Thomas Millar

Senior Security Consultant


Thomas joined the TrustedSec IR team with twenty years of system security and digital forensics experience. His area of focus has been Network Intrusion and Incident Response. Prior to joining the TrustedSec IR team, he was employed to support the IT needs for a small private university in Northern California. Thomas also worked as an IR consultant for RSA NetWitness and IBM Emergency Response Services.

Education & Certifications

Thomas attended Forensics Response training at Carnegie Mellon University (CMU) and the US Defense Cyber Investigations Training Academy (DCITA). He has had additional education in cyber operations from the US Army for both offensive and defensive efforts at the Cyber Center of Excellence (CCOE) in Fort Gordon, GA. He is also a graduate of the Cyberspace Operations Planners Course (COPC), where senior military leaders devise and formulate real world mission planning, from initial tasking and concept to execution. Thomas also holds the GIAC Certified Incident Handler Certification (GCIH) and ISC^2 CISSP.

Professional Affiliations

• Military Cyber Professionals Association (MCPA)
• South Bay Amateur Radio Society (SOBARS)
• American Radio Relay League (ARRL)

Industry Contributions

Thomas’s work has been published in two (2) IBM X-Force Threat Intelligence Quarterly journal articles. He was also a contributing author to the Cisco Router and Switch Forensics book by Syngress Publishing.

Passion for Security

Thomas has been driven by curiosity at an early age anytime something was locked or obscured. This developed a keen interest into finding all that can be revealed in computer intrusion examinations and security breaches. Thomas especially enjoys situations that involve Linux host analysis, but always leaves room to learn about other systems and platforms.

Recent Blog Posts

Getting Analysis Practice from Windows Event Log Sample Attacks

Throughout my career as an Incident Responder, one of the most invaluable skillsets I have had to draw on has been analysis of Windows event logs. These event logs are an invaluable source of information to forensic practitioners, as they are crucial in determining the cause of events during computer security incidents. Windows event logs...
ESXiArgs on the TrustedSec Blog

ESXiArgs: What you need to know and how to protect your data

Threat Overview Around February 03, 2023, a ransomware campaign called “ESXiArgs” emerged that targeted Internet-facing VMware ESXi servers running versions older than 7.0. Though not confirmed, it has been reported by the French CERT (CERT-FR), BleepingComputer, and other sources that the campaign leverages CVE-2021-21974, which is a three-year-old vulnerability in the OpenSLP component of the...
Linus History File Timestamps on the TrustedSec Security Blog

The Benefits of Enabling Timestamps in Your Command-Line History

While working at TrustedSec, I was issued a new company-furnished laptop to work from. While the Mac OS environment was useful, I found it useful to also setup an Ubuntu virtual machine. One reason is so I can have access to a Linux host that is very similar to the garden variety of Linux systems...
View all posts from Thomas

Want to work with Thomas Millar or someone like him?

The TrustedSec team is comprised of experienced and qualified security professionals. Contact us to learn more about our services, our team, and how we can help you.
Contact Us