Practice Lead, Advisory's Compliance Services
Prior to joining TrustedSec, Chris spent 21 years working in various Information Security roles, from the Security Operations Center to Threat Intelligence. Along the way, Chris worked on vulnerability assessments, penetration testing, and GRC assessment practices.
Education & Certifications
Chris has been a frequent contributor to the global Information Security industry, conducting and presenting security research at major industry conferences including Black Hat USA, RSA Conference, and DEFCON, and participating in interviews with the media to help shed light on the latest security vulnerabilities and breaches.
Passion for Security
Chris takes pride in translating the deeply technical aspects of Information Security into real-world risks and action items that organizations can use to understand the impact of an ever-changing threat landscape.
Recent Blog Posts
I briefly mentioned using DKIM to verify an email’s sender in a previous blog post that described the steps I took to determine whether a suspicious email was legitimate or a phishing attempt. In this post, we will take a deeper dive into how organizations can help stop email spoofing using a combination of three...
I briefly mentioned how easy it is to forge email sender addresses in a previous blog post that described the steps I took to determine whether a suspicious email was legitimate or a phishing attempt. In this post, we will take a deeper dive into why email sender addresses are so easy to forge and...
On November 5, 2021, the Office of the Secretary for the Department of Defense produced a document outlining updates for the Cybersecurity Maturity Model Certification (CMMC) program. We’ve been following the program since its inception, and we were eager to find out what’s coming next. In short, some of the changes help reduce the burden...
If your organization is involved in contracting with the US federal government, you’ve likely come across the requirement to have a System Security Plan (SSP) in place. For those looking to understand or implement an SSP, there are many resources...
The Cloud Makes Compliance Better! …And Worse. The necessity of complying with cloud regulations, frameworks, and third-party risk requirements has been on the radar for several years. However, the importance of satisfying these requirements skyrocketed as organizations scrambled to accommodate...