Last Update

This profile was last updated on 9/8/2016 and contains contributions from the  Zoominfo Community.

is this you? Claim your profile.

Wrong Rick Hayes?

Rick Hayes

Practice Lead

TrustedSec LLC

Email: r***@***.com


+ Get 10 Free Contacts a Month

Please agree to the terms and conditions.

I agree to the  Terms of Service and  Privacy Policy. I understand that I will receive a subscription to ZoomInfo Grow at no charge in exchange for downloading and installing the ZoomInfo Contact Contributor utility which, among other features, involves sharing my business contacts as well as headers and signature blocks from emails that I receive.


  • 1.Download
    ZoomInfo Grow
    v sign
  • 2.Run Installation
  • 3.Check your inbox to
    Sign in to ZoomInfo Grow

I agree to the Terms of Service and Privacy Policy. I understand that I will receive a subscription to ZoomInfo Community Edition at no charge in exchange for downloading and installing the ZoomInfo Contact Contributor utility which, among other features, involves sharing my business contacts as well as headers and signature blocks from emails that I receive.

TrustedSec LLC

Company Description

TrustedSec, LLC was created on the belief that the information security industry is in need of extremely tailored and niche services aimed around maturing a company's security program. The founder, David Kennedy, started off his career working for the United S...more

Background Information

Employment History

Information Security Officer

Carter's, Inc.

Senior Manager

SecureWorks Inc

Web References(7 Total References)


Rick Hayes Leads Force Team
TrustedSec: Rick Hayes Leads Force Team Rick Hayes (@ISDPodcast) has joined the TrustedSec as the Practice Lead of the TrustedSec "Force" team. The Force team is TrustedSec's pentesters, hackers, and researchers. David Kennedy, TrustedSec CEO said, "We are truly excited to have Rick come aboard and bring his experience running the INFOSEC shop over at Dell SecureWorks where he was responsible for leading team as well as providing services in Vulnerability Assessments, Penetration Testing, Wireless Security, Application Security, Mobile Application Assessments, VoIP Security Assessments, Social Engineering, and Red-Teaming. Rick was one of the founding creators of the Information Security Daily Podcast (ISDPodcast) and has presented at conferences all around the country (including our favorite - DerbyCon). Rick will run the Force team which specializes and focuses on penetration testing, red teams, application security, mobile security assessments, social-engineering and more.

www.tinhanhsoft.com [cached]

"Motivated cyber-criminals are going to attack in every way possible," explained Rick Hayes, senior manager at Dell SecureWorks.
"Every Red Team engagement is customized around that individual industry and customer," Hayes explained. "A petro chemical company will have different concerns than an entertainment and media organization, so we adjust the program accordingly. For us, it's all about whatever is keeping that customer awake at night. That's what we want to test-that's where we want to uncover the risks." According to Hayes, to be effective, no more than a small subset of company leaders can know about the Red Team engagement until it's over. "Our intelligence team spends the first week collecting as much information related to the company, its employees and leadership as they can," Hayes said. "We find out the name of the phone provider, the security vendor, and the landscape company; the schedule for trash collection and mowing. We learn the power service, the physical security and whether or not armed guards secure the facility." The team compiles this information and uses it to build a threat model, and in subsequent weeks, does everything they can to get in and compromise that customers' data (with the knowledge of the customer point-of-contact). "Most company leaders are shocked to learn that their biggest weakness is almost always the human element and how much proprietary information employees reveal under the social web of trust," Hayes said. Helpful employees are also often more than willing to let a Red Team member, dressed as a cable provider or delivery person, into a secured facility without showing credentials. Equally effective is the "two-cups-of-coffee" attack, in which a Red Team member gains access through an employee entrance by saying he or she is bringing in coffee for a named executive (and even gets the door held open for him). "In one of our engagements, we were Red Team testing for a company that gave tours to the public," Hayes said. "One Red Team member posed as a tourist, excused himself to go to the restroom, planted a box in IT that tapped into the company network, and began transmitting data wirelessly to another Red Team member parked in a van outside before the tour was over." Of course, all of the revelations aren't around building access. "Another big surprise is often the lack of visibility that companies have into their systems-particularly legacy systems," Hayes said. "We've been able to extract a goldmine of data from legacy systems that everyone thought were shut down." One of the reasons Red Team Testing is so valuable is because it looks at everything. "Instead of concentrating on a vulnerability in the wireless network or a handful of applications, we provide full-spectrum testing-from attacking voice mail to gaining data center entry; from infiltrating systems to extracting data through social engineering," Hayes said. "We've had a customer who purchased a manufacturing facility in a foreign country that had a single VPN connection, and used us to test how far a perpetrator could get if the connection was compromised," Hayes said. "Other customers use Red Team Testing to vet new employees working with highly secure data to make sure that they are who they represented themselves to be." Whatever the reason, the leadership of companies and organizations of all sizes are embracing this methodology to get an objective, independent view of their security against the threats that concern them most. "We have never had a customer who didn't get value-and some new insight-out of the engagement," Hayes said. The Red on Blue Option But, what if a company is less mature and needs security consulting that goes beyond classroom theory? For these situations, Hayes recommends the "Red on Blue" (also known as Red, White and Blue) engagement. This engagement is a type of corporate war gaming, involving the Red Team and a Blue Team, or Instant Response team, who goes on site with company employees. The Red Team attempts to attack the client company, as it would in a traditional Red Team Test, with the Blue Team on site, defending against the attacks, along with a White Hat observer. "The White Hat observer coaches the employees in real time, showing them if they missed an indicator or what additional security precautions they need to take," Hayes said. "Security is a feeling, the knowledge that your assets are as safe as possible and that you've done everything you can to block attackers," Hayes said.


"Unfortunately, in today's attack climate, if you are an organization which is likely to be a target of hacktivism and you do not have an intelligence team monitoring the Internet on your behalf, you have to be prepared for far more than just one attack strategy," said Rick Hayes, Sr. Manager, Security and Risk Consulting for Dell SecureWorks.
"The cyber campaigns being launched by hacktivists today aren't merely consisting of a Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks (where large amounts of Internet traffic are directed at a website in hopes of knocking it offline)," continued Hayes. "Although we continue to see cases where hackers are breaking into organizations by entering through their vulnerable web applications," said Hayes, "The good news is we are seeing an uptick from small and medium businesses asking for our Web Application Scanning Service. I believe they have learned from some of the large and expensive public breaches, which have been a result of web application attacks, that it is cheaper in the long run to employ regular scanning of one's web applications and fix the vulnerabilities immediately so as to keep one's assets secure," continued Hayes.


In this webinar, Mike Rothman, President of Securosis and prolific security blogger, and Rick Hayes, Sr. Consultant for Cyber Intelligence Services at Dell SecureWorks, pair up to discuss the challenges ahead for organizations and how focused Threat Intelligence has a key role to play.

www.avega.ca [cached]

"Hackers, or 'hacktivists,' can use Social Media to try to figure out as much about a target as they can, and we as a society have been very generous in telling people where we are, what we are doing and so on," explains Rick Hayes, senior principal consultant, Dell SecureWorks, which partners with Allstream to provide Managed Security Services.
"Mobile devices are one of the biggest issues now," says Hayes. "There isn't anybody who doesn't have to worry about it," Hayes warns of the dangers posed by Social Media.

Similar Profiles


Browse ZoomInfo's Business
Contact Directory by City


Browse ZoomInfo's
Business People Directory


Browse ZoomInfo's
Advanced Company Directory