Built by a CISO. Run by a Pen Tester.

Trailhead Security brings enterprise-grade security assessment methodology to mid-market companies. Led by Brendon McCaulley, a CISSP with 20 years in security and 10 years as a CISO.

The Founder

Brendon McCaulley, CISSP — Founder, Trailhead Security

Brendon McCaulley, CISSP

Brendon McCaulley is a CISSP-certified security executive and the founder of Trailhead Security. He brings more than 15 years of enterprise security leadership experience from the fintech and payment processing industry — an environment where regulatory scrutiny, fraud exposure, and uptime requirements demand security programs that actually work.

He has served as a CISO and senior security leader at three major organizations:

  • Heartland — one of the largest U.S. payment processors, with PCI-DSS compliance and breach response at scale
  • Optum / VPay — healthcare payments division of UnitedHealth Group, operating under HIPAA, SOC 2, and financial services security requirements
  • ConnexPay (current) — fintech issuing and acquiring platform, serving as CISO and building security architecture from the ground up

After years of managing pen test vendors from the client side, Brendon saw a consistent gap: assessments that were slow, expensive, and delivered reports that sat on a shelf. Trailhead Security exists to change that.

"The person who used to hire pen testers — and was frustrated with what he got — is now the one doing the testing."
  • CISSP certified
  • Active CISO at ConnexPay
  • ISSA North Texas chapter leadership
  • Speaker at FutureCon
  • Texas A&M BBA, SMU MBA

What Trailhead Security Is

Trailhead Security is a boutique penetration testing and security advisory firm based in Dallas-Fort Worth, Texas. We serve mid-market organizations in financial services, healthcare, and SaaS that need senior security expertise without enterprise-scale pricing.

We are not a large consulting firm. We do not staff engagements with junior analysts. We do not crowdsource testing to an anonymous pool. Every engagement is led by Brendon, supported by proprietary tooling built specifically for this kind of work.

Our AI-assisted delivery platform automates the discovery and normalization phases of every engagement. Every finding is reviewed by Brendon before it goes into the report. The result: enterprise-quality findings, delivered faster, at a price mid-market CFOs can approve.

Our Principles

Human Accountability on Every Engagement

AI assists. Brendon validates. No finding reaches you without a senior analyst reviewing it.

Scope Discipline

We do not sell engagements we cannot execute well. If your scope does not fit our current capabilities, we will tell you before taking your money.

Compliance-Ready Output by Default

Every report is formatted for your auditor. Compliance mappings are not an add-on.

No Overselling

We do not make claims about AI we cannot support with methodology. We do not promise outcomes we cannot guarantee. We tell you what we found and how to fix it.

Work With Us

We'll scope your engagement in 30 minutes and have a proposal to you within 48 hours.

Schedule a Scoping Call