Stephen Marchewitz

Security Program Development Director

Experience

Stephen has been in the security and risk industry for over 13 years and in IT for over 20 years. He has assisted companies in driving change to ensure clients are successful both in receiving value from products and services as well as managing the security and compliance risks of new projects and technologies. He’s served as an outsourced Chief Information Security Officer for a dozen different companies and consulted to some of the largest companies in the world. Prior to joining TrustedSec, Stephen was the Global Risk Practice Manager in the Digital Transformation Group at Cisco, President and Advisory Practice Lead for a leading information security firm for nine years, a Management Consultant with Ernst & Young, held Technology Management and sales positions with CA and Oracle, and developed new offerings in the insurance industry as an Underwriter and Program Director with Willis Coroon/Chubb in underwriting risk. He is dedicated to helping customers implement the right solutions and services that best meet their business needs, thus allowing them to achieve new levels of success.

Education & Certifications

University of Michigan, Bachelor of Arts degree in Business Communications and Statistics; Case Western Reserve University, MBA in Management Information & Decision Systems; Stephen has also been a PCI Qualified Security Assessor and a Certified ISO 27001 Auditor.

Industry Contributions

Stephen has been quoted in such magazines as: Banking Info Security, Government IT, Wall Street Technology, Transaction World, Infosec Institute, Crains, Automation World, Modern Economics, among many others. He’s also presented at various events across the country including: ISACA, ISSA, SecureWorld, the Infosec Summit, Business of Security, the IoT World Forum, various Cisco events, and numerous webinars.

Passion for Security

Stephen’s passion is helping people. He addresses not only technical issues, but more importantly the human issues that CISO’s deem as their greatest areas of need. Stephen is counted on as an expert in risk, security, business intelligence, and decision support systems. Enterprise risk management is an area that many executives and boards are struggling with. He has assisted by giving clear direction and putting complex thoughts into layman’s terms.

Recent Blog Posts

Is Cyber Insurance Becoming Worthless?

New challenges have emerged that make it difficult to transfer risk. Ransomware has changed the game An overlooked yet the increasingly important challenge in information risk management is finding the right balance between cybersecurity and cyber insurance. We continue to see organizations hit with ransomware from a variety of vectors, including spam emails, drive-by downloads,...
Read

Companies on High Alert for Unemployment Fraud

Proactive Measures to Thwart Unemployment Fraud In the past few months, the TrustedSec Incident Response team has responded to several incidents of unemployment benefit fraud. Due to the pandemic and nationwide lockdowns, there has been an extremely high volume of unemployment claims submitted across the United States, and with greater instances of fraud making it difficult...
Read

TrustedSec Approved as a CMMC Registered Provider Organization!

TrustedSec has been approved by the Cybersecurity Maturity Model Certification (CMMC) Accreditation Body (https://www.cmmcab.org/) as a Registered Provider Organization. In line with our mission of increasing the security posture of organizations around the world, TrustedSec is pleased to be a part of the program aimed at improving and ensuring the security maturity of the Defense...
Read
View all posts from Stephen

Recent Webinars

Building a System Security Plan (SSP) that Matters

Register If your organization is involved in contracting with the US federal government, you’ve likely come across the requirement to have a System Security Plan (SSP) in place. For those looking to understand or implement an SSP, there are many...

The Trouble with TCAPS: Using MITRE ATT&CK™, Threat Intelligence, and FAIR for Better Risk Analysis

In any risk equation or framework, one of the most formidable variables to gaining a proper understanding of risks to an organization is the determination of threats and threat capabilities. Practitioners of the quantitative risk framework Factor Analysis of Information...
Webinar title card

Incident Response in the Cloud: Combating Business Email Compromise Threats

Incident Response in the Cloud Has Some Major Nuances. The cloud can significantly improve Incident Response capabilities if appropriately leveraged. However, many organizations, even those with traditional Incident Response plans, have faced a rude awakening with their first cloud incident....
View all webinars from Stephen
Stephen Marchewitz

Want to work with Stephen Marchewitz or someone like him?

The TrustedSec team is comprised of experienced and qualified security professionals. Contact us to learn more about our services, our team, and how we can help you.
Contact Us