Why TrustFoundry?

Our assessments leverage extensive knowledge gained from over three decades of penetration testing experience, in addition to professional software development and IT consulting backgrounds. This familiarity and insight enable us to understand and provide guidance for our customers. Experience often does not equate to excellence, but experience combined with a passion for security is what inspires and compels TrustFoundry to deliver exceptional work.

In combination with regularly performing assessments, TrustFoundry also hones its skillset by contributing to security research, software development, and closely engaging with industry organizations.

Our goal is raising the bar for customer satisfaction while helping our customers thoroughly secure their organizations faster and more efficiently than ever before.

About TrustFoundry

About Us

Trust Foundry Logo

TrustFoundry is an information security firm predominantly focused on application penetration testing and network penetration testing. We are based in Overland Park, Kansas, a suburb of Kansas City.

TrustFoundry was founded on the core principle that our advanced and pragmatic understanding of today’s challenges, based on extensive industry experience and involvement, allows us to deliver the most comprehensive and effective results for our customers.

We have worked successfully with organizations from Fortune 100 enterprises to small startups in a large variety of areas, delivering hundreds of significant and meaningful assessments in our years of experience.

Our mission throughout customer engagements is to improve security as efficiently as possible, which involves carefully listening and understanding our customers. Our attention to customers’ challenges, focus on intelligent solutions, and our genuine passion for security drive us to consistently deliver outstanding results.

Experience

Our assessments leverage extensive knowledge gained from over three decades of penetration testing experience, in addition to professional software development and IT consulting backgrounds. This familiarity and insight enable us to understand and provide guidance for our customers. Experience often does not equate to excellence, but experience combined with a passion for security is what inspires and compels TrustFoundry to deliver exceptional work.

In combination with regularly performing assessments, TrustFoundry also hones its skillset by contributing to security research, software development, and closely engaging with industry organizations.

Our goal is raising the bar for customer satisfaction while helping our customers thoroughly secure their organizations faster and more efficiently than ever before.

Reasons Our Customers Choose TrustFoundry

  • Testing coverage: Quite simply, we find vulnerabilities that many others miss. If your threat model calls for protection against advanced attackers, our depth of coverage will help you direct resources to effectively secure your sensitive data, assets and products.
  • Ability to understand complex environments: Applications and environments are getting increasingly complex. It is not uncommon today to see over ten deployed technologies in use in a single application. For example, currently it is routine to test a mobile application written in several languages based on a mobile framework that uses custom authentication and authorization, custom cryptography, and communicates over WebSockets to a server deployed in AWS, which itself is using a variety of technologies. Our “full stack” understanding equips us to examine each item and identify vulnerabilities in the design and implementation of each component.
  • Understanding of how vulnerabilities impact your environment: We don’t simply apply a checklist to your application or network, we think through each vulnerability in effort to determine the actual impact. This allows us to eliminate false positives that are often erroneously reported and identify vulnerabilities that frequently go unnoticed.
Contact TrustFoundry Today

Looking for proven professionals in the industry?

TrustFoundry has successfully worked with both Fortune 100 enterprises and small startups in a large variety of areas.
Contact TrustFoundry Today

Meet the Breakers

Alex Lauerman
Alex LauermanSecurity Consultant
Alex has more than four years of software development experience, and eleven years of penetration testing experience. Alex collaborates closely with organizations of all sizes in securing web, mobile and thick client applications, in addition to penetration testing networks and devices. Alex specializes in fulfilling challenging engagements that require multiple sets to complete. He enjoys cryptography, software defined radio, reverse engineering, exploitation, and developing tools that can efficiently and effectively solve security problems at scale. Alex has presented at both regional and national security conferences, such as SecKC, SecureWorld Kansas City, and BlackHat USA. Alex’s research has been covered by various local and national news organizations.

When not on the computer, he enjoys mountain biking, being outdoors, and continuously learning by reading books and leveraging the awesome resources we have available today.

Alex founded SecKC, which is a non-profit organization which is designed to foster information security in Kansas City with over 1,000 attendees annually. In addition to fostering growth in the area, Alex is also strongly interested in security research and solving challenging security problems in ways that efficiently and effectively improve security. Alex is an Offensive Security Certified Professional (OSCP) and has a B.S. in Computer Science from the University of Kansas.

