TrustedSec - Comprehensive Analysis Report

Summary

TrustedSec is a globally recognized cybersecurity consulting firm, founded in 2012 by David Kennedy. With a mission to defend enterprises against all types of attacks and enhance the overall security sector, the company aims to make the world a safer place. TrustedSec offers a comprehensive suite of security consulting services to businesses of varying sizes across diverse industries, including technology, finance, healthcare, automotive, and manufacturing, and also consults for governments and trains the US military's Cyber Protection Teams. The firm is distinguished by its human-centric and "threat-actor-centric approach" to technical security testing, emphasizing the ethical character and deep expertise of its consultants over sole reliance on automated solutions. This approach enables them to uncover subtle vulnerabilities that automated tools might overlook, solidifying their significance in the global cybersecurity landscape.

1. Strategic Focus & Objectives

Core Objectives

TrustedSec's core objectives revolve around elevating the security posture of organizations globally. Their main business objectives include:

• Developing Cybersecurity Programs: Assisting clients in building and maturing robust cybersecurity frameworks designed to protect against evolving threats.

• Performing Cyber-Attack Simulations: Conducting advanced penetration testing, red teaming, and purple teaming exercises to identify vulnerabilities proactively.

• Delivering Incident Response: Providing rapid and intelligence-driven incident response services to contain breaches and restore operations efficiently.

• Conducting Digital Forensic Investigations: Performing thorough investigations to understand the scope and impact of security incidents.

• Strategic Risk Management: Implementing long-game strategies and client-defined success metrics, prioritizing empathy and honesty in their security approach.

Their long-term goals involve continuous engagement with clients across strategy, planning, policies, compliance, regulation, education, awareness, security operations, and infrastructure hardening.

Specialization Areas

TrustedSec's key areas of expertise include:

• Offensive Security: Unsurpassed technical assessment services, including penetration testing, purple teaming, and red teaming.

• Human-Centric Security Testing: Leveraging the ethical character and real-world experience of consultants to find weaknesses beyond automated scans.

• Active Directory and Identity Security: Enhanced capabilities in securing identity infrastructures and Microsoft cloud environments, especially strengthened by the acquisition of Trimarc.

• Incident Response & Digital Forensics: Providing expertise in responding to and investigating sophisticated cyber threats, including ransomware and state-sponsored attacks.

• Cybersecurity Program Development: Designing and implementing custom security programs tailored to unique client needs.

• Adversary Simulation: Continuously adapting to adversaries through dedicated research and the development of practical Tactics, Techniques, and Procedures (TTPs).

Target Markets

TrustedSec serves a broad array of market segments, including:

• Fortune 500 Companies and Large Enterprises: Advising major brands across technology, finance, healthcare, automotive, and manufacturing industries.

• Government Entities: Providing consulting services to government bodies.

• US Military: Training Cyber Protection Teams.

• Small and Medium Businesses (SMBs): Offering tailored security solutions to organizations of all sizes.

Their market positioning strategy emphasizes being a trusted partner that provides actionable, unbiased, and results-oriented security services, moving beyond a typical vendor-client relationship to focus on long-term client success and security maturity.

2. Financial Overview

Funding History

TrustedSec is a privately held company and has historically not raised external funding. The company maintains an estimated annual revenue in the range of $50 million to $100 million.

3. Product Pipeline

(This section is omitted as TrustedSec is primarily a cybersecurity consulting firm and does not have a traditional "product pipeline" in the typical sense. Their innovation focuses on service methodologies and open-source tools.)

4. Technology & Innovation

Technology Stack

TrustedSec's innovative edge stems from its human-led approach to security testing, prioritizing the deep understanding and real-world experience of its consultants. This methodology is critical for identifying vulnerabilities that automated scanners might miss. The company also invests heavily in a dedicated research team that collaborates with client-facing units, generating practical Tactics, Techniques, and Procedures (TTPs) to bolster client security and contribute to the broader industry.

Proprietary Developments

While primarily a consulting firm, TrustedSec develops and releases several open-source tools that contribute significantly to the cybersecurity community and advance industry knowledge. These tools include:

• The Social Engineering Toolkit (SET): A widely utilized powerful tool for social engineering.

• Specula: A Command and Control (C2) framework that operates via the Outlook home page feature.

• JS-Tap: Provides a generic JavaScript payload and supporting software for red teams to attack web applications and capture sensitive data.

• WPUPDATE: A Linux service designed for automatic WordPress version checks.

• TSCOPY: A Python script used to parse the NTFS $MFT file for locating and copying specific files.

• TRUSTEDSEC ATTACK PLATFORM (TAP): A reliable method for deploying droppers on an infrastructure to establish connections to an organization.

• SPRAYWMI: An efficient tool for gaining mass shells on systems supporting WMI without leaving significant forensic remnants.

• SPOONMAP: A wrapper script implementing IDS evasion techniques and service discovery methodologies for penetration testing.

• SIMPLYEMAIL: A tool for email reconnaissance that offers similar capabilities to other well-known tools.

