1-877-550-4728
Alex Hamerstone
Practice Lead, GRC
Experience
Alex Hamerstone, QSA, ISO 27001, CISSP, is the Practice Lead for Governance, Risk Management, and Compliance at TrustedSec, and has over a decade of information security consulting experience. TrustedSec’s motto, “Information Security Made Simple,” holds true to Alex’s beliefs and his ability to deliver effective solutions to customers. Known as a passionate advocate for the clients he works with as well as the security industry, Alex uses his consulting experience to partner with all sizes of organizations in all verticals, performing assessments, audits, and security program development. Alex has designed security programs for both large and small organizations and has advised and performed security assessments for companies ranging from small businesses to Fortune 100 corporations. Alex’s experience covers a wide swath of industries, including retail, utilities, education, insurance, and healthcare, providing him with a unique view into the ways that organizations effectively integrate security into business. Additional areas of expertise include program development, process creation, documentation, regulatory compliance, cloud implementation, security awareness, standards adherence, and international information security regulations. He has presented to many Boards of Fortune 500 companies, showcasing his sought-after ability to articulate the importance of information security to the business. Prior to TrustedSec, Alex was the Compliance Officer for a software company with enterprise customers in over 27 countries, which was purchased by Oracle. As Compliance Officer, he was ultimately responsible for ensuring that the company complied with a multitude of data security laws and regulations all over the world, as well as ensuring that employees met corporate standards.
Education & Certifications
Baldwin Wallace College, Bachelor of Arts Degree in Business Administration, CISSP, QSA, ISO 27001 Provisional Auditor
Industry Contributions
Alex is a constant presence on the national media, with many appearances on Fox News, CNN, CBS News, MSNBC, Al Jazeera, Morning Dose, Cheddar, Huffington Post TV, and multiple local news channels. He is often quoted as an expert in national general interest articles as well as industry publications. A prolific writer, he has written articles for FedTech and Pipeline magazines and is an author of “Wireless Reconnaissance in Penetration Testing,” published in 2012 by Syngress. He is a frequent presenter worldwide at conferences both within and outside of the information security industry, with keynote addresses to groups such as ISSA and ISACA. He is especially adept at presenting to industry groups outside of IT and has presented at many conferences including those focused on accounting, manufacturing, healthcare, and non-profit.
Passion for Security
Alex’s passion for information security goes beyond the technical. He is deeply invested in working with clients to improve their overall information security and develop industry-leading programs. He enjoys sharing his insights and experience gained while working with companies of all sizes and verticals.
Recent Blog Posts
Working With the Department of Defense in 2020? Start Planning for the New Certification.
In what is certain to be a wakeup call for many organizations involved in Department of Defense contracts, The Cybersecurity Maturity Model Certification (CMMC) is set to become a part of life in 2020. Much like previous requirements, the CMMC requirements will also apply to subcontractors, and all Requests for Proposal (RFPs) will require CMMC...
Read
Is Ohio Senate Bill 220 an Example for the Other 49 States?
Passing with 24 yeas and 8 nays, effective as of November 2, 2018, Ohio Senate Bill 220 was touted as a way to use the ‘carrot approach’ for organizations to increase cybersecurity. This incentive was to encourage the shielding of data breach liability for organizations in certain situations. Excerpts from the bill are provided below....
Read
NIST Guidance for Small Business Forthcoming
The National Institute for Standards and Technology, usually referred to as NIST, has many valuable resources, including resources for computer security. The NIST Cybersecurity Framework (NIST CSF) and the NIST 800 series are familiar to most people in the information security industry. The NIST standards are commonly used not only by organizations that are bound...
Read
Recent Webinars
Dealing With Third-Party Risk Assessments: Creating and responding to vendor questionnaires
Recorded on Wednesday, September 25th Ain’t nobody got time for that! Are you feeling overwhelmed? Have you been diagnosed with a case of audit fatigue? The growth in third-party assessment requests has exploded–more and more organizations are being forced to...
You’ve Been Framed! Using Frameworks to Improve and Defend your Security Program
Recorded May 30, 2019 at 1 P.M. EST The majority of organizations that are in the process of building a security program are starting with a security framework. Frameworks seek to provide a reference for planning but also ensure that...
Facebook's Data Scandal and GDPR - How It Impacts You
Recorded April 18, 2018 at 1:00 PM EST The General Data Protection Regulation (GDPR) (Regulation [EU] 2016/679) has many organizations “gnashing their teeth” trying to become compliant. And if you think this Facebook’s privacy debacle doesn’t have anything to do...
Recent Podcasts
DoH! Robinhood Strikes Again, Nord
December 10, 2019
So Much is Broken
December 10, 2019
The End of End to End
December 10, 2019
