Established in 1999 ecfirst is an Iowa-based Corporation. ecfirst delivers complete end-to-end compliance and information security services across the United States and worldwide. ecfirst has completed several hundred information security assessments over the last few years for satisfied clients. Our team has managed assessments using various standards including, but not limited, to NIST 800-53, HIPAA, GDPR, ISO-27001, PCI-DSS and others. We are well regarded in the industry as an affordable and high-quality team with well-established expertise in a number of fields. Many clients first engage ecfirst for its flexible services that range from On-Demand Consulting (ODC) to Managed Compliance Services Programs (MCSPs) covering training, policies, remediation, risk assessment, technical vulnerability assessments, penetration testing and much more.

The biggest differentiator we offer is our well-qualified and experienced team, as well as our capabilities in knowledge transfer throughout our engagements. Our expert team members are well credentialed (certified CISAs and CISSPs) full-time employees who have deep hands-on experience in the business and technology areas of a business that they support.

Vision (Mantra)

Enabling establishment of an active cyber defense program and capability.

Mission (Karma)

Implement an evidence-based compliance program integrated within an enterprise-wide active cyber defense system.

ecfirst Promise

  • Unconditional Guarantee!
  • No questions.
  • ecfirst will not consider an engagement complete unless client is 100% satisfied.


Ali Pabrai
Chairman, Co-Founder

As Chairman and Co-founder of ecfirst Ali Pabrai is responsible for the Security Solutions business of the company. He is a well-known thought leader in Information Security and is a regular speaker at many forums such as ISACA and HITRUST. Ali served as interim CISO for a health system with 40+ locations in USA. He has led numerous engagements worldwide for ISO 27001, PCI DSS, NIST & HIPAA/HITECH security assessments.

Ali was the creator of the world’s most successful Internet skills certification, CIW. He established the industry’s first certification program on HIPAA – Certified HIPAA Professional (CHP) and Certified HIPAA Security Specialist™ (CHSS™). He also launched the Certified Security Compliance Specialist™ (CSCS™) program. He is the co-creator of the Security Certified Program (SCP) – a program approved by the U.S. Department of Defense Directive 8570.1M and one of the industry’s most comprehensive hands-on information security certification programs.

Allen Nguyen
President, Co-Founder

As President and Co-founder of ecfirst, the HIPAA Academy™, Allen Nguyen is responsible for day-to-day operations of the company and the delivery of quality technical solutions to customers. He has accrued over two decades of experience and has become an expert in Internet-enabling technology. Prior to co-founding this company Allen spent many years consulting for several large corporations. Expecting to see a profound impact in the commercial arena of Internet technology, in 1995 Allen co-founded ABC Communications. The goal of ABC was to help companies understand, embrace and implement Internet technology. During that time he built the company’s technical infrastructure, led several enterprise-wide web development efforts and was instrumental in leading product development.

Allen is the creator of first 100% Java Applet application to automate the processing of forms from a web browser. Sun Microsystems, the inventor of Java, eventually licensed it for its own usage. In 1999 he joined Ali to start ecfirst, now a recognized provider of IT and security solutions.

Our mission is to keep your organization compliant with regulations and be prepared for any cybersecurity event at any time.

ecfirst solutions are tailor-made for your organization. We cover all areas of securing your enterprise IT assets