Your security partner for good
Secure what's most important to your business with our expertise, technical skill, and ethical character.
Making Waves in Cybersecurity Consulting Services
TrustedSec Named a Leader in The Forrester Wave™: Cybersecurity Consulting Services, Q2 2024
Fundamentally different cybersecurity
We transform cybersecurity into an asset rather than an obstacle, setting you up for success.
Explore trend-setting cybersecurity resources
Discover the blogs, analysis, webinars, and podcasts the industry is talking about.
TrustedSec Achieves CREST Certification
TrustedSec has achieved CREST Certification for penetration testing, a globally recognized standard that verifies an organization's ability to conduct…
Measuring Effectiveness for Business Resilience
Testing and assessing security effectiveness is a core component of business resilience. Learn why this type of testing can help ensure you're protecting your…
HIPAA, HITECH, and HITRUST - It’s HI Time to Make Sense of it All
Organizations in the health care sector and those that work with it often hear about HIPAA, HITECH, and HITRUST compliance but may not understand what they all…
Azure's Front Door WAF WTF: IP Restriction Bypass
The Azure Front Door Web Application Firewall (WAF) has an "IP restriction" option that can be bypassed with the inclusion of an HTTP header. What's worse?…
CVE-2025-1729 - Privilege Escalation Using TPQMAssistant.exe
While digging into the internals of my new Lenovo ThinkPad P1 Gen7, I came across an unexpected discovery that quickly escalated from curiosity to a viable…
Security Noise - Episode 7.19
Hacker Culture: The Self Modifying Code
Abusing Chrome Remote Desktop on Red Team Operations: A Practical Guide
In this post, we’ll be exploring a practical technique for abusing Chrome Remote Desktop (also known as Google Remote Desktop) within a Red Team operation. I…
Dialing Into Deception: A Social Engineer's Playbook for Voice-Based Attacks
Join Targeted Operations Practice Lead Jason Lang and Senior Security Consultant David Boyd as they walk through different aspects of social engineering and…
NIST CSF 2.0 Ratings and Assessment Methodologies for Scorecards – When the Math isn’t “Mathing”
As a Senior Security Consultant and National Institute of Standards and Technology (NIST) expert, the question I get asked the most is, how do we compare…
Attacking JWT using X509 Certificates
Take a closer look at JWT signature verification using X.509 headers as we walk through an attack and demonstrate a Burp extension to exploit a known…
Trimarc Joins Forces with TrustedSec
TrustedSec is excited to announce that Trimarc Security, a highly respected Active Directory security firm, is now fully operating under the TrustedSec banner.
7.4K
Custom security engagements completed
52
Open-source tools available to public
207
Team industry certifications
92%
Net Promoter Score
We understand security challenges
Drawing from real-world experience, our solutions deliver practical results that help security teams. Our custom services are tailored to address the unique challenges of different roles in security. From building to testing to hardening, our services support security at every stage.
Born to prove security can be better
Founded by innovator David Kennedy in 2012, our purpose-driven approach has enabled us to grow into a name trusted by government entities, Fortune 500s, and hackers alike. With our expertise, technical skills, and ethical character, we help you secure what's important and achieve what matters.
Our experts
We set out to change security by assembling the most technically advanced team of consultants and advisors.
“Our work provides immediate, practical, & tangible benefits for our clients. We absolutely want them to succeed & be more secure. That makes me proud to work here & turns our clients into partners.”Mike OwensSenior Security Consultant
Mike Owens
Senior Security ConsultantMike helps clients implement practical, systematic improvements in their security programs to solve problems before they result in security incidents. Recent focus areas include hardening public cloud environments, securing backups against ransomware, guiding adoption of core security controls frameworks, and custom, hands-on services to support unique client needs.
“Our product-agnostic approach enables us to give a truly unbiased evaluation.”Steph SaundersSenior Security Consultant
Steph Saunders
Senior Security ConsultantSteph performs a variety of security assessments from Incident Response to Compliance. She is passionate about helping communities and companies mature in cybersecurity and utilize best practices.
“Having access to industry leaders right here at TrustedSec makes solving our clients' challenges easier.”Paul SemsManaging Director of Remediation Services
Paul Sems
Managing Director of Remediation ServicesPaul and his team work with clients to harden their environments against attacks and help them recover after security incidents.
Empower your business through better security design.
Talk directly with our experienced advisory consultants to learn how we can help.
Trusted by top security teams around the world