Skip to Main Content

Steph Saunders

Senior Security Consultant

Steph Saunders has over 10 years of experience in the Information Security field, working mainly in retail, critical manufacturing, and other IT organizations.


  • Bachelor of Science, Information Science, The University of Pittsburgh
  • Certified Ethical Hacker (CEH)
  • Certified Penetration Tester (CPT)
  • Cybersecurity Maturity Model Certification - Registered Practitioner (CMMC-RP)
  • ISO 27001 - Lead Implementer
  • ISO 27001 - Lead Auditor
  • Lean Six Sigma - Yellow Belt
  • PCI Qualified Security Assessor (PCI QSA)


  • InfraGard Board of Directors - Treasurer
  • BSides Pittsburgh - Volunteer
  • Three Rivers Information Security Symposium (TRISS) - Planning
  • Committee and Treasurer
  • 3 Cups of Coffee Mentor - Cybersecurity - PA Women Works
  • WiCyS Pittsburgh - Founding Board Member

Steph actively presents at various Pittsburgh Information Security events, such as InfraGard, ISC2, ISACA, TRISS, etc. Steph is an active mentor in cybersecurity, a frequent cybersecurity panelist, and an overall connection-maker for the Information Security community. Steph has hosted various webinars on topics ranging from ransomware and Incident Response to GRC updates and best practices.

Steph is passionate about Information Security as a whole. She particularly enjoys promoting best practices for education and awareness training, especially from a Defense in Depth (DiD) perspective. She is an expert in physical security, Incident Response, governance risk, and compliance, and is always improving her forensics and assessment skills through learning about each security domain. She has developed and hosted tabletop exercises while creating relationships in the security field, IT, and other parts of organizations.

Featured Blogs And Resources

Discover the blogs, analysis, webinars, and podcasts by this team member.

Webinars October 11 2023

Staying Aligned: IR Program Maturity

Join Senior Security Consultant Steph Saunders (CEH, CPT, CMMC-RP) to discover ways you can stay aligned with your IR Program Maturity.

Read about this article
Webinars August 17 2022

Ensuring Ransomware Resilience

In this insightful and interactive discussion, you’ll hear cyber security experts Steph Saunders and Paul Sems discuss the relevant components of how you…

Read about this article
Training Resources May 02 2024

Actionable Purple Team Simulation Online Training (May 2-3)

Learn how to create specific detections to identify early Indicators of Compromise (IOCs) in our online course. Designed for those looking to improve their…

Read about this article
Events TrustedSec HQ | April 30 2024

ISC2 Cleveland Chapter Member Meeting April 2024

ISC2 Cleveland Chapter April MeetupCome join us for our April Meetup! Our Cleveland Chapter is hosting an exciting in-person event for all cybersecurity…

Read about this article
Webinars April 17 2024

Enter the Sandbox: Impede Detection Platform v1.1 Release

Join us for our webinar with Director of Product Operations Ben Mauch, where you can get a look at the new Impede Detection Platform updates and the all-new…

Read about this article
Blog April 16 2024

PCI DSS Vulnerability Management: The Most Misunderstood Requirement – Part 2

Risk RankingThis is part two (2) of a three (3) part series on PCI DSS version 4.0 requirement 6.3.1, for identification and management of vulnerabilities.…

Read about this article
Events Kennedy Space Center, Florida | April 12 2024

Hack Space Con 2024

Founder and CEO David Kennedy is the keynote speaker at this year's Hack Space Con! We are also proud to sponsor this event.

Read about this article
Podcasts April 12 2024

Security Noise - Episode 6.18

Careers in InfoSec: Where do you want to go today?

Read about this article
Blog April 11 2024

PCI DSS Vulnerability Management: The Most Misunderstood Requirement – Part 1

Vulnerability IdentificationPCI DSS version 4.0 requirement 6.3.1, for identification and management of vulnerabilities, and its predecessors in previous…

Read about this article
Blog April 09 2024

A Hitch-Hacker's Guide To DACL-Based Detections - The Addendum

 This blog was co-authored by TAC Practice Lead Megan Nilsen and Andrew Schwartz.1    IntroductionLast year, Andrew and I posted a four (4) part blog series…

Read about this article

Empower your business through better security design.

Talk directly with our experienced advisory consultants to learn how we can help.