• SHARED HOST INTEGRATED PASSWORD SYSTEM (SHIPS): A local superuser or administrator password manager.

• RISINGSUN: A SUNBURST C2 decoder and Host ID encoder for attributing C2 domains to SolarWinds servers.

• COFFLoader: An open-source Beacon Object File (BOF) loader that enables short-lived capabilities to run in the main implant thread, reducing malicious indicators associated with new thread creation or process injection. It forms a basis for BOF support in various public and commercial implants and offers support for Linux/OSX targets through ELFLoader.

TrustedSec further demonstrates innovation by offering Large Language Model (LLM) Assessment services. They actively explore the cutting-edge use of AI in vulnerability research, exploit development, and comprehensive cybersecurity defense, and discuss the ethical implications and future of AI-driven hacking and defense through platforms like their "Security Noise" podcast. They leverage Retrieval-Augmented Generation (RAG) to enhance research capabilities, integrating retrieval-based models with generative AI for accurate and context-aware responses.

5. Leadership & Management

Executive Team

TrustedSec's leadership team is composed of highly skilled and experienced professionals:

• David Kennedy (Founder & CEO): A cybersecurity subject matter expert with over 19 years of experience, a former Chief Security Officer for a Fortune 1000 company, and a veteran of the United States Marine Corps specializing in cyber warfare and forensics. He is the creator of several open-source tools, including The Social-Engineer Toolkit (SET). Kennedy has testified before Congress and is a recognized voice in cybersecurity through national media appearances.

• Erin Kennedy (Co-founder & Vice President of Finance): As co-founder, Erin provides the foundational financial backbone of TrustedSec, sharing responsibility for the company's success through her financial expertise and team-building skills. She is also a co-founder of DerbyCon.

• Justin Elze (CTO & Director, Research): Leads the company's technological direction and research initiatives.

• Brian Cantrell (Chief Operating Officer): Possesses over 8 years of operations management experience in cybersecurity, complemented by 11 years in business and retail banking sales management. He also has 6 years of tech-focused experience in datacom and eCommerce.

• Martin Bos (CSO & VP of Consulting Services): Oversees the company's security operations and leads its consulting services.

• Chris Boesch (VP, Sales and Marketing): Directs the sales and marketing strategies for the firm.

• Ryan Burnheimer (VP, Business Development): Responsible for driving business development initiatives.

• Kim DeSimone (Director Of Human Resources): Leads the human resources department, focusing on talent management and employee welfare.

• Jessica Archer (Director of Sales): Leads the sales department.

• Jason Ashton (Practice Lead, Training & Mentorship): Focuses on developing and leading training and mentorship programs within the company.

• Rockie Brockway (Director of Advisory Innovation): Leads advisory innovation efforts.

• Suzanne Burdick (Director of Finance): Contributes to the financial management of the company.

• Paul Burkeland (Practice Lead, Force Cloud Security): Leads the Force Cloud Security practice.

• Ryan Macfarlane (Incident Response Practice Lead): Appointed in November 2025, Macfarlane brings over 20 years of cyber experience from the FBI, where he bridged law enforcement, intelligence, and private sector coordination. He leads rapid response operations, digital forensics, and threat hunting for clients across critical industries.

Recent Leadership Changes

In November 2025, TrustedSec appointed Ryan Macfarlane, a former FBI unit chief with over two decades of cyber experience, as their Incident Response Practice Lead. This is a significant addition aimed at strengthening the company's global defenses against ransomware, state-sponsored attacks, and AI-driven threats.
Additionally, following the acquisition of Trimarc in March 2025, Sean Metcalf, the CEO and founder of Trimarc and a Microsoft Certified Master in Active Directory, officially joined TrustedSec, contributing his specialized expertise to enhance the firm's service offerings.

6. Talent and Growth Indicators

Hiring Trends and Workforce

TrustedSec, with an employee count ranging from 51 to 200, focuses on hiring top-tier talent in the industry. The company boasts a purpose-driven culture, emphasizing ethical standards, technical skill, and dedication to the information security community. They offer flexibility, with many employees working remotely and locals having the option for hybrid work at their newly constructed headquarters in Fairlawn, Ohio.

The company's career page encourages prospective employees to "join our team" and highlights the importance of its people as its most valuable asset. While specific current open positions fluctuate, roles like Cloud Pentester/Security Consultant are indicative of their recruitment efforts to support growth in specialized areas like cloud security. Employee sentiment indicates an inspiring workplace, where individuals feel motivated and supported, with a strong culture of celebrating wins and sharing positive moments, likened to "one big family" as the company continues to grow. TrustedSec grew its employee count by 2% in the last year.

7. Social Media Presence and Engagement

Digital Footprint

TrustedSec maintains an active and professional digital footprint across various social media platforms, engaging with both the cybersecurity community and potential clients.

• LinkedIn: TrustedSec leverages LinkedIn for professional networking, sharing industry insights, company news, and thought leadership articles. They highlight their team members and reinforce their brand messaging around expertise and ethical conduct.

