Justin Vaicaro

Principal Incident Response Consultant

Experience

Justin has 12 years combined military experience serving in both the Marine Corps and Air Force. He has 20 years of experience within the Information Technology industry, with the last 10+ years solely focused on security engineering. Justin has worked in various industries, including Internet Service Provider, eCommerce, Pharmaceutical, Automotive, and Aviation. He has held various roles throughout his career, but his technical strength is derived from his vast network engineering experience. His security knowledge is diverse, but his current focus is on Security Architecture and Design, Incident Response, Malware Reversing, Threat Hunting, Threat Intelligence, and Security Operations. He also does a significant amount of research around trending offensive techniques, tactics, and procedures in order to strengthen his defensive mindset.

Education & Certifications

  • BA, Computer Information Systems & Business Administration, Florida Institute of Technology
  • CISSP (Certified Information System Security Professional)
  • Certified Information Security Manager (CISM)
  • GIAC Certified Forensic Analyst (GCFA)
  • Certified Reverse Engineering Analyst (CREA)
  • Offensive Wireless Security Professional (OWSP)

Professional Affiliations

ISC2 (Orange County, CA Chapter), ISACA (Orange County, CA Chapter), ISSA (Orange County, CA Chapter), LETHAL (Orange County Hacker Meetup Group)

Industry Contributions

Justin has a patent issued for his specialized work around aircraft in-flight-entertainment data security monitoring methodologies and techniques: Methods and Systems for Monitoring Computing Devices on a Vehicle: US Patent No. US9813911B2

Passion for Security

Justin’s passion for security started early in his network engineering career with his exposure to wireless security. His overall passion for security is what consistently pushes him outside of his comfort zone, to keep learning, and to continually work on specializing in new areas within the security industry. Surrounding himself with extremely smart people keeps him grounded and humble. His favorite part about being a security professional is the consistent and constant drive to face new challenges. “The learning stops when the passion fades!”

Recent Blog Posts

ESXiArgs on the TrustedSec Blog

ESXiArgs: What you need to know and how to protect your data

By Ashley Pearson, Nick Gilberti, Tyler Hudak, Liz Waddell, Justin Vaicaro, Steven Erwin, Shane Hartman, Olivia Cate and Thomas Millar
In Incident Response, Incident Response & Forensics, Threat Hunting
Threat Overview Around February 03, 2023, a ransomware campaign called “ESXiArgs” emerged that targeted Internet-facing VMware ESXi servers running versions older than 7.0. Though not confirmed, it has been reported by the French CERT (CERT-FR), BleepingComputer, and other sources that the campaign leverages CVE-2021-21974, which is a three-year-old vulnerability in the OpenSLP component of the...
Read

Simplifying Your Operational Threat Hunt Planning

By Justin Vaicaro
In Incident Response, Incident Response & Forensics, Malware Analysis, Table-Top Exercises, Threat Hunting
Opening Hopefully you all were able to read our recent Threat Hunting whitepaper and had the chance to listen to our latest Threat Hunting webinar. These references should be used as the foundation of information, which leads us into the next journey: how to build out your first Threat Hunt. Building out an organization’s Threat...
Read

TrustedSec Okta Breach Recommendations

By Tyler Hudak, Justin Vaicaro, Buni Okeke, Leo Bastidas, Nick Gilberti, Steven Erwin, Ashley Pearson and Shane Hartman
In Incident Response, Incident Response & Forensics, Malware Analysis, Security Testing & Analysis, Table-Top Exercises, Threat Hunting
TrustedSec’s Incident Response Team sent urgent communications to all IR retainer clients after the discovery of the compromise of Okta. Below are the recommendations provided with additional updates after reviewing more information on 03/23/2022. On March 22, 2022, the threat group LAPSUS$ announced a successful compromise of Okta, a heavily used identity and access management...
Read
View all posts from Justin

Recent Webinars

Threat Hunting Lessons You Won’t Learn From Guides and Whitepapers

Threat Hunting is the process of proactively searching an organization’s network for malicious activity that evades existing security monitoring, detection, and alerting. If done properly, Threat Hunting can be one of the most effective ways to identify evidence of malicious...
Watch

Continuous Threat Hunting: A Practical Webinar

This webinar was recorded on August 19, 2020 and was presented with Binary Defense. Threat hunting is a vital but often misunderstood practice for organizations and security teams. In order to be successful, a threat hunting program must be proactive, continually tuned, and...
Watch
View all webinars from Justin

Want to work with Justin Vaicaro or someone like him?

The TrustedSec team is comprised of experienced and qualified security professionals. Contact us to learn more about our services, our team, and how we can help you.
Contact Us