Shop Our Merch
Report A Breach
1-877-550-4728
Chris Camejo
Practice Lead, Advisory's Compliance Services
Experience
Prior to joining TrustedSec, Chris spent 21 years working in various Information Security roles, from the Security Operations Center to Threat Intelligence. Along the way, Chris worked on vulnerability assessments, penetration testing, and GRC assessment practices.
Education & Certifications
- Certified Information Systems Security Professional (CISSP)
- Cybersecurity Maturity Model Certification Registered Practitioner (CMMB-AB)
- Qualified Security Assessor (PCI SSC)
- Certified Information Systems Security Professional (CISSP)
- ISO 27001 Lead Auditor (BSI)
- National Security Agency (NSA) Information Security (INFOSEC) Assessment Methodology (IAM)
- National Security Agency (NSA) Information Security (INFOSEC) Evaluation Methodology (IEM)
Professional Affiliations
(ISC)2
Industry Contributions
Chris has been a frequent contributor to the global Information Security industry, conducting and presenting security research at major industry conferences including Black Hat USA, RSA Conference, and DEFCON, and participating in interviews with the media to help shed light on the latest security vulnerabilities and breaches.
Passion for Security
Chris takes pride in translating the deeply technical aspects of Information Security into real-world risks and action items that organizations can use to understand the impact of an ever-changing threat landscape.
Recent Blog Posts
Real or Fake? Spoof-Proofing Email With SPF, DKIM, and DMARC
I briefly mentioned using DKIM to verify an email’s sender in a previous blog post that described the steps I took to determine whether a suspicious email was legitimate or a phishing attempt. In this post, we will take a deeper dive into how organizations can help stop email spoofing using a combination of three...
Read
Real or Fake? How to Spoof Email
I briefly mentioned how easy it is to forge email sender addresses in a previous blog post that described the steps I took to determine whether a suspicious email was legitimate or a phishing attempt. In this post, we will take a deeper dive into why email sender addresses are so easy to forge and...
Read
How we’re making sense of CMMC 2.0
On November 5, 2021, the Office of the Secretary for the Department of Defense produced a document outlining updates for the Cybersecurity Maturity Model Certification (CMMC) program. We’ve been following the program since its inception, and we were eager to find out what’s coming next. In short, some of the changes help reduce the burden...
Read
Recent Webinars
Building a System Security Plan (SSP) that Matters
If your organization is involved in contracting with the US federal government, you’ve likely come across the requirement to have a System Security Plan (SSP) in place. For those looking to understand or implement an SSP, there are many resources...
Cloud Compliance: Picking a Framework and Simplifying Your Approach
The Cloud Makes Compliance Better! …And Worse. The necessity of complying with cloud regulations, frameworks, and third-party risk requirements has been on the radar for several years. However, the importance of satisfying these requirements skyrocketed as organizations scrambled to accommodate...
