Steve Maxwell

Senior Security Consultant

Experience

Steve has more than 20 years of experience, ranging from software development, software quality, performance engineering, information security, and internal audit. Before TrustedSec, Steve performed a number of functions supporting security initiatives within the retail and healthcare industries. He has presented to and trained hundreds on automation, performance engineering, and attack mitigation techniques.

Education & Certifications

CISSP; PCI-QSA; CISA; received his BS from the University of Utah.

Passion for Security

Steve’s passion for security has grown out of a technical background in optimizing enterprise stability, which naturally led to work for stability through security. He enjoys presenting the value of security to both technical and executive staff.

Recent Blog Posts

Strength Training With Transport Cryptology: Part 2

By Steve Maxwell
In PCI Assessment, Privacy & GDPR Compliance Assessment, Program Assessment & Compliance
In part 1 of this blog series, we explored objective standards for evaluating application cipher suites using the National Institute of Standards and Technology (NIST) standard. Reviewing that is not required to continue here. For those of us lucky enough to apply cryptology within a Payment Card Industry (PCI) context, this part is for you....
Read

Strength Training With Transport Cryptology: Part 1

By Steve Maxwell
In PCI Assessment, Privacy & GDPR Compliance Assessment, Program Assessment & Compliance
I have a pretty good gig. I get to see the unique security approaches of dozens of companies every year. Sometimes the things we discuss come up so frequently, they should probably be shared…anonymously, of course. Frequently, folks are tasked with fixing insecure transport security. This is often due to test results from: Introducing new...
Read

Making EDR Work for PCI

By Steve Maxwell
In Business Risk Assessment, Endpoint Hygiene Automation, Mergers & Acquisitions Security Assessment, PCI Assessment, Program Assessment & Compliance, Remediation Assistance & Training, Security Remediation
The Endpoint Detection & Response (EDR) and Advanced Threat Protection (ATP) marketplace is abuzz with products that blur the lines of personal firewall, host-based intrusion detection system (IDS) and intrusion prevention system (IPS), anti-virus, system logging, and file integrity monitoring (FIM). These solutions are centrally managed from your web browser and include advanced dashboards for...
Read
View all posts from Steve

Recent Webinars

Network Segmentation for the Rest of Us! How to get your segmentation project moving toward zero trust.

Recorded July 24, 2019 at 1:00 P.M. EST The idea of segmenting your network is not new. However, even in 2019, we still see companies with flat networks ripe for attack. This provides a much greater opportunity for malicious actions...
Watch
View all webinars from Steve

Recent Podcasts

TrustedSec Security Podcasts

Process, Process, Process

September 26, 2022

Let Us Diagnose Your Information Security Failings

September 26, 2022

(For Workgroups) Ghidra, Citrix and Beto Oh My!

September 26, 2022

Want to work with Steve Maxwell or someone like him?

The TrustedSec team is comprised of experienced and qualified security professionals. Contact us to learn more about our services, our team, and how we can help you.
Contact Us