS X9.24 Part 1, published in 2017. Andrea also serves as a X9 board member and U.S. Expert to ISO TC68 SC2 WG13, involved in development of international versions of security standards.
Spencer provides cybersecurity assurance and consulting services for a diverse portfolio of clients and industries at Delap. His insight, combined with his information security expertise, means that clients receive high-quality reporting in addition to a value-added services engagement.
As a fully certified QSA and QPA, he performs PCI DSS and PCI PIN assessments within the Retail Financial Payment Industry both domestically and internationally. Spencer has extensive experience in Unix and Windows security, network security, cryptography, and IT control testing.
In the realm of consulting, Spencer translates often complicated industry compliance requirements and standards so his clients can effectively understand and implement their compliance obligations.