1-877-550-4728
Rick Yocum
Senior Security Consultant
Experience
Rick has been helping organizations elevate their security and compliance practices for more than 16 years. Although Rick has consulted for – and led – information security programs at organizations of all sizes, in nearly all industries, he has extensive experience in the fields of education, finance, government, manufacturing, logistics, and service delivery. Pragmatic and resourceful, Rick provides actionable security and compliance solutions through a combination of simplification, creative reuse of existing tools/processes, and the application/reinforcement of proven security and compliance patterns.
Education & Certifications
BS in Accounting Information Systems and BS in Management Information Systems, Duquesne University
Industry Contributions
Rick is an active participant in the information security community and has spoken at a variety of industry events including B-sides, ISSA, IANS, and the CSO Breakfast Club. A frequent contributor to the TrustedSec Blog, Rick has also helped to establish and evolve a number GRC and Program Development offerings at TrustedSec, including GDPR assessments, MITRE ATT&CK Path Assessments, and IoT Security Assessments.
Passion for Security
Rick is passionate about identifying and exploring creative ways to enhance security and compliance programs – from using theater to train Incident Response teams to utilizing ideograms to communicate the nature and status of the control environment. Additionally, Rick is working on programs to better leverage behavioral economics, game theory, and other psychology-adjacent fields to improve organizational security posture and help reduce industry-wide shortage of skilled security practitioners.
Recent Blog Posts
The Three Step Security Strategy
Why Does Strategy Matter? The term ‘security strategy’ can be ambiguous and often means different things to different people. Because of this, many organizations do not have a formalized security strategy and those that do may not have an effective one. This is understandable. Managing the day-to-day issues associated with a security program (alerts, audits,...
Read
Top 10 MITRE ATT&CK™ Techniques
The MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) Framework (https://attack.mitre.org/) is “a globally-accessible knowledge base of adversary tactics and techniques” that is “open and available to any person or organization for use at no charge.” One of the most beautiful parts of the MITRE ATT&CK™ Framework is that its information can be analyzed to...
Read
What Information Security Can Learn From the Hospitality Industry
The Information Security industry has a lot in common with the Hospitality industry. Both industries are service oriented, high volume, and built on trust. As with all services founded on trust, establishing and maintaining healthy relationships is critical for success. Strong relationships can do a lot for a security program. They can garner additional funding...
Read
Recent Webinars
Using MITRE ATT&CK(TM) for Coverage and Effectiveness Assessments
Recorded on February 13th, 2019, AT 1:00 PM EST What is the MITRE ATT&CK(TM) Framework? The MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CKTM) Framework (https://attack.mitre.org/) is “a globally-accessible knowledge base of adversary tactics and techniques” that is “open and available...
