EXPERIENCE
Zach Bevilacqua found his calling in Information Security after building a career in various PC repair positions before moving to System Administration and Engineering. Zach served as a subject matter expert for a Security Operations Center and fulfilled roles as a detection engineer and security controls tester, which allowed him to cover many aspects of Information Security.
EDUCATION & CERTIFICATIONS
- Offensive Security Certified Professional (OSCP)
INDUSTRY CONTRIBUTIONS
Zach has spoken at several conferences on topics ranging from threat hunting to building a detection and response program in the enterprise.
PASSION FOR SECURITY
Early in his career, Zach was interested in the offensive side of security. While working toward that goal, he learned about the world of Information Security and his place within it. Zach is driven by learning how things are broken and fixed and enjoys sharing his knowledge with others.
Featured Blogs And Resources
Discover the blogs, analysis, webinars, and podcasts by this team member.
From Zero to Purple
Learn how to create and deploy Internet Shortcut files for adversary emulation and detection engineering using Python, SMB, and WebDAV servers, a useful tool…
Engagement Guide: How to Prepare for Your Purple Team
TrustedSec's Purple Team engagements prepare clients for security assessments by identifying gaps in security coverage, logging, and tooling, with offerings…
Modeling Malicious Code: Hacking in 3D
This blog post reveals how attackers can exploit the.3mf file format to smuggle malicious code into an environment, bypassing off-the-shelf detection…
Tips for Incident Response Planning: Prepare Before Crisis Strikes
During our next webinar, our Incident Response experts will cover what organizations should do to prepare so they can respond quickly and be on the way to…
Inside the Modern Red Team: How Attackers Think, and What Defenders Miss
Discover how modern Red Teams think like attackers, what defenders often miss, and how to strengthen your cybersecurity posture.
Limiting Domain Controller Attack Surface: Why Less Services, Less Software, Less Agents = Less Exposure
Before we dive in, let’s get all the TrustedSec Certified Absolutes out of the way:All software presents some level of inherent risk.Only required software…
News 5 Cleveland - Elyria Police responded to a reported restaurant robbery. But it was actually an AI prank.
AI quality is evolving rapidly, making it easier than ever to create convincing fakes from a phone. Advisory Solutions Director Alex Hamerstone spoke with News…
Top 10 Blogs of 2025
Everyone has a year-end list, and this is ours. See what our top-performing cybersecurity blogs were in 2025, there could be some you might have missed!
News 5 Cleveland - Holiday Warning: Keeping your loved ones safe from scams
As the holidays approach, the most effective defense against fraud is an informed family. Advisory Solutions Director Alex Hamerstone spoke with News 5…
Security Advisory: React2Shell (CVE-2025-55182) - Critical RCE Vulnerability
A critical vulnerability affecting React Server Components (RSC) is being actively exploited. Here's what to look for and what to do next.
Empower your business through better security design.
Talk directly with our experienced advisory consultants to learn how we can help.
