Rick Yocum

Principal Security Consultant

Experience

Rick has been helping organizations elevate their security and compliance practices for more than 16 years. Although Rick has consulted for – and led – information security programs at organizations of all sizes, in nearly all industries, he has extensive experience in the fields of education, finance, government, manufacturing, logistics, and service delivery. Pragmatic and resourceful, Rick provides actionable security and compliance solutions through a combination of simplification, creative reuse of existing tools/processes, and the application/reinforcement of proven security and compliance patterns.

Education & Certifications

  • BS in Accounting Information Systems, Duquesne University
  • BS in Management Information Systems, Duquesne University
  • Certified Data Privacy Solutions Engineer (CDSPE), ISACA

 

 

Industry Contributions

Rick is an active participant in the information security community and has spoken at a variety of industry events including B-sides, ISSA, IANS, and the CSO Breakfast Club. A frequent contributor to the TrustedSec Blog, Rick has also helped to establish and evolve a number GRC and Program Development offerings at TrustedSec, including GDPR assessments, MITRE ATT&CK Path Assessments, and IoT Security Assessments.

Passion for Security

Rick is passionate about identifying and exploring creative ways to enhance security and compliance programs – from using theater to train Incident Response teams to utilizing ideograms to communicate the nature and status of the control environment. Additionally, Rick is working on programs to better leverage behavioral economics, game theory, and other psychology-adjacent fields to improve organizational security posture and help reduce industry-wide shortage of skilled security practitioners.

Recent Blog Posts

CMMC Small Business Funding Roundup

By Rick Yocum
In CMMC Readiness Review, Program Assessment & Compliance
TrustedSec works with clients of all sizes on Cybersecurity Maturity Model Certification (CMMC) readiness engagements, but recently we’ve received a few questions on how smaller organizations can help to offset some of the costs related to CMMC compliance. There are three (3) typical paths for small organizations to obtain financial assistance regarding CMMC activities. We...
Read

Nine Things to Know About the CMMC

By Rick Yocum
In CMMC Readiness Review, Program Assessment & Compliance
The Cybersecurity Maturity Model Certification (CMMC) (https://www.acq.osd.mil/cmmc/) is a program being developed to help ensure that specific types of unclassified data that exist outside of government systems remain adequately protected. Specifically, the CMMC applies to Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) in non-government systems. Eventually, this certification program will replace the process...
Read

Two Simple Ways to Start Using the MITRE ATT&CK Framework

By Rick Yocum
In Attack Path Effectiveness Review, Security Program Assessment
While there is a wealth of free information intended to help larger organizations use the MITRE ATT&CKTM Framework, these resources often assume that the reader has dedicated security teams, deep technical skills, and/or a catalog of supporting security tools. But what if small organizations, compliance teams, or risk management professionals want to leverage ATT&CK? Never...
Read
View all posts from Rick

Recent Webinars

Navigating the Trail to GDPR Compliance

Get the Right Provisions for Your Journey on the Privacy Trail The rush to implement GDPR and become compliant may be over, but organizations have plenty of work left to do and changes to implement. Learning about the types of...
Watch

CMMC: Feedback From the Trenches

Recorded on Wednesday, March 3rd, 2021 Early Lessons Learned on Cybersecurity Maturity Model Certification If you are in possession of Federal Contract Information (FCI) or Controlled Unclassified Information (CUI) and are looking to get ahead in your Cybersecurity Maturity Model...
Watch

Improving SIEM and MSSP Performance

Recorded on Wednesday, December 9, 2020. The goal of the Security Information and Event Management (SIEM), and theSecurity Operations Center (SOC) or Managed Security Service Provider (MSSP) that manage it, is to relay actionable intelligence that enables security teams to...
Watch
View all webinars from Rick

Recent Podcasts

TrustedSec Security Podcasts

Go Watch Exchange

April 20, 2021

Security Dumpster Fire

April 20, 2021

A Preview of Things to Come

April 20, 2021
Rick Yocum

Want to work with Rick Yocum or someone like him?

The TrustedSec team is comprised of experienced and qualified security professionals. Contact us to learn more about our services, our team, and how we can help you.
Contact Us