EXPERIENCE
Rick Yocum has been helping organizations elevate their security and compliance practices for more than 16 years. Rick has consulted for—and led—InfoSec programs at organizations of all sizes and in nearly all industries, and has extensive experience in the fields of education, finance, government, manufacturing, logistics, and service delivery. Pragmatic and resourceful, Rick provides actionable security and compliance solutions through a combination of simplification, creative reuse of existing tools/processes, and the application/reinforcement of proven security and compliance patterns.
EDUCATION & CERTIFICATIONS
- Bachelor of Science, Accounting Information Systems, Duquesne University
- Bachelor of Science, Management Information Systems, Duquesne University
- Certified Data Privacy Solutions Engineer (CDSPE), ISACA
- ISO Lead Auditor, BSI
INDUSTRY CONTRIBUTIONS
Rick is an active participant in the InfoSec community and has spoken at a variety of industry events including BSides, ISSA, IANS, and the CSO Breakfast Club. He currently serves on the organizing committee for BSides Pittsburgh.
PASSION FOR SECURITY
Rick is passionate about identifying and exploring creative ways to enhance security and compliance programs—from using theater to train Incident Response teams to utilizing iconography to communicate the nature and status of control environments. Additionally, Rick is working on programs to better leverage behavioral economics, game theory, and psychology-adjacent fields to improve organizational security posture and reduce an industry-wide shortage of skilled security practitioners.
Featured Blogs And Resources
Discover the blogs, analysis, webinars, and podcasts by this team member.
The Triforce of Initial Access
LootWhile Red Teamers love to discuss and almost poetically describe their C2 feature sets, EDR evasion capabilities, and fast weaponizing of N-day exploits,…
JS-Tap: Weaponizing JavaScript for Red Teams
How do you use malicious JavaScript to attack an application you know nothing about?Application penetration testers often create custom weaponized JavaScript…
A Hitch-hacker's Guide to DACL-Based Detections (Part 3)
This blog series was co-authored by Security Consultant Megan Nilsen and TAC Practice Lead Andrew Schwartz.1 IntroductionIn this third and final…
A Hitch-hacker's Guide to DACL-Based Detections (Part 2)
This blog series was co-authored by Security Consultant Megan Nilsen and TAC Practice Lead Andrew Schwartz.1 IntroductionThis is a continuation of A…
A Hitch-hacker's Guide to DACL-Based Detections (Part 1B)
This blog series was co-authored by Security Consultant Megan Nilsen and TAC Practice Lead Andrew Schwartz.1 IntroductionIn this continuation to our first…
A Hitch-hacker's Guide to DACL-Based Detections (Part 1A)
This blog series was co-authored by Security Consultant Megan Nilsen and TAC Practice Lead Andrew Schwartz.1 IntroductionIf you were to collectively ask any…
Basic Authentication Versus CSRF
I was recently involved in an engagement where access was controlled by Basic Authentication. One (1) of the findings I discovered was a Cross-Site Request…
Okta for Red Teamers
For a long time, Red Teamers have been preaching the mantra “Don’t make Domain Admin the goal of the assessment” and it appears that customers are listening.…
Creative Process Enumeration
Very often in engagements, you'll want to list out processes running on a host. One thing that is beneficial is to know is if the processes is a 64-bit or…
Crafting Emails with HTML Injection
Have you ever wanted to send an email from a domain you don’t have SMTP credentials for? With some HTML injection, we may be able to do just that. From time to…
Empower your business through better security design.
Talk directly with our experienced advisory consultants to learn how we can help.
