Senior Security Consultant
Steve has more than 20 years of experience, ranging from software development, software quality, performance engineering, information security, and internal audit. Before TrustedSec, Steve performed a number of functions supporting security initiatives within the retail and healthcare industries. He has presented to and trained hundreds on automation, performance engineering, and attack mitigation techniques.
Education & Certifications
CISSP; PCI-QSA; CISA; received his BS from the University of Utah.
Passion for Security
Steve’s passion for security has grown out of a technical background in optimizing enterprise stability, which naturally led to work for stability through security. He enjoys presenting the value of security to both technical and executive staff.
Recent Blog Posts
The Endpoint Detection & Response (EDR) and Advanced Threat Protection (ATP) marketplace is abuzz with products that blur the lines of personal firewall, host-based intrusion detection system (IDS) and intrusion prevention system (IPS), anti-virus, system logging, and file integrity monitoring (FIM). These solutions are centrally managed from your web browser and include advanced dashboards for...
We are constantly barraged with new technologies and techniques for securing the enterprise. Every new thing we are told is crucially important, and if you don’t master all of it now, you are the next breach headline. It is intimidating to say the least. It is easy to look past the basics of securing the...
For those tempted to delay migration away from Secure Sockets Layer (SSL)/early Transport Layer Security (TLS)—don’t wait! This includes all versions of SSL and version 1.0 of TLS (TLS v1.1 and newer are fine). For Payment Card Industry Data Security Standard (PCI-DSS) compliance, you can’t simply migrate sometime before your next PCI audit. Rather, you...
Recorded July 24, 2019 at 1:00 P.M. EST The idea of segmenting your network is not new. However, even in 2019, we still see companies with flat networks ripe for attack. This provides a much greater opportunity for malicious actions...