1-877-550-4728
Alex Hamerstone
Practice Lead, GRC
Experience
Alex Hamerstone, QSA, ISO 27001, CISSP, is the Practice Lead for Governance, Risk Management, and Compliance at TrustedSec, and has over a decade of information security consulting experience. TrustedSec’s motto, “Information Security Made Simple,” holds true to Alex’s beliefs and his ability to deliver effective solutions to customers. Known as a passionate advocate for the clients he works with as well as the security industry, Alex uses his consulting experience to partner with all sizes of organizations in all verticals, performing assessments, audits, and security program development. Alex has designed security programs for both large and small organizations and has advised and performed security assessments for companies ranging from small businesses to Fortune 100 corporations. Alex’s experience covers a wide swath of industries, including retail, utilities, education, insurance, and healthcare, providing him with a unique view into the ways that organizations effectively integrate security into business. Additional areas of expertise include program development, process creation, documentation, regulatory compliance, cloud implementation, security awareness, standards adherence, and international information security regulations. He has presented to many Boards of Fortune 500 companies, showcasing his sought-after ability to articulate the importance of information security to the business. Prior to TrustedSec, Alex was the Compliance Officer for a software company with enterprise customers in over 27 countries, which was purchased by Oracle. As Compliance Officer, he was ultimately responsible for ensuring that the company complied with a multitude of data security laws and regulations all over the world, as well as ensuring that employees met corporate standards.
Education & Certifications
Baldwin Wallace College, Bachelor of Arts Degree in Business Administration, CISSP, QSA, ISO 27001 Provisional Auditor
Industry Contributions
Alex is a constant presence on the national media, with many appearances on Fox News, CNN, CBS News, MSNBC, Al Jazeera, Morning Dose, Cheddar, Huffington Post TV, and multiple local news channels. He is often quoted as an expert in national general interest articles as well as industry publications. A prolific writer, he has written articles for FedTech and Pipeline magazines and is an author of “Wireless Reconnaissance in Penetration Testing,” published in 2012 by Syngress. He is a frequent presenter worldwide at conferences both within and outside of the information security industry, with keynote addresses to groups such as ISSA and ISACA. He is especially adept at presenting to industry groups outside of IT and has presented at many conferences including those focused on accounting, manufacturing, healthcare, and non-profit.
Passion for Security
Alex’s passion for information security goes beyond the technical. He is deeply invested in working with clients to improve their overall information security and develop industry-leading programs. He enjoys sharing his insights and experience gained while working with companies of all sizes and verticals.
Recent Blog Posts
Want Better Alerting? Consider Your Business Processes
Logging, monitoring, and alerting programs are some of the most critical elements of any security and compliance program, but traditional approaches for implementing and upgrading these capabilities are often noisy, expensive, and laborious. Traditional Alerting Approaches are Failing During program assessments, we find that a lot of clients are generating so many alerts that they...
Read
Vendor Enablement: Rethinking Third-Party Risk
Third-party risk management is an essential element of information security. It is common to see news about a large company being breached, and after learning more, you find out the breach was the result of a vendor. When you depend on another organization for a critical business process and allow them access to your network,...
Read
Understanding New York’s SHIELD Act
While General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) get a lot of attention, New York should not to be left out. In effect beginning on March 21, 2020, the New York Stop Hacks and Improve Electronic Data Security (SHIELD) Act (https://www.nysenate.gov/legislation/bills/2019/s5575) places additional security and privacy requirements on organizations that possess...
Read
Recent Webinars
Getting a Grip on CMMC—Tips and Tricks for the new Cybersecurity Maturity Model Certification
This webinar was recorded on April 22, 2020. If you are in possession of Federal Contract Information (FCI) or Controlled Unclassified Information (CUI), now is the time to better address security and the new Cybersecurity Maturity Model Certification (CMMC). Not...
2020 Security Trends from TrustedSec—What’s Happening Today, Tomorrow and Far Out
This webinar was recorded on January 22, 2020 No one likes surprises, especially of the security kind. We’d all like to know what the future holds. A lot of research organizations are putting out predictions for security that are all...
Dealing With Third-Party Risk Assessments: Creating and responding to vendor questionnaires
Recorded on Wednesday, September 25th Ain’t nobody got time for that! Are you feeling overwhelmed? Have you been diagnosed with a case of audit fatigue? The growth in third-party assessment requests has exploded–more and more organizations are being forced to...
Recent Podcasts
Download My Tesla Theme
September 28, 2020
Too Many, Too Old, or Too Familiar
September 28, 2020
The Past Is Our Future
September 28, 2020