Matt South
Matt SouthSecurity Consultant
Matt is a penetration tester from Kansas City, Missouri. He specializes in web and mobile application testing, but loves all things security.

He has been an amateur security enthusiast since childhood and was a regular 2600 attendee. After graduating The University of Kansas with a B.S. in Computer Science, Matt spent 6 years as an IT Consultant to local businesses in Kansas City. In 2013, he combined his knowledge of business systems and love for security to become a penetration tester for TrustFoundry. Since then, he has hacked on hundreds of systems. He’s given talks at security events such as SecKC and TriKC. He also had the privilege to present a tool of his own design at BlackHat USA 2015 and another at BlackHat USA 2017. He achieved the Offensive Security Certified Professional (OSCP) certification in 2018.

When he’s not hacking, you can find Matt fishing with family, traveling with his wife, or killing plants in his garden.

Matt’s favorite types of exploits to find are business logic flaws that an automated scanner would miss. He enjoys asking and answering security-related questions to share knowledge and improve the security community overall. Matt takes the most pride in his reporting because he has the chance to clearly explain the issues to help customers improve their security posture.

Nick Fox
Nick FoxSecurity Consultant
Nick has experience conducting network and application penetration tests for a wide variety of clients, including Fortune 500 companies. Nick works with clients to provide a clear description of security issues and advice on the steps needed for remediation. Drawing on his background as a system administrator, Nick specializes in finding vulnerabilities in enterprise domains and helping to improve system infrastructure. Nick also has a strong programming background and conducts source code audits for companies’ internal and external applications to ensure secure coding practices.

In his free time, Nick likes to read books and listen to podcasts about technology, computer science, and hacking, and frequently competes in Capture-the-Flag (“CTF”) competitions to further develop and sharpen his skills. Nick is also an active security researcher, spending evenings and weekends analyzing commonly used applications for undiscovered vulnerabilities.

Nick has a B.A. from the University of Cincinnati and holds several industry certifications, including Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), CREST CSPA, CREST CRT, CompTIA Security+, CompTIA Network+, and CompTIA A+.

Tyler Rosonke
Tyler RosonkeSecurity Consultant
Tyler is a security professional based in Omaha, Nebraska. His main area of focus is in penetration testing. He loves learning and scripting his way out of a tight spot, which makes this area of security right up his alley. Tyler graduated from the University of Nebraska at Omaha with a B.S. in Information Assurance in 2014.

After graduating, he spent a year on a Red Team for a Fortune 200 company. This position allowed him to not only sharpen his technical skills, but his security evangelism as well. Tyler has completed the Penetration Testing with Kali Linux challenge and has obtained his Offensive Security Certified Professional (OSCP) certification. Tyler is highly involved with the security community. He has contributed to open source projects, he has spoken at security conferences (DefCon), and he writes/operates the ZonkSec security blog.

If Tyler is not banging his head against his monitor, you’ll likely find him in a garage banging his head against a vintage 2-stroke moped or wandering around in the great outdoors.

Bucky Spires
Bucky SpiresSecurity Consultant
Bucky is a penetration tester with a focus in web and mobile application security testing. Bucky has over fifteen years of experience in the information security industry with the last twelve years focused on application security and penetration testing. Bucky has worked with a variety of Fortune 500 clients to improve their application security posture. Bucky particularly enjoys developing exploit chains that provide realistic attack scenarios, and likes reverse engineering complex applications.

Previously, Bucky led the mobile application security practice at two large security consulting firms. Bucky also enjoys automating security testing and has previously held research and development positions at SPI Dynamics and Tenable, where he wrote web application vulnerability checks for WebInspect and Nessus.

Samuel CurrySecurity Consultant
Samuel is a web application security researcher from Omaha, Nebraska. He has over two years of experience in developing web applications and four years of experience penetration testing them.
Over the last three years, he has worked closely with organizations in identifying and reporting security vulnerabilities. In his free time, he runs a blog dedicated to security research and additionally has given talks regarding his work. Samuel is involved with local groups like DC402, NULLify, and OWASP Omaha.
In the past, Samuel has participated in various bug bounty programs and competed in live hacking events organized by platforms like HackerOne and Bugcrowd. On the weekends, he helps organize University of Nebraska at Omaha’s Cyber Security club.