Principal Security Consultant
Prior to joining TrustedSec, Chris spent 21 years working in various Information Security roles, from the Security Operations Center to Threat Intelligence. Along the way, Chris worked on vulnerability assessments, penetration testing, and GRC assessment practices.
Education & Certifications
Chris has been a frequent contributor to the global Information Security industry, conducting and presenting security research at major industry conferences including Black Hat USA, RSA Conference, and DEFCON, and participating in interviews with the media to help shed light on the latest security vulnerabilities and breaches.
Passion for Security
Chris takes pride in translating the deeply technical aspects of Information Security into real-world risks and action items that organizations can use to understand the impact of an ever-changing threat landscape.
Recent Blog Posts
On November 5, 2021, the Office of the Secretary for the Department of Defense produced a document outlining updates for the Cybersecurity Maturity Model Certification (CMMC) program. We’ve been following the program since its inception, and we were eager to find out what’s coming next. In short, some of the changes help reduce the burden...
So I Received a Phishing Email… I recently received an email indicating my credit card number had potentially been stolen and used for fraud. At this point, I am used to both having my credit card number stolen and receiving messages telling me it’s been stolen when it has not. My attempt to determine whether...
Massachusetts is the latest state to grapple with Right to Repair legislation. A ballot question in the 2020 election asked the state’s voters to decide whether or not automobile manufacturers must make the telematics data collected by cars’ on-board computers available to independent repair shops. What seems like a debate over who can access the...
If your organization is involved in contracting with the US federal government, you’ve likely come across the requirement to have a System Security Plan (SSP) in place. For those looking to understand or implement an SSP, there are many resources...
The Cloud Makes Compliance Better! …And Worse. The necessity of complying with cloud regulations, frameworks, and third-party risk requirements has been on the radar for several years. However, the importance of satisfying these requirements skyrocketed as organizations scrambled to accommodate...