Rick Yocum

Principal Security Consultant

Experience

Rick has been helping organizations elevate their security and compliance practices for more than 16 years. Although Rick has consulted for – and led – information security programs at organizations of all sizes, in nearly all industries, he has extensive experience in the fields of education, finance, government, manufacturing, logistics, and service delivery. Pragmatic and resourceful, Rick provides actionable security and compliance solutions through a combination of simplification, creative reuse of existing tools/processes, and the application/reinforcement of proven security and compliance patterns.

Education & Certifications

  • BS in Accounting Information Systems, Duquesne University
  • BS in Management Information Systems, Duquesne University
  • Certified Data Privacy Solutions Engineer (CDSPE), ISACA

 

 

Industry Contributions

Rick is an active participant in the information security community and has spoken at a variety of industry events including B-sides, ISSA, IANS, and the CSO Breakfast Club. A frequent contributor to the TrustedSec Blog, Rick has also helped to establish and evolve a number GRC and Program Development offerings at TrustedSec, including GDPR assessments, MITRE ATT&CK Path Assessments, and IoT Security Assessments.

Passion for Security

Rick is passionate about identifying and exploring creative ways to enhance security and compliance programs – from using theater to train Incident Response teams to utilizing ideograms to communicate the nature and status of the control environment. Additionally, Rick is working on programs to better leverage behavioral economics, game theory, and other psychology-adjacent fields to improve organizational security posture and help reduce industry-wide shortage of skilled security practitioners.

Recent Blog Posts

Two Simple Ways to Start Using the MITRE ATT&CK Framework

By Rick Yocum
In Attack Path Effectiveness Review, Security Program Assessment
While there is a wealth of free information intended to help larger organizations use the MITRE ATT&CKTM Framework, these resources often assume that the reader has dedicated security teams, deep technical skills, and/or a catalog of supporting security tools. But what if small organizations, compliance teams, or risk management professionals want to leverage ATT&CK? Never...
Read

Want Better Alerting? Consider Your Business Processes

By Rick Yocum and Alex Hamerstone
In Architecture Review, Attack Path Effectiveness Review, Business Risk Assessment, Managed Services, Program Assessment & Compliance, Program Development, Program Maturity Assessment, Security Program Assessment, Security Program Management
Logging, monitoring, and alerting programs are some of the most critical elements of any security and compliance program, but traditional approaches for implementing and upgrading these capabilities are often noisy, expensive, and laborious. Traditional Alerting Approaches are Failing During program assessments, we find that a lot of clients are generating so many alerts that they...
Read

Vendor Enablement: Rethinking Third-Party Risk

By Alex Hamerstone and Rick Yocum
In Business Risk Assessment, Mergers & Acquisitions Security Assessment, Operational Performance Maturity Assessment, Program Assessment & Compliance, Program Maturity Assessment, Security Program Assessment
Third-party risk management is an essential element of information security. It is common to see news about a large company being breached, and after learning more, you find out the breach was the result of a vendor. When you depend on another organization for a critical business process and allow them access to your network,...
Read
View all posts from Rick

Recent Webinars

MITRE ATT&CK™ Solutions Update and Evolution: Exploring Advanced Applications of ATT&CK

The MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CKTM) Framework (https://attack.mitre.org/) is advancing as the go-to model for understanding known cyber adversary behavior. How TrustedSec Helps Organizations With ATT&CK Today, TrustedSec uses the ATT&CK framework to help organizations prioritize security...
Watch

Getting a Grip on CMMC—Tips and Tricks for the new Cybersecurity Maturity Model Certification

This webinar was recorded on April 22, 2020. If you are in possession of Federal Contract Information (FCI) or Controlled Unclassified Information (CUI), now is the time to better address security and the new Cybersecurity Maturity Model Certification (CMMC). Not...
Watch

Using MITRE ATT&CK(TM) for Coverage and Effectiveness Assessments

Recorded on February 13th, 2019, AT 1:00 PM EST What is the MITRE ATT&CK(TM) Framework? The MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CKTM) Framework (https://attack.mitre.org/) is “a globally-accessible knowledge base of adversary tactics and techniques” that is “open and available...
Watch
View all webinars from Rick

Recent Podcasts

TrustedSec Security Podcasts

Pub

September 28, 2020

Taken your Pulse Lately?

September 28, 2020

Happy Fourth!

September 28, 2020
Rick Yocum

Want to work with Rick Yocum or someone like him?

The TrustedSec team is comprised of experienced and qualified security professionals. Contact us to learn more about our services, our team, and how we can help you.
Contact Us