Trey Blalock
Chief Information Security Officer, cybersecurity executive, and security researcher with deep experience in ransomware defense, APT resilience, cloud architecture, and large-scale security operations.
Trey Blalock is a highly respected Chief Information Security Officer and security researcher who has performed extensive work across nearly every major security domain for some of the world's largest corporations and governments. He has trained thousands of people on advanced security topics, managed all aspects of security for one of the world's largest financial transaction hubs, performed hundreds of penetration tests for Fortune 500 companies, and handled forensics on high-profile matters including Donald Vance vs. Donald Rumsfeld. He also specializes in defending large-scale systems from advanced threat actors and has recently served as CISO for Coinstar and Cognira.
Highlights
Trey served as Chief Information Security Officer for Coinstar, the global leader in self-service coin counting and operator of the world's largest Bitcoin ATM network. At Coinstar, he managed several teams across multiple projects during a major overhaul of the company's infrastructure. He also made significant architectural changes to protect more than 25,000 kiosks and data operations across several cloud platforms, reducing the attack surface by more than 95 percent.
Through his consulting practice, he has managed hundreds of security events for organizations, including dozens of ransomware incidents, security breaches, denial-of-service attacks, and more than one hundred forensic matters.
He has served as a computer forensic expert witness for the U.S. Department of Justice on multiple cases, including handling all aspects of computer forensics on matters such as Donald Vance vs. Donald Rumsfeld, John Doe vs. Donald Rumsfeld, and American Boat Company vs. United States.
Selected Experience
- Former CISO for Coinstar and Cognira
- Managed security modernization across large, complex environments
- Reduced attack surface for 25,000+ kiosk systems by more than 95%
- Hundreds of penetration tests for Fortune 500 organizations
- Extensive ransomware, breach, and forensic response leadership
- Frequent television guest and advisory board participant
Representative Clients, Training, and Frameworks
Trey has completed projects for organizations including AIG, AT&T, BBC, Best Buy, CareerBuilder, CenturyLink, Citizens Property Insurance, Coinstar, HP, McGraw Hill, McKesson Canada, ModusBox, Pfizer, Sainsbury's U.K., Saint Jude Children's Hospital, ServiceMaster, multiple banks and credit unions, State of California, State of Georgia, State of Wisconsin, T-Mobile, Target, Toys R Us, the U.S. Department of Justice, Walgreens, and World Vision.
He has taught security classes to organizations including AT&T, BCBS, BECU, CIA, CISA, DHS, DIA, FBI, IBM, NSA, RCMP, T-Mobile, the U.S. Air Force, U.S. Army, U.S. Marines, U.S. Navy, and U.S. Secret Service, along with numerous Fortune 500 companies in the U.S. and Europe.
He frequently works on compliance and governance initiatives involving PCI-DSS v4.0, HIPAA, HITRUST, SOC 2, SOC 3, SOX, NIST SP 800-34, NIST SP 800-53, NIST CSF, CPNI, GDPR, CCPA, FFIEC, NCUA, ISO/IEC 27001, ISO/IEC 27002, ISO 27799:2016, NERC, GLBA, COBIT, OWASP, SANS, MITRE ATT&CK, MITRE D3FEND, and MITRE ATLAS.
Professional Certifications
- GIAC GWAPT GIAC Web Application Penetration Tester #3845
- GIAC GCPN GIAC Certified Cloud Penetration Tester #1349
- GIAC GPEN GIAC Certified Penetration Tester #2089
- GIAC GCTI GIAC Cyber Threat Intelligence #1977
- GIAC GPCS GIAC Public Cloud Security #64
- GIAC GCFA GIAC Certified Forensic Analyst #355
- CISA Certified Information Systems Auditor #0862743
- CISM Certified Information Systems Manager #0910809
- CRISC Certified in Risk and Information Systems Control #1620233
- CISSP Certified Information Systems Security Professional #11246
- SSCP System Security Certified Practitioner #23259
- NSA-IAM National Security Agency Information Assessment Methodology certified as of 09/13/02