Stephen Marchewitz

Security Program Development Director

Experience

Stephen has been in the security and risk industry for over 13 years and in IT for over 20 years. He has assisted companies in driving change to ensure clients are successful both in receiving value from products and services as well as managing the security and compliance risks of new projects and technologies. He’s served as an outsourced Chief Information Security Officer for a dozen different companies and consulted to some of the largest companies in the world. Prior to joining TrustedSec, Stephen was the Global Risk Practice Manager in the Digital Transformation Group at Cisco, President and Advisory Practice Lead for a leading information security firm for nine years, a Management Consultant with Ernst & Young, held Technology Management and sales positions with CA and Oracle, and developed new offerings in the insurance industry as an Underwriter and Program Director with Willis Coroon/Chubb in underwriting risk. He is dedicated to helping customers implement the right solutions and services that best meet their business needs, thus allowing them to achieve new levels of success.

Education & Certifications

University of Michigan, Bachelor of Arts degree in Business Communications and Statistics; Case Western Reserve University, MBA in Management Information & Decision Systems; Stephen has also been a PCI Qualified Security Assessor and a Certified ISO 27001 Auditor.

Industry Contributions

Stephen has been quoted in such magazines as: Banking Info Security, Government IT, Wall Street Technology, Transaction World, Infosec Institute, Crains, Automation World, Modern Economics, among many others. He’s also presented at various events across the country including: ISACA, ISSA, SecureWorld, the Infosec Summit, Business of Security, the IoT World Forum, various Cisco events, and numerous webinars.

Passion for Security

Stephen’s passion is helping people. He addresses not only technical issues, but more importantly the human issues that CISO’s deem as their greatest areas of need. Stephen is counted on as an expert in risk, security, business intelligence, and decision support systems. Enterprise risk management is an area that many executives and boards are struggling with. He has assisted by giving clear direction and putting complex thoughts into layman’s terms.

Recent Blog Posts

Attacks on the Rise Through Office 365

By Stephen Marchewitz
In Business Risk Assessment, Incident Response, Incident Response & Forensics, Office 365 Security Assessment, Penetration Testing, Program Assessment & Compliance, Security Program Management, Security Remediation, Threat Hunting
Office 365 is the most popular line of digital services for businesses for a reason, but when it comes to cyberattacks, its ubiquity is creating challenges. If it seems like every week there’s a new headline about a large-scale hacking incident, it’s not a case of rampant fake news. According to the 2018 Symantec Internet Security...
Read
invoice fraud blog graphic

Invoice Fraud is Soaring – What you need to know

By Stephen Marchewitz
In Incident Response, Incident Response & Forensics
Organizations are losing thousands—and sometimes millions—of dollars from invoice fraud, which is also known as Business Email Compromise (BEC). At TrustedSec, we have seen a marked uptick in panicked, embarrassed, and/or angry folks reaching out to us for Incident Response and forensics work following a scam. Sometimes, organizations are able to recover some or all...
Read
security risk graphic

Top Six Security and Risk Management Questions

By Stephen Marchewitz
In Business Risk Assessment, Managed Services, Mergers & Acquisitions Security Assessment, Policy Development, Privacy & GDPR Compliance Assessment, Program Assessment & Compliance, Program Development, Program Maturity Assessment, Security Program Assessment, Security Program Management
Recently, Gartner put out a report on the top 10 inquiries regarding security projects. The report is based on their analysis of over 10,200 client interactions covering relevant security and risk management topics from July 2018 through January 2019 (see the research here). Interestingly enough, Trustedsec has heard similar inquiries regarding product offerings in discussions...
Read
View all posts from Stephen

Recent Webinars

Getting a Grip on CMMC—Tips and Tricks for the new Cybersecurity Maturity Model Certification

Register Now If you are in possession of Federal Contract Information (FCI) or Controlled Unclassified Information (CUI), now is the time to better address security and the new Cybersecurity Maturity Model Certification (CMMC). Not your father’s 800-171 For those of...
Watch

Dealing With Third-Party Risk Assessments: Creating and responding to vendor questionnaires

Recorded on Wednesday, September 25th Ain’t nobody got time for that! Are you feeling overwhelmed? Have you been diagnosed with a case of audit fatigue? The growth in third-party assessment requests has exploded–more and more organizations are being forced to...
Watch

You’ve Been Framed! Using Frameworks to Improve and Defend your Security Program

Recorded May 30, 2019 at 1 P.M. EST The majority of organizations that are in the process of building a security program are starting with a security framework. Frameworks seek to provide a reference for planning but also ensure that...
Watch
View all webinars from Stephen
Stephen Marchewitz

Want to work with Stephen Marchewitz or someone like him?

The TrustedSec team is comprised of experienced and qualified security professionals. Contact us to learn more about our services, our team, and how we can help you.
Contact Us