Leo Bastidas

Senior Security Consultant

Experience

Leo has 15 years of experience of incident response combined from the military and private sector. Majority of his experience comes from DoD but has been in the private sector for the last few years.

Education & Certifications

  • GPEN – GIAC Penetration Tester
  • GLEG – GIAC Law of Data Security & Investigations
  • GCIH – GIAC Certified Incident Handler

Passion for Security

Leo was taught from a young age, if you can defend someone less fortunate, it is your duty to do so. That lesson carried him into joining the military and incident response. After transitioning out of the military, Leo fell in love with open-source and free software to help defend, train, and advise someone who otherwise was not able to spend the money in order to have basic security. Leo started hanging out with like-minded individuals and helped coordinate and run an open-source blue team CTF.

Recent Blog Posts

CVE 2022-22965 (Spring4Shell) Vulnerability

By Leo Bastidas and Ashley Pearson
In Incident Response, Incident Response & Forensics, Table-Top Exercises, Threat Hunting, Vulnerability Assessment
On March 29, 2022, a security researcher with the handle p1n93r disclosed a Spring Framework remote code execution (RCE) vulnerability, which was archived by vx-underground. This vulnerability, known as Spring4Shell, affects applications that use JDK v9 or above that run Apache Tomcat as the Servlet Container in a WAR package and use dependencies of the...
Read

TrustedSec Okta Breach Recommendations

By Tyler Hudak, Justin Vaicaro, Buni Okeke, Leo Bastidas, Nick Gilberti, Steven Erwin, Ashley Pearson and Shane Hartman
In Incident Response, Incident Response & Forensics, Malware Analysis, Security Testing & Analysis, Table-Top Exercises, Threat Hunting
TrustedSec’s Incident Response Team sent urgent communications to all IR retainer clients after the discovery of the compromise of Okta. Below are the recommendations provided with additional updates after reviewing more information on 03/23/2022. On March 22, 2022, the threat group LAPSUS$ announced a successful compromise of Okta, a heavily used identity and access management...
Read

Back to Basics: The TrustedSec Guide to Strong Cyber Hygiene

By Ashley Pearson, Tyler Hudak, Justin Vaicaro, Buni Okeke, Leo Bastidas, Nick Gilberti, Steven Erwin and Shane Hartman
In Incident Response, Incident Response & Forensics, Security Testing & Analysis, Table-Top Exercises, Threat Hunting
Every day, new challenges, attacks, and vulnerabilities are publicized. Just as attackers and the threat landscape are constantly changing, adapting, and evolving, so too must the Blue Teams and defenders who protect organizations against these threats. While the old adage may have been that attacks are rare and unlikely to happen, a new mentality of...
Read
View all posts from Leo

Recent Webinars

Threat Hunting Lessons You Won’t Learn From Guides and Whitepapers

Threat Hunting is the process of proactively searching an organization’s network for malicious activity that evades existing security monitoring, detection, and alerting. If done properly, Threat Hunting can be one of the most effective ways to identify evidence of malicious...
Watch
View all webinars from Leo

Want to work with Leo Bastidas or someone like him?

The TrustedSec team is comprised of experienced and qualified security professionals. Contact us to learn more about our services, our team, and how we can help you.
Contact Us