Optimize configurations, remedy issues, and offer assistance
Harden your security program with the help of our security experts.
Align infrastructure with industry best practices
Focused, efficient systems reduce the overall attack surface for a more secure operation.
Resolve misconfigurations
Identify and remediate configuration errors to keep systems running smoothly.
Allocate budget efficiently
Pinpoint areas that need more (and less) investment to ensure every dollar is spent wisely.
Supplement security resources
Resolve issues before they escalate, reducing the need to hire new staff in times of duress.
Ensure recommendations are applied correctly
Double-check that security recommendations are administered efficiently and as intended.
Security hardening services
Discover services to harden your security program.
Active Directory Security Assessment
Active Directory (AD) serves as the foundation of enterprise identity management, controlling authentication, access controls, and trust relationships across…
Architecture Assessments
Evaluate your organization's cybersecurity technology defense posture.
Policy & Procedure Development
Documented policies and procedures take the guesswork out of InfoSec and enable an organization to manage business risk through defined controls, providing a…
Hardening & Remediation Services
TrustedSec helps you implement practical, systematic improvements in your security program before you experience a security incident, solving problems before…
Training
Available to lead seminars on a wide range of topics, TrustedSec will work with your team to customize content and determine how to most effectively help you…
Loading...
Security expertise meets security passion
Meet the talented, security-obsessed team invested in achieving your goals.
“Our product-agnostic approach enables us to give a truly unbiased evaluation.”Steph SaundersSenior Security Consultant
Steph Saunders
Senior Security ConsultantSteph performs a variety of security assessments from Incident Response to Compliance. She is passionate about helping communities and companies mature in cybersecurity and utilize best practices.
“Our collaborative culture and reputation has attracted the most passionate, highly skilled professionals in the industry. It's incredible to see that the work we are doing is changing the industry.”Larry SpohnPractice Lead, Force
Larry Spohn
Practice Lead, ForceLarry Spohn is a highly experienced security consultant with over 20 years of experience in the industry and a proven track record of success in assessing and improving the security posture of organizations of all sizes. Larry is not only a skilled technical analyst with a deep understanding of security threats and vulnerabilities, but he is also an excellent communicator and trainer who is adept at conveying complex security concepts to both technical and non-technical audiences.
“Leveraging the collective intelligence of TrustedSec is like a cheat-code I get to use every day.”Costa PetrosSenior Security Consultant
Costa Petros
Senior Security ConsultantCosta Petros performs a wide array of Penetration Testing but specializes in Social Engineering and Physical Penetration Testing from a Penetration Test and Red Team perspective. In addition, he has spoken as a subject matter expert at conferences, client focused training sessions, plus client vendor and customer webinars and meetings.
The First Steps on Your Zero Trust Journey
Find out how the NIST 800-207 framework is a starting point that demystifies Zero Trust.
Practical cybersecurity thought-leadership
Discover our experts’ innovative blogs, webinars, podcasts.
Purple Team Defense Strategies
Join Senior Security Consultant Sarah Norris and Security Consultant Zach Bevilacqua for a deep dive into how to create action items for a robust defense…
Security Noise - Footprint Discovery for Red Teamers
On this episode of Security Noise, our team discusses footprinting and reconnaissance techniques for red teamers, including identifying a target's online…
Hack-cessibility: When DLL Hijacks Meet Windows Helpers
In preparation for a talk, Jason Lang (@curi0usJack) and I were doing at MCTTP about mining TTPs from VX-underground, we both ended up doing research based on…
Security Noise - CON Men: Wild West Hackin' Fest + GrrCON
On this episode of Security Noise, we are discussing two of our favorite cybersecurity conferences Wild West Hackin' Fest and GrrCON! Our team presented at…
Detecting Password-Spraying in Entra ID Using a Honeypot Account
Password-spraying is a popular technique which involves guessing passwords to gain control of accounts. This automated password-guessing is performed against…
There's More than One Way to Trigger a Windows Service
Service triggers can be a pentester’s secret weapon, letting low-priv users quietly fire up powerful services like Remote Registry and EFS. Learn how they can…
Incident Response: Lessons From the Front Lines
IR Practice Lead Carlos Perez will draw from recent, anonymized investigations to expose the most devastating failure patterns our Incident Response team has…
Skimming Credentials with Azure's Front Door WAF
Your Web Application Firewall (WAF) sees EVERYTHING. In this blog, we demonstrate how an attacker with access to Azure Front Door’s WAF and Log Analytics can…
PCI P2PE vs. E2EE – Scoping it Out
If your payment processor says they use “End-to-End Encryption” your PCI DSS compliance scope may be bigger than you expect. In this blog, we break down how…
Security Noise - Cybersecurity Awareness Month 2025
In this episode, we are talking cybersecurity awareness with Alex Hamerstone! This discussion covers authentication practices, compliance, IoT, and scams using…
Empower your business through better security design.
Talk directly with our experienced advisory consultants to learn how we can help.
