As organizations’ internal, adversary, and market landscapes change almost daily, developing and maintaining an effective information security strategy can be increasingly difficult. More often than not, available security analysts and security engineers lack the latest expertise and creativity to stay on top of the current tools, tactics, and procedures. As a result, businesses are investing more time, effort, and resources in security to reduce potential risk.
TrustedSec is a company that has assembled industry-leading advisors, hackers, and researchers over the last several years to help secure the infrastructure of its partners. TrustedSec was built with the goal to focus on continual improvement on clients’ information security programs. The security consulting firm develops security strategy and objective program measurement, which helps to reduce risk, improve availability, and most importantly, allows an organization to focus on its key business activities. The company, headquartered in Cleveland, Ohio, was founded on the belief that the information security industry is in need of extremely tailored and niche services, aimed at maturing company security programs. The team at TrustedSec focuses on what matters most around protecting its clients’ enterprises, by building on their current security foundation with trustworthy consultants.
A Security Expert with a Passion to Secure Enterprises
David Kennedy, the founder of TrustedSec, started the company with the vision of building the world’s best security services company, to help increase its clients’ security posture, and reduce their risk in an ever-changing cyber landscape. He wanted to build an organization that helps others in a profound way; serving as technical security experts and advisors to companies of all sizes and industry verticals.
Prior to starting TrustedSec, David was the Chief Security Officer (CSO) for Diebold Incorporated, a Fortune 1000 company with locations in over 80 countries. He developed a global security program that tackled all aspects of information security and risk management. Prior to Diebold, David started his professional career as a member of the United States Marine Corps (USMC) and was deployed to Iraq twice for intelligence related missions.
David is an admired thought leader within the security field and has presented at over 300 conferences worldwide. He has made numerous guest appearances on Fox News, CNN, CNBC, MSNBC, the Huffington Post, Bloomberg, BBC, The Katie Couric Show, and other high-profile media outlets. He wrote the Social-Engineer Toolkit (SET), co-authored Metasploit: The Penetration Tester’s Guide, co-founded the Penetration Testing Execution Standard (PTES), and co-founded DerbyCon.
Services Offered by TrustedSec
TrustedSec provides services comprising cutting-edge techniques and unequivocally reliable support. Security services provided by TrustedSec are segmented into two groups: Technical and Advisory.
The Technical Services Group
The Technical Services division at TrustedSec provides world-class technical consulting and support to a wide range of client operations, spanning multiple business verticals. TrustedSec consultants are involved in daily planning, testing, engineering, and operational support with a clear focus on security for a wide range of environments and products. TrustedSec is and always will be vendor agnostic.
Services performed by the Technical Services group include Penetration Testing, Adversarial Attack Simulation (Red Teaming), Application Security, Incident Response, Social Engineering, Breach Assessments, Adversarial Detection & Countermeasures (Purple Team), Hardware Security Assessments, Vulnerability Assessments, and Training. These services follow the Penetration Testing Execution Standard (PTES), a standard that has gained wide adoption within the security community, as a methodical way to approach penetration testing.
The Advisory Services Group
The Advisory Services group aids organizations of all sizes and industry verticals in assessing exposure to risk, policies and procedures, and compliance with various standards and regulations. TrustedSec’s Advisory Services group is broken up into three core areas to help organizations meet these challenges: Governance, Risk, and Compliance (GRC), Payment Card Industry (PCI), and the Office of the CSO (Chief Security Officer).
An organization’s GRC activities are managed and enhanced by allowing it to seize opportunities, stay a step ahead of uncertainty, and meet stakeholder expectations. TrustedSec is a Qualified Security Assessor (QSA) through the PCI Security Standards Council and is able to provide full PCI DSS (Data Security Standard) services. Furthermore, the company’s CSO offerings are a blend of program management and technical assessments, to improve both governance and technical aspects of the risk management process.
Factors Driving the Company to the Pinnacle of Success
TrustedSec is a leader in the industry, which is attributable to the knowledge, expertise, and experience of its founder along with the nation’s best-of-the-best consultants working alongside him. However, in order to sustain the leading position in the industry, an organization needs to establish unique approaches to the business. Following are a few significant factors leading to the continuous growth of the company:
Customized Approach to Security
Security technology is rapidly advancing. Organized crimes by competent, malicious attackers are not constrained by traditional techniques, and thus can bypass controls much more effectively than typical firms even know.
While many security consultancies rely heavily on automated scanners to perform security assessments, TrustedSec is a company that takes a mostly manual approach. TrustedSec “attacks” companies to expose their vulnerabilities, simulating a malicious attacker seeking to gain the clients’ confidential data and intellectual property. It is through this manual approach that TrustedSec is able to identify potential areas of weakness within the technical security controls that a scanner alone would most likely miss.
Close Client Relationships
TrustedSec prides itself on close client relationships and continual communication. During an assessment, the consultants provide complete transparency through testing activities and disclose critical vulnerabilities immediately, if discovered. After the engagement concludes, TrustedSec produces a deliverable that prioritizes the areas of greatest risk and the recommended ways to mitigate and strengthen the security defenses, creating a roadmap to enhance your security posture. Consultants are always available after the engagement concludes to answer any questions and provide further assistance where needed.
Best Professionals in the Industry
TrustedSec hires the top, most well-respected consultants that are handpicked by David and the rest of the team. The accomplishments of the company, continued focus on improving the industry, and core company culture make TrustedSec extremely attractive to the best professionals in the industry. Furthermore, the consultants have distinct areas of knowledge and expertise, which enables TrustedSec to assemble the best team for each engagement.
Every member of the team has been selected for not only their expert technical skills, but for their ethical character and dedication to making an impact – acting together on a mission to evolve and enhance the InfoSec community. The consultants regularly write open source tools and speak and teach at national and regional conferences such as DEF CON, Blackhat, BSides, and DerbyCon.
Right Ethics with Expertise
The foundation and principles of TrustedSec are rooted in always ‘doing the right thing’. That is easy to claim, but very difficult to achieve for many organizations. Nonetheless, under the leadership of David, the company has been infused with an honest and ethical culture. “It has had an amazing impact on the culture and we all share pride in conducting ourselves this way,” asserts David referring to the same.
TrustedSec understands the nature of multiple business verticals and the associated difficulties in developing a security conscious culture within an organization. Having built a number of security programs and matured the security posture of many organizations, TrustedSec is one of the leading security consulting firms in the nation. Instead of being “just another vendor,” TrustedSec prides itself on developing long-term relationships with its clients, by establishing trust and delivering services that enhance the security of businesses.