CISO Information
Trey Blalock is a highly respected Chief Information Security Officer and security researcher who has performed extensive work in almost every security domain for some of the world's largest corporations and governments. Trey has trained thousands of people on advanced security topics. He has managed all aspects of security for one of the world's largest financial transaction hubs, performed hundreds of penetration tests for Fortune 500 companies, and has performed forensics for several high-profile cases such as "Donald Vance vs. Donald Rumsfeld." He also specializes in defending large-scale systems from advanced threat actors. Trey currently serves on several forensic, red teaming, and penetration testing advisory boards and is a frequent guest on television. He has also recently served as the CISO for Coinstar and Cognira.Highlights
I served as Chief Information Security Officer for Coinstar, the global leader in self-service coin counting and operator of the world's largest Bitcoin ATM network. At Coinstar, I managed several teams across multiple projects during a major overhaul of the company's infrastructure. I also made significant architectural changes to protect over 25,000 kiosks and data operations on several cloud platforms, reducing the attack surface by more than 95%. I modernized defenses to protect against ransomware and Advanced Persistent Threats (APTs) and developed talent to automate security operations.
Through my consulting practice, I have managed hundreds of security events for companies, including dozens of ransomware events, security breaches, denial-of-service attacks, and over one hundred forensic incidents. I have served as a Computer Forensic Expert Witness for the U.S. Department of Justice on multiple cases, including handling all aspects of computer forensics on some high-profile cases such as "Donald Vance vs. Donald Rumsfeld," "John Doe vs. Donald Rumsfeld" and "American Boat Company vs. United States.
I've done projects for the following companies: AIG, AT&T, BBC, Best Buy, CareerBuilder, CenturyLink, Citizens Property Insurance, Coinstar, HP, McGraw Hill, McKesson (Canada), ModusBox, Multiple banks and credit unions, Pfizer, Sainsbury's (U.K.), Saint Jude's Children's Hospital, Service Master, State of California, State of Georgia, State of Wisconsin, T-Mobile, Target, Toys-R-Us, U.S. Department of Justice, Walgreens, and World Vision.
I've taught security classes to the following organizations: AT&T, BCBS, BECU, CIA, CISA, DHS, DIA, FBI, IBM, NSA, RCMP, T-Mobile, U.S. Air Force, U.S. Army, U.S. Marines, U.S. Navy, U.S. Secret Service. Additionally, I have trained numerous Fortune 500 companies in the U.S. and Europe on various security topics and frequently do public speaking and Television segments on advanced security topics. You can see a list of recent talks by following the link below.
I frequently work on compliance projects involving the following standards: PCI-DSS v4.0, HIPAA, HITRUST, SOC2, SOC3, SOX, NIST sp800-34, NIST sp800-53, NIST-CSF, CPNI, GDPR, CCPA, FFIEC, NCUA, ISO/IEC 27001, ISO/IEC 27002, ISO 27799:2016, NERC CSS, GLBA, COBIT, OWASP, SANS, MITRE ATT&CK, MITRE D3FEND, MITRE ATLAS
Professional Certifications
- GIAC GWAPT (Global Information Assurance Certification) GIAC Web Application Penetration Tester # 3845
- GIAC GCPN (Global Information Assurance Certification) GIAC Certified Cloud Penetration Tester # 1349
- GIAC GPEN (Global Information Assurance Certification) GIAC Certified Penetration Tester # 2089
- GIAC GCTI (Global Information Assurance Certification) GIAC Cyber Threat Intelligence # 1977
- GIAC GPCS (Global Information Assurance Certification) GIAC Public Cloud Security # 64
- GIAC GCFA (Global Information Assurance Certification) GIAC Certified Forensic Analyst # 355
- CISA Certified Information Systems Auditor # 0862743
- CISM Certified Information Systems Manager # 0910809
- CRISC Certified in Risk and Information Systems Control # 1620233
- CISSP Certified Information Systems Security Professional # 11246
- SSCP System Security Certified Practitioner # 23259
- NSA-IAM National Security Agency Information Assessment Methodology certified as of 09/13/02