Rick Yocum

Senior Security Consultant


Rick has been helping organizations elevate their security and compliance practices for more than 16 years. Although Rick has consulted for – and led – information security programs at organizations of all sizes, in nearly all industries, he has extensive experience in the fields of education, finance, government, manufacturing, logistics, and service delivery. Pragmatic and resourceful, Rick provides actionable security and compliance solutions through a combination of simplification, creative reuse of existing tools/processes, and the application/reinforcement of proven security and compliance patterns.

Education & Certifications

BS in Accounting Information Systems and BS in Management Information Systems, Duquesne University

Industry Contributions

Rick is an active participant in the information security community and has spoken at a variety of industry events including B-sides, ISSA, IANS, and the CSO Breakfast Club. A frequent contributor to the TrustedSec Blog, Rick has also helped to establish and evolve a number GRC and Program Development offerings at TrustedSec, including GDPR assessments, MITRE ATT&CK Path Assessments, and IoT Security Assessments.

Passion for Security

Rick is passionate about identifying and exploring creative ways to enhance security and compliance programs – from using theater to train Incident Response teams to utilizing ideograms to communicate the nature and status of the control environment. Additionally, Rick is working on programs to better leverage behavioral economics, game theory, and other psychology-adjacent fields to improve organizational security posture and help reduce industry-wide shortage of skilled security practitioners.

Recent Blog Posts

The Three Step Security Strategy

Why Does Strategy Matter? The term ‘security strategy’ can be ambiguous and often means different things to different people. Because of this, many organizations do not have a formalized security strategy and those that do may not have an effective one. This is understandable. Managing the day-to-day issues associated with a security program (alerts, audits,...

Top 10 MITRE ATT&CK™ Techniques

The MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) Framework (https://attack.mitre.org/) is “a globally-accessible knowledge base of adversary tactics and techniques” that is “open and available to any person or organization for use at no charge.” One of the most beautiful parts of the MITRE ATT&CK™ Framework is that its information can be analyzed to...
yocum hospitality logo

What Information Security Can Learn From the Hospitality Industry

The Information Security industry has a lot in common with the Hospitality industry. Both industries are service oriented, high volume, and built on trust. As with all services founded on trust, establishing and maintaining healthy relationships is critical for success. Strong relationships can do a lot for a security program. They can garner additional funding...
View all posts from Rick

Recent Webinars

Using MITRE ATT&CK(TM) for Coverage and Effectiveness Assessments

Recorded on February 13th, 2019, AT 1:00 PM EST What is the MITRE ATT&CK(TM) Framework? The MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CKTM) Framework (https://attack.mitre.org/) is “a globally-accessible knowledge base of adversary tactics and techniques” that is “open and available...
View all webinars from Rick
Rick Yocum

Want to work with Rick Yocum or someone like him?

The TrustedSec team is comprised of experienced and qualified security professionals. Contact us to learn more about our services, our team, and how we can help you.
Contact Us