Chris Camejo

Practice Lead, Advisory's Compliance Services

Experience

Prior to joining TrustedSec, Chris spent 21 years working in various Information Security roles, from the Security Operations Center to Threat Intelligence. Along the way, Chris worked on vulnerability assessments, penetration testing, and GRC assessment practices.

Education & Certifications

CISSP

NSA IAM/IEM

Professional Affiliations

(ISC)2

Industry Contributions

Chris has been a frequent contributor to the global Information Security industry, conducting and presenting security research at major industry conferences including Black Hat USA, RSA Conference, and DEFCON, and participating in interviews with the media to help shed light on the latest security vulnerabilities and breaches.

Passion for Security

Chris takes pride in translating the deeply technical aspects of Information Security into real-world risks and action items that organizations can use to understand the impact of an ever-changing threat landscape.

Recent Blog Posts

Real or Fake? Spoof-Proofing Email With SPF, DKIM, and DMARC

By Chris Camejo
In Attack Path Effectiveness Review, Business Risk Assessment, Incident Response, Penetration Testing, Program Assessment & Compliance, Security Program Management, Security Testing & Analysis
I briefly mentioned using DKIM to verify an email’s sender in a previous blog post that described the steps I took to determine whether a suspicious email was legitimate or a phishing attempt. In this post, we will take a deeper dive into how organizations can help stop email spoofing using a combination of three...
Read

Real or Fake? How to Spoof Email

By Chris Camejo
In Attack Path Effectiveness Review, Business Risk Assessment, Incident Response, Incident Response & Forensics, Office 365 Security Assessment, Penetration Testing, Program Assessment & Compliance, Security Program Management, Security Testing & Analysis
I briefly mentioned how easy it is to forge email sender addresses in a previous blog post that described the steps I took to determine whether a suspicious email was legitimate or a phishing attempt. In this post, we will take a deeper dive into why email sender addresses are so easy to forge and...
Read

How we’re making sense of CMMC 2.0

By Chris Camejo
In CMMC Readiness Review, HIPAA NIST CIS20 SOC ISO 27001 Assessments, Program Assessment & Compliance
On November 5, 2021, the Office of the Secretary for the Department of Defense produced a document outlining updates for the Cybersecurity Maturity Model Certification (CMMC) program. We’ve been following the program since its inception, and we were eager to find out what’s coming next. In short, some of the changes help reduce the burden...
Read
View all posts from Chris

Recent Webinars

Building a System Security Plan (SSP) that Matters

If your organization is involved in contracting with the US federal government, you’ve likely come across the requirement to have a System Security Plan (SSP) in place. For those looking to understand or implement an SSP, there are many resources...
Watch

Cloud Compliance: Picking a Framework and Simplifying Your Approach

The Cloud Makes Compliance Better! …And Worse. The necessity of complying with cloud regulations, frameworks, and third-party risk requirements has been on the radar for several years. However, the importance of satisfying these requirements skyrocketed as organizations scrambled to accommodate...
Watch
View all webinars from Chris

Want to work with Chris Camejo or someone like him?

The TrustedSec team is comprised of experienced and qualified security professionals. Contact us to learn more about our services, our team, and how we can help you.
Contact Us