• Twitter/X: The company uses Twitter/X to disseminate real-time information, often commenting on emerging threats, cybersecurity news, and promoting their research and tools.

• Blog and Resources: TrustedSec's official website features an extensive blog and resource section, providing in-depth articles, whitepapers, and guides on various cybersecurity topics, further establishing their thought leadership.

Brand Messaging and Positioning

TrustedSec's brand messaging emphasizes its unique, human-centric, and threat-actor-centric philosophy to cybersecurity. They differentiate themselves by offering pragmatic, positive, and personalized solutions, rejecting fear-based pitches and out-of-the-box security solutions. Their core message revolves around empowerment, enablement, and doing what's right to build a more secure world. They also highlight their culture, expertise, and commitment to the community.

8. Recognition and Awards

Industry Recognition

TrustedSec has received significant accolades and recognition within the cybersecurity industry:

• Forrester Wave™: Cybersecurity Consulting Services, Q2 2024: Recognized as a leader, receiving the highest overall score among 15 significant service providers. The report praised TrustedSec's "threat-actor-centric approach" and hailed its technical assessment services (penetration testing, purple teaming, red teaming) as "unsurpassed." TrustedSec achieved the highest possible score in 14 categories, including Vision, Innovation, Talent strategy, Alignment with client CISO needs, Customer retention and satisfaction, Cybersecurity upskilling for customers, Securing emerging technology capabilities, and Technical security assessment delivery.

• CREST Certification for Penetration Testing: Achieved in April 2025, this internationally respected accreditation affirms TrustedSec's commitment to the highest standards in security testing, ethical conduct, and methodology. This certification is crucial for meeting regulatory compliance under frameworks like PCI DSS, GDPR, and NIST.

• Official Cybersecurity Provider for the Cleveland Cavaliers.

• Cybersecurity Partner Excellence Award: Honored with this award at the Greater Cleveland Partnership's Best of Tech Awards for 2024.

• Recognized as one of the largest dedicated cybersecurity consulting firms in the world.

• David Kennedy, the founder and CEO, has twice testified before Congress as a cybersecurity expert witness and was a technical advisor for "The Mr. Robot show."

9. Competitive Analysis

Major Competitors

TrustedSec competes in a vibrant and growing cybersecurity consulting market. Its key differentiators include its human-centric, threat-actor-centric approach, deep offensive security expertise, and commitment to open-source contributions. Competitors may vary based on specific service areas (e.g., penetration testing, incident response, advisory).

Based on industry presence and similar service offerings, some major competitors include:

• Insight Assurance: Highlighted as a top alternative, specializing in comprehensive security and compliance services.

• SHI: A global technology solutions provider offering a range of IT and security services.

• Johanson Group: Known for integrity, efficiency, and flexibility in auditing, particularly for governance, risk management, and compliance (GRC) requirements.

• 7 Layer Solutions: A cybersecurity firm providing various security services.

• PlutoSec: A cybersecurity firm specializing in web application penetration testing, API security, and cloud infrastructure protection.

• RSA Services: Offers various security and risk management solutions.

• SecurityMetrics: Specializes in PCI DSS compliance, penetration testing, and forensic investigations.

• Corsica Technologies: Provides managed IT and cybersecurity services.

• Vault Infosec, StratusCore, CadmiumGulf: Also identified as primary competitors.

• Other prominent consulting firms: Such as Red Siege, InGuardians, Lares, Black Hills Information Security, Counter Hack, and Atredis Partners, frequently mentioned in the context of top-tier penetration testing companies.

TrustedSec's competitive positioning is strengthened by its "Red Team" capabilities, open-source tool contributions, and strong leadership reputation, particularly that of its founder, David Kennedy.

10. Market Analysis

Market Overview

The global cybersecurity consulting services market is experiencing significant growth, driven by the escalating frequency and sophistication of cyber threats, stringent regulatory requirements, and the increasing complexity of digital environments.

• Market Size & Growth: The global cybersecurity consulting services market was valued at approximately USD 24.04 billion in 2025. It is projected to grow from USD 26.79 billion in 2026 to USD 63.78 billion by 2034, exhibiting a Compound Annual Growth Rate (CAGR) of 11.45% during this period. Other reports estimate the market size for 2026 between USD 17.10 billion and USD 17.47 billion, with CAGRs ranging from 8.9% to 18.91% through to 2031-2035. The managed security services (MSS) market, a closely related segment, is also projected for strong growth, expanding from USD 39.47 billion in 2025 to USD 66.83 billion by 2030, at a CAGR of 11.1%.

• Key Market Trends:

• AI in Cybersecurity: Artificial intelligence (AI) will drive both offensive and defensive cybersecurity strategies, with AI-powered tools enabling faster and more precise attacks, while defenders use AI agents to enhance security operations. TrustedSec is actively exploring the use of AI in vulnerability research, exploit development, and defense.

• Continuous Monitoring and Cloud-Native Architectures: A significant rise in cloud-native architectures with continuous authentication and monitoring will become the default, feeding real-time data into AI systems for improved protection.