Skip to Main Content
All Trimarc services are now delivered through TrustedSec! Learn more

Justin Elze

CTO, Director of Research

EXPERIENCE
Justin Elze is currently serving as Chief Technology Officer at TrustedSec. Over his 8 years with the company as an InfoSec expert, Justin has used his vast expertise in enterprise penetration testing, network security, social engineering, and red teaming to identify clients’ vulnerabilities and ultimately, protect their technology infrastructure. Prior to becoming CTO, Justin held the roles of Director of Innovation, Research, and Advanced Testing and Principal Security Consultant for TrustedSec.

With more than a decade of experience in the IT industry, Justin’s expertise is increasingly sought out by others in the field. He has taught at Black Hat and spoken at DerbyCon, where he also served on the CFP Review Board, and is also featured as an industry leader in the published books Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World and Tribe of Hackers Red Team: Tribal Knowledge from the Best in Offensive Cybersecurity.

Prior to joining TrustedSec, Justin was a Senior Penetration Tester for Accuvant LABS, Optiv, Dell SecureWorks, and Redspin, where he led numerous red team engagements and penetration tests. He has worked across a variety of industries, including roles for ISPs, hosting companies, Department of Defense contracting companies, and consulting companies. Today, he leans on what he learned throughout his roles in various capacities to inform his choices as CTO and further his thought leadership in the industry.

Outside of his work experience and “ethical hacker” persona, Justin is passionate about building, tuning, and racing cars (and, yes, occasionally hacking them) and spending time with his 3 dogs. You can find his latest musings—security-related and otherwise—on his Twitter account, @HackingLZ.

Featured Blogs And Resources

Discover the blogs, analysis, webinars, and podcasts by this team member.

Blog May 18 2023

Walking the Tightrope: Maximizing Information Gathering while Avoiding Detection for Red Teams

Understanding network reconnaissance without detection is crucial in commercial testing, leveraging tools like BloodHound and scripts to gather valuable…

Read about this article
Blog March 17 2023

Critical Outlook Vulnerability: In-Depth Technical Analysis and Recommendations (CVE-2023-23397)

Protect your organization from the Microsoft Outlook CVE-2023-23397 vulnerability with expert guidance and a simple remediation script.

Read about this article
Webinars March 15 2023

Ask Me Anything: Penetration Testing Innovations and Insights

Join David Kennedy & Justin Elze for a live Q&A on penetration testing, tackling the ever-changing tactics used by attackers, and get answers to your burning…

Read about this article
Webinars December 14 2021

Log4j: Live Update Webcast

Learn how to detect and respond to the Log4j vulnerability with experts from TrustedSec & Binary Defense, including David Kennedy, during our live webcast.

Read about this article
Blog July 15 2025

HIPAA, HITECH, and HITRUST - It’s HI Time to Make Sense of it All

Organizations in the health care sector and those that work with it often hear about HIPAA, HITECH, and HITRUST compliance but may not understand what they all…

Read about this article
Blog July 10 2025

Azure's Front Door WAF WTF: IP Restriction Bypass

The Azure Front Door Web Application Firewall (WAF) has an "IP restriction" option that can be bypassed with the inclusion of an HTTP header. What's worse?…

Read about this article
Blog July 08 2025

CVE-2025-1729 - Privilege Escalation Using TPQMAssistant.exe

While digging into the internals of my new Lenovo ThinkPad P1 Gen7, I came across an unexpected discovery that quickly escalated from curiosity to a viable…

Read about this article
Blog July 01 2025

Abusing Chrome Remote Desktop on Red Team Operations: A Practical Guide

In this post, we’ll be exploring a practical technique for abusing Chrome Remote Desktop (also known as Google Remote Desktop) within a Red Team operation. I…

Read about this article
Blog June 24 2025

NIST CSF 2.0 Ratings and Assessment Methodologies for Scorecards – When the Math isn’t “Mathing”

As a Senior Security Consultant and National Institute of Standards and Technology (NIST) expert, the question I get asked the most is, how do we compare…

Read about this article
Blog June 17 2025

Attacking JWT using X509 Certificates

Take a closer look at JWT signature verification using X.509 headers as we walk through an attack and demonstrate a Burp extension to exploit a known…

Read about this article

Empower your business through better security design.

Talk directly with our experienced advisory consultants to learn how we can help.