EXPERIENCE
Steve Maxwell has 25 years of technical experience ranging from software development to software quality, performance engineering, Information Security, and audit. Before TrustedSec, Steve performed a number of IT functions supporting security initiatives across multiple industries. He has presented to hundreds on topics of automation, performance engineering, and information security.
EDUCATION & CERTIFICATIONS
- Bachelor of Science, University of Utah
- Certified Information Systems Security Professional (CISSP)
- Qualified Security Assessor (QSA)
- Certified Information Systems Auditor (CISA)
- Certified Data Privacy Solutions Engineer (CDPSE)
- ISO 27001 Lead Auditor
- CMMC Registered Practitioner
PROFESSIONAL AFFILIATIONS
Information Systems Audit and Control Association (ISACA)
PASSION FOR SECURITY
Steve’s passion for security is in helping his clients to improve their security and in preparing them to be ‘the smartest in the room’.
Featured Blogs And Resources
Discover the blogs, analysis, webinars, and podcasts by this team member.
Book Review - The Definitive Guide to PCI DSS Version 4
As a PCI QSA, I have answered numerous questions about the new PCI DSS Version 4. With over 500 total controls, and at least 100 of them unique to this…
Network Segmentation for the Rest of Us! How to get your segmentation project moving toward zero trust.
Implementing network segmentation can limit internal movement, improve access control, and slow down attacks, allowing for more time to react and reducing…
Strength Training With Transport Cryptology: Part 2
Review the latest PCI Security Standards Council (PCI-SSC) guidelines for evaluating application cipher suites and ensure compliance with version 4.0 standards…
Tips for Incident Response Planning: Prepare Before Crisis Strikes
During our next webinar, our Incident Response experts will cover what organizations should do to prepare so they can respond quickly and be on the way to…
Inside the Modern Red Team: How Attackers Think, and What Defenders Miss
Discover how modern Red Teams think like attackers, what defenders often miss, and how to strengthen your cybersecurity posture.
Limiting Domain Controller Attack Surface: Why Less Services, Less Software, Less Agents = Less Exposure
Before we dive in, let’s get all the TrustedSec Certified Absolutes out of the way:All software presents some level of inherent risk.Only required software…
News 5 Cleveland - Elyria Police responded to a reported restaurant robbery. But it was actually an AI prank.
AI quality is evolving rapidly, making it easier than ever to create convincing fakes from a phone. Advisory Solutions Director Alex Hamerstone spoke with News…
Top 10 Blogs of 2025
Everyone has a year-end list, and this is ours. See what our top-performing cybersecurity blogs were in 2025, there could be some you might have missed!
News 5 Cleveland - Holiday Warning: Keeping your loved ones safe from scams
As the holidays approach, the most effective defense against fraud is an informed family. Advisory Solutions Director Alex Hamerstone spoke with News 5…
Security Advisory: React2Shell (CVE-2025-55182) - Critical RCE Vulnerability
A critical vulnerability affecting React Server Components (RSC) is being actively exploited. Here's what to look for and what to do next.
Empower your business through better security design.
Talk directly with our experienced advisory consultants to learn how we can help.
