EXPERIENCE
Before joining TrustedSec, Paul Sems excelled at leading organizations in technology and executive leadership roles. He is a lifelong hacker with extensive experience assisting a wide range of organizations in meeting technology and security challenges.
Paul was the Senior Executive responsible for IT at Vitamix, a manufacturer and marketer of high-end blending products for both the foodservice industry and the consumer market. While at Vitamix, Paul built a world-class IT organization to support a half billion-dollar global enterprise. He initiated and managed the implementation of multiple business solutions that have been the foundation for significant growth and stability within the organization. Under his leadership, the organization selected, implemented, and supported solutions that proved to be a significant business enabler, supporting the massive growth that Vitamix experienced during his 10-year tenure.
At TrustedSec, Paul built and currently leads the Remediation Services team, which focuses on hardening environments before security incidents happen and helping firms remediate issues after a real or simulated breach. The team is focused on providing pragmatic solutions that improve clients' security postures.
EDUCATION & CERTIFICATIONS
Throughout this career, Paul has held other roles, including business owner, CTO, COO, network engineer, and product development engineer. He received a Master of Business Administration degree from Case Western Reserve University and undergraduate degree in Computer Science from The University of Akron. He is an inventor of US Patent US20190344232A1.
Featured Blogs And Resources
Discover the blogs, analysis, webinars, and podcasts by this team member.
What is Hackvertor (and why should I care)?
1.1 What’s Hackvertor and why should I care?Years ago, Gareth Heyes created a Burp Suite (Burp) extension called Hackvertor. It’s an extension with a lot…
Clickjacking: Not Just for the Clicks
tl;dr versionYou can trick users into "typing" inputs in a clickjacking attack.YouTube demo: https://www.youtube.com/watch?v=VIEZ1aByFvUPoC GitHub Repo:…
Book Review - The Definitive Guide to PCI DSS Version 4
As a PCI QSA, I have answered numerous questions about the new PC DSS Version 4. With over 500 total controls, and at least 100 of them unique to this version,…
The Triforce of Initial Access
LootWhile Red Teamers love to discuss and almost poetically describe their C2 feature sets, EDR evasion capabilities, and fast weaponizing of N-day exploits,…
JS-Tap: Weaponizing JavaScript for Red Teams
How do you use malicious JavaScript to attack an application you know nothing about?Application penetration testers often create custom weaponized JavaScript…
A Hitch-hacker's Guide to DACL-Based Detections (Part 3)
This blog series was co-authored by Security Consultant Megan Nilsen and TAC Practice Lead Andrew Schwartz.1 IntroductionIn this third and final…
A Hitch-hacker's Guide to DACL-Based Detections (Part 2)
This blog series was co-authored by Security Consultant Megan Nilsen and TAC Practice Lead Andrew Schwartz.1 IntroductionThis is a continuation of A…
A Hitch-hacker's Guide to DACL-Based Detections (Part 1B)
This blog series was co-authored by Security Consultant Megan Nilsen and TAC Practice Lead Andrew Schwartz.1 IntroductionIn this continuation to our first…
A Hitch-hacker's Guide to DACL-Based Detections (Part 1A)
This blog series was co-authored by Security Consultant Megan Nilsen and TAC Practice Lead Andrew Schwartz.1 IntroductionIf you were to collectively ask any…
Basic Authentication Versus CSRF
I was recently involved in an engagement where access was controlled by Basic Authentication. One (1) of the findings I discovered was a Cross-Site Request…
Empower your business through better security design.
Talk directly with our experienced advisory consultants to learn how we can help.
