Skip to Main Content

Rick Yocum

Managing Director of Advisory Services

Rick Yocum has been helping organizations elevate their security and compliance practices for more than 16 years. Rick has consulted for—and led—InfoSec programs at organizations of all sizes and in nearly all industries, and has extensive experience in the fields of education, finance, government, manufacturing, logistics, and service delivery. Pragmatic and resourceful, Rick provides actionable security and compliance solutions through a combination of simplification, creative reuse of existing tools/processes, and the application/reinforcement of proven security and compliance patterns.


  • Bachelor of Science, Accounting Information Systems, Duquesne University
  • Bachelor of Science, Management Information Systems, Duquesne University
  • Certified Data Privacy Solutions Engineer (CDSPE), ISACA
  • ISO Lead Auditor, BSI

Rick is an active participant in the InfoSec community and has spoken at a variety of industry events including BSides, ISSA, IANS, and the CSO Breakfast Club. He currently serves on the organizing committee for BSides Pittsburgh.

Rick is passionate about identifying and exploring creative ways to enhance security and compliance programs—from using theater to train Incident Response teams to utilizing iconography to communicate the nature and status of control environments. Additionally, Rick is working on programs to better leverage behavioral economics, game theory, and psychology-adjacent fields to improve organizational security posture and reduce an industry-wide shortage of skilled security practitioners.

Featured Blogs And Resources

Discover the blogs, analysis, webinars, and podcasts by this team member.

Webinars March 09 2022

Making Cyber Insurance Questionnaires Work For Your Security Program

Join Dan Haneline, Senior Vice President of Marsh McLennan, and Rick Yocum, Managing Director of Advisory Services at TrustedSec, as they discuss the security…

Read about this article
Webinars March 17 2021

Navigating the Trail to GDPR Compliance

Join Principal Security Consultant Rick Yocum for this live webinar as he makes understanding GDPR informative and entertaining.

Read about this article
Webinars March 03 2021

CMMC: Feedback From the Trenches

Join GRC Principal Security Consultant Rick Yocum, Practice Lead Alex Hamerstone, and Security Program Director Stephen Marchewitz as they discuss the tips and…

Read about this article
Blog February 23 2021

CMMC Small Business Funding Roundup

TrustedSec works with clients of all sizes on Cybersecurity Maturity Model Certification (CMMC) readiness engagements, but recently we’ve received a few…

Read about this article
Webinars December 09 2020

Improving SIEM and MSSP Performance

Join Ben Mauch, Team Lead, Defense & Countermeasures, and Rick Yocum, Principal Advisory Consultant, who will discuss the various elements of gaining greater…

Read about this article
Blog November 10 2020

Nine Things to Know About the CMMC

The Cybersecurity Maturity Model Certification (CMMC) ( is a program being developed to help ensure that specific types of…

Read about this article
Blog August 25 2020

Two Simple Ways to Start Using the MITRE ATT&CK Framework

While there is a wealth of free information intended to help larger organizations use the MITRE ATT&CKTM Framework, these resources often assume that the…

Read about this article
Webinars July 15 2020

MITRE ATT&CK™ Solutions Update and Evolution: Exploring Advanced Applications of ATT&CK

Join TrustedSec to discuss how your organization is making better use of the ATT&CK framework, hear from some of the leading experts on incorporating it into…

Read about this article
Blog May 19 2020

Want Better Alerting? Consider Your Business Processes

Logging, monitoring, and alerting programs are some of the most critical elements of any security and compliance program, but traditional approaches for…

Read about this article
Blog April 30 2020

Vendor Enablement: Rethinking Third-Party Risk

Third-party risk management is an essential element of information security. It is common to see news about a large company being breached, and after learning…

Read about this article

Empower your business through better security design.

Talk directly with our experienced advisory consultants to learn how we can help.