Improve Enterprise Security
Detect & Mitigate Modern Attack Methods

Enterprise Security Posture Assessment

Trimarc ESP is an enterprise security service that merges offensive and defensive disciplines to identify escalation and access paths. We discover gaps in security monitoring and risky behaviors which allow threats like ransomware to extort, manipulate, or compromise high value assets and data critical to the business.

Virtual Infrastructure Security Assessment
Security Folder

The Trimarc VISA involves the analysis of critical VMware security components and capabilities which includes vCenter and ESXi configuration & administration.


Microsoft Cloud

Security Assessment

clouds and trimarc shield

The Trimarc MCSA performs in-depth analysis of the Azure AD & Microsoft Office 365 tenant security configuration to include administration, application permissions & consent, and access controls.

Active Directory Security Assessment


The Trimarc ADSA is a comprehensive analysis of Active Directory security which discovers and identifies issues that attackers could potentially leverage to elevate privileges, compromise the environment and persist.

trimarc dragon

Trimarc is a professional services company based out of Washington, DC that helps organizations secure their Microsoft platform, both on-premises and in the cloud. Founded by Sean Metcalf, a Microsoft Certified Master in Active Directory, Trimarc's mission is to help organizations better secure their critical IT infrastructure. We focus on a “reality-based security model” which targets attacker tactics and how to best stop them. Our methodology identifies security issues in an organization attackers could exploit to fully compromise the environment and provide custom recommendations to effectively mitigate these issues.

​Trimarc Expertise

Trimarc provides leading security expertise on Identity and infrastructure platforms which include the systems on which most organizations around the world depend. Our team has extensive knowledge and expertise across Active Directory, Azure AD, Microsoft Office 365, and VMware.

The Trimarc team is comprised of subject matter experts and many have 10 to 20 years of operational experience with the platforms on which we focus. Trimarc's core value proposition to customers is that we understand the operational concerns and issues in addition to having the security vision to discover issues. This means Trimarc recommendations are feasible and actionable.


All of our services are driven by our renowned security research that has helped drive the implementation of effective protection measures for organizations reliant on Microsoft technologies.


From Active Directory to the Microsoft Cloud (Azure AD & Microsoft Office 365) to VMware, Trimarc has the knowledge and expertise to help improve your security posture. Our focus on the systems that enable today’s business positions us to effectively assess and improve enterprise security.

Trimarc’s unique methodology leverages a combination of our people, proprietary assessment tools, and process that results in the most comprehensive security assessments on the market


Concerned About Ransomware?
Trimarc’s security assessments provide detailed guidance that improves defense which mitigates the effectiveness of attacks including ransomware.

Trimarc Webcast: Issues with Identity Security – a Trimarc Panel  A discussion around Ransomware, Rights, & Remediation

Thursday, July 28th
2:00 – 3:00pm Eastern

This webcast will include some highlights based on the Trimarc team’s knowledge and experience from numerous assessments we have performed over the years covering Active Directory, Azure AD, & VMware.

The Trimarc panel will also discuss topics including ransomware, current attack methods, defensive strategies, and take questions from attendees. This webcast's format is structured to allow for moderated questions as well as "open mic" questions.

Abstract Futuristic Background

"During the height of the SolarWinds attack [...] Trimarc was instrumental in helping CISA understand the byzantine nature of identity management."

CISA presentation.png

Jen Easterly

Director, CISA

Cybersecurity and Infrastructure Security Agency