Stephen Marchewitz

Security Program Development Director

Experience

Stephen has been in the security and risk industry for over 13 years and in IT for over 20 years. He has assisted companies in driving change to ensure clients are successful both in receiving value from products and services as well as managing the security and compliance risks of new projects and technologies. He’s served as an outsourced Chief Information Security Officer for a dozen different companies and consulted to some of the largest companies in the world. Prior to joining TrustedSec, Stephen was the Global Risk Practice Manager in the Digital Transformation Group at Cisco, President and Advisory Practice Lead for a leading information security firm for nine years, a Management Consultant with Ernst & Young, held Technology Management and sales positions with CA and Oracle, and developed new offerings in the insurance industry as an Underwriter and Program Director with Willis Coroon/Chubb in underwriting risk. He is dedicated to helping customers implement the right solutions and services that best meet their business needs, thus allowing them to achieve new levels of success.

Education & Certifications

University of Michigan, Bachelor of Arts degree in Business Communications and Statistics; Case Western Reserve University, MBA in Management Information & Decision Systems; Stephen has also been a PCI Qualified Security Assessor and a Certified ISO 27001 Auditor.

Industry Contributions

Stephen has been quoted in such magazines as: Banking Info Security, Government IT, Wall Street Technology, Transaction World, Infosec Institute, Crains, Automation World, Modern Economics, among many others. He’s also presented at various events across the country including: ISACA, ISSA, SecureWorld, the Infosec Summit, Business of Security, the IoT World Forum, various Cisco events, and numerous webinars.

Passion for Security

Stephen’s passion is helping people. He addresses not only technical issues, but more importantly the human issues that CISO’s deem as their greatest areas of need. Stephen is counted on as an expert in risk, security, business intelligence, and decision support systems. Enterprise risk management is an area that many executives and boards are struggling with. He has assisted by giving clear direction and putting complex thoughts into layman’s terms.

Recent Blog Posts

Questions after an assessment? Let TrustedSec be your guide.

By Stephen Marchewitz
In Decision Making
Are you having trouble remediating your penetration test findings? It might be time to get some help from TrustedSec. After TrustedSec consultants complete security assessments, clients will often ask us to re-test the specific findings from the last test. But in many instances, those same problems exist—sometimes they are exactly the same, but other times,...
Read

Attacks on the Rise Through Office 365

By Stephen Marchewitz
In Business Risk Assessment, Incident Response, Incident Response & Forensics, Office 365 Security Assessment, Penetration Testing, Program Assessment & Compliance, Security Program Management, Security Remediation, Threat Hunting
Office 365 is the most popular line of digital services for businesses for a reason, but when it comes to cyberattacks, its ubiquity is creating challenges. If it seems like every week there’s a new headline about a large-scale hacking incident, it’s not a case of rampant fake news. According to the 2018 Symantec Internet Security...
Read
invoice fraud blog graphic

Invoice Fraud is Soaring – What you need to know

By Stephen Marchewitz
In Incident Response, Incident Response & Forensics
Organizations are losing thousands—and sometimes millions—of dollars from invoice fraud, which is also known as Business Email Compromise (BEC). At TrustedSec, we have seen a marked uptick in panicked, embarrassed, and/or angry folks reaching out to us for Incident Response and forensics work following a scam. Sometimes, organizations are able to recover some or all...
Read
View all posts from Stephen

Recent Webinars

Getting a Grip on CMMC—Tips and Tricks for the new Cybersecurity Maturity Model Certification

This webinar was recorded on April 22, 2020. If you are in possession of Federal Contract Information (FCI) or Controlled Unclassified Information (CUI), now is the time to better address security and the new Cybersecurity Maturity Model Certification (CMMC). Not...
Watch

Dealing With Third-Party Risk Assessments: Creating and responding to vendor questionnaires

Recorded on Wednesday, September 25th Ain’t nobody got time for that! Are you feeling overwhelmed? Have you been diagnosed with a case of audit fatigue? The growth in third-party assessment requests has exploded–more and more organizations are being forced to...
Watch

You’ve Been Framed! Using Frameworks to Improve and Defend your Security Program

Recorded May 30, 2019 at 1 P.M. EST The majority of organizations that are in the process of building a security program are starting with a security framework. Frameworks seek to provide a reference for planning but also ensure that...
Watch
View all webinars from Stephen
Stephen Marchewitz

Want to work with Stephen Marchewitz or someone like him?

The TrustedSec team is comprised of experienced and qualified security professionals. Contact us to learn more about our services, our team, and how we can help you.
Contact Us