Cloud Platform
Contact us
Try it
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
Cloud Security

See Resources

INDUSTRY: Consulting / Services

BUSINESS: Risk management assurance and advisory services

SCOPE: United States

CERTIFICATIONS: Certified Public Accountant (CPA), Certified Information Technology Professional (CITP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified Fraud Examiner (CFE) certifications

BUSINESS CHALLENGE: Find an easy-to-use and accurate way to manage vulnerabilities for the firm's financial services customers.


  • Qualys Consultant


  • Accurate and thorough Qualys scans.
  • Ease of identifying client network assets and vulnerabilities through Qualys’ on demand architecture.
  • Cost-effective.
  • Comprehensive and customizable reporting features.
Envelope Print

Joel Lanz, CPA, P.C.: Enhancing Financial Services Security and Regulatory Compliance

This risk management assurance and advisory firm helps its clients to better navigate the hazards associated with IT security and regulatory compliance. When it comes time to assess client systems for vulnerabilities and misconfigurations, the solution of choice is Qualys Consultant.
Joel Lanz, CPA, P.C. home page

Risk management, regulatory compliance, and IT security services are booming. In fact, with rising IT security threats, the increased dependence on technology to run business, and the demands of attaining regulatory compliance, continue to push demand for security services—including risk assessments, consulting, and vulnerability management services - that are growing at a double-digit clip. Analysts expect the global market for security services to exceed $32 billion by 2010, as more organizations seek the strategic guidance needed to assess their level of IT risk, vet their security and privacy policies, and gain third-party insight through IT audits.

"Qualys’ accuracy, full vulnerability Knowledge-base, remediation information, and ease-of-use, makes it the perfect tool to conduct client assessments."

"I couldn't compete with the larger IT consulting firms without Qualys."

Joel Lanz,
Founder and Principal at Joel Lanz, CPA, P.C.

Joel Lanz

That's where Jericho, New York-based Joel Lanz, CPA, P.C., steps in. This unique CPA practice provides risk management assurance and advisory services to financial institutions of all sizes—from community banks to those with billions in assets. For the past twenty-five years, Lanz's experience as a "Big 5" CPA Partner includes providing these institutions fraud, regulatory, and IT security services, as well as extensive executive-level banking experience. The practice also performs IT Audits on behalf of other CPA firms to support financial statement opinions. Lanz also brings a wealth of accounting, fraud, and IT security certifications to each engagement. "I differentiate myself by being able to speak the languages of technology, risk, and accounting in ways that both technical and business managers understand," says Joel Lanz, founder and principal. "Whereas the large services and accounting firms are focused on mass marketing their services, I've built a practice based on very high levels of involvement with the customer that dramatically improves business performance and reduces risk," he says.

One of the cornerstone services that Lanz provides to help his clients reduce risk is thorough vulnerability assessment of their IT infrastructure. "Companies are focused on running their businesses, and they need experienced outside eyes to help them understand and mitigate their risks in the most effective ways possible," says Lanz. "While many security service firms use scare tactics, or dump highly technical reports with reams of vulnerability listings on clients, I help them decipher all of the technical nuances with information they can understand and put to use immediately." This is also helpful for CPAs in evaluating their clients control environments.

For IT security assessments, Lanz's tool of choice is Qualys Consultant. Qualys Consultant provides Lanz an expedited and streamlined way to recognize all of a client's networked assets—desktops, servers, routers—and identify those that are at risk to attack, or out of regulatory compliance, due to outdated patch levels or other system misconfigurations. Because Qualys Consultant is an on demand, services based solution delivered via the Web, Lanz can conduct cost-effective vulnerability assessments any time they're needed. In addition, Qualys Consultant's comprehensive and customizable reporting features allow him to provide his clients the detail-rich, yet straight-forward reports they need. "Qualys gives me the baseline I need to access the status of a client's network—not only their security preparedness, but the overall health of their network," he says.

"Qualys’ accuracy, full vulnerability Knowledgebase, remediation information, and ease-of-use, makes it the perfect tool to conduct client assessments," he says. In addition to security assessments, Lanz uses Qualys’ comprehensive asset discovery and network mapping capabilities as part of his IT audit and governance services. Qualys’ ability to rapidly identify and map all networked assets facilitates Lanz's ability to help his clients make certain that their IT asset inventories match reality, and be sure they can spot areas where they may be overpaying for software licensing fees.

That's not only good news for Lanz's clients, but also for his vulnerability risk assessment practice. "Many of these services just wouldn’t be possible without Qualys. In fact, I couldn't compete with the larger IT Consulting firms without Qualys," he says.