Skip to Main Content

Steph Saunders

Senior Security Consultant

EXPERIENCE
Steph Saunders has over 10 years of experience in the Information Security field, working mainly in retail, critical manufacturing, and other IT organizations.

EDUCATION & CERTIFICATIONS

  • Bachelor of Science, Information Science, The University of Pittsburgh
  • Certified Ethical Hacker (CEH)
  • Certified Penetration Tester (CPT)
  • Cybersecurity Maturity Model Certification - Registered Practitioner (CMMC-RP)
  • ISO 27001 - Lead Implementer
  • ISO 27001 - Lead Auditor
  • Lean Six Sigma - Yellow Belt
  • PCI Qualified Security Assessor (PCI QSA)

PROFESSIONAL AFFILIATIONS

  • InfraGard Board of Directors - Treasurer
  • BSides Pittsburgh - Volunteer
  • Three Rivers Information Security Symposium (TRISS) - Planning
  • Committee and Treasurer
  • 3 Cups of Coffee Mentor - Cybersecurity - PA Women Works
  • WiCyS Pittsburgh - Founding Board Member

INDUSTRY CONTRIBUTIONS
Steph actively presents at various Pittsburgh Information Security events, such as InfraGard, ISC2, ISACA, TRISS, etc. Steph is an active mentor in cybersecurity, a frequent cybersecurity panelist, and an overall connection-maker for the Information Security community. Steph has hosted various webinars on topics ranging from ransomware and Incident Response to GRC updates and best practices.

PASSION FOR SECURITY
Steph is passionate about Information Security as a whole. She particularly enjoys promoting best practices for education and awareness training, especially from a Defense in Depth (DiD) perspective. She is an expert in physical security, Incident Response, governance risk, and compliance, and is always improving her forensics and assessment skills through learning about each security domain. She has developed and hosted tabletop exercises while creating relationships in the security field, IT, and other parts of organizations.

Featured Blogs And Resources

Discover the blogs, analysis, webinars, and podcasts by this team member.

Webinars October 11 2023

Staying Aligned: IR Program Maturity

Join Senior Security Consultant Steph Saunders (CEH, CPT, CMMC-RP) to discover ways you can stay aligned with your IR Program Maturity.

Read about this article
Webinars August 17 2022

Ensuring Ransomware Resilience

In this insightful and interactive discussion, you’ll hear cyber security experts Steph Saunders and Paul Sems discuss the relevant components of how you…

Read about this article
Webinars February 05 2025

2024 Conference Roundup

Join our panelists David Kennedy, Justin Elze, Jason Lang, and Oddvar Moe for their firsthand accounts and perspectives on what people were talking about at…

Read about this article
Blog January 23 2025

Operating Inside the Interpreted: Offensive Python

IntroductionEvery once in a while, I get the urge to go back and revisit older techniques that used to be popular but have fallen out of favor with the…

Read about this article
News January 21 2025

TrustedSec Tech Brief - January 2025

Carlos Perez walks us through several major vulnerabilities and patches from early January 2025, including a critical Fortinet FortiGate zero-day vulnerability.

Read about this article
Podcasts January 17 2025

Security Noise - Episode 7.9

On this episode of the Security Noise Podcast, we discuss user enumeration on Azure and "presence data" in Microsoft Teams with nyxgeek.

Read about this article
Webinars January 15 2025

DOD Contract Compliance: DFARS 7012 and CMMC

Advisory Compliance Practice Lead Chris Camejo will take a deep dive into the Department of Defense requirements for protecting FCI and CUI.

Read about this article
Blog January 14 2025

Command Line Underdog: WMIC in Action

My typical engagements are mostly Red Teams, so I do not often get a chance to play with terminal server application breakouts—but on a recent engagement, I…

Read about this article
Blog January 07 2025

Solving NIST Password Complexities: Guidance From a GRC Perspective

Not another password change! Isn’t one (1) extra-long password enough? As a former Incident Response, Identity and Access Control, and Education and Awareness…

Read about this article
Podcasts December 20 2024

Security Noise - Episode 7.8

Farewell 2024

Read about this article

Empower your business through better security design.

Talk directly with our experienced advisory consultants to learn how we can help.