OWASP AppSec USA 2013

Bruno Gonçalves de Oliveira is a MSc candidate, computer engineer and senior security consultant at Trustwave’s SpiderLabs where his duties are mostly focused in offensive security, doing hundreds of penetration tests from common systems and environments to embedded and uncommon devices. Bruno loves german fast cars (a.k.a BMWs), good ol' Jack and also stout/ale beers. Previously spoken at THOTCON, SOURCE Boston, Black Hat DC, SOURCE Barcelona, DEFCON, Hack In The Box, ToorCon, You Sh0t the Sheriff and H2HC.

Hacker for Profit

Sreenarayan is currently working as an Independant Information Security Consultant. He was the principal researcher in the Mobile Application Security Team at Paladion, having developed Paladion's Android, iOS, Windows Mobile, BlackBerry Gray Box and Code Review checklists, and has trained 30+ engineers to detect security flaws in mobile applications. He has found flaws in leading Mobile-based financial applications and helped the respective organizations fix those vulnerabilities. He has authored many white papers on information security and network-related research, which have been published... Read more

As a Principal Consultant, Dan manages and defines Aspect Security's line of Assessment Services-- helping organizations quantify their security risks from design to implementation. He works with staff and clients to develop the team members and deliverables.

Dan holds a security clearance and directly supports a variety of client projects. He leads mobile security efforts, security architecture and design reviews, code reviews, and penetration testing for clients in Government, educational, airline, and financial sectors. His expertise spans an array of IT disciplines including: application s... Read more

40 years as an IT professional, mostly in financial services with the past 17 years in information security. Spent time at Mobil Oil in IT planning. Actively involved in cybersecurity at industry and national level. Testified before Congress in 2001. Honored by Computerworld (Premier IT Leaders Award and Best in Class Award), ISE (Luminary Leadership Award) and ISACA (Best Paper). Published five books, three on information security. Published more than 200 articles and columns. Presented at about 100 conferences and seminars, including two OWASP meetings.

Ryan C. Barnett is renowned in the web application security industry for his unique expertise. After a decade of experience defending government and commercial websites, Ryan joined Trustwave SpiderLabs Research Team. He specializes in application defense research and leads the open source ModSecurity web application firewall project.

In addition to his commercial work at Trustwave, Ryan is also an active contributor to many community-based security projects. He serves as the Open Web Application Security Project (OWASP) ModSecurity Core Rule Set project leader and contributor on the OWASP To... Read more

Sean Barnum is a Principal and Cyber Threat Intelligence Community Lead at The MITRE Corporation where he acts as a thought leader and senior advisor on information security topics to a wide variety of players within the US government, commercial industry and the international community. He has over 25 years of experience in the software industry in the areas of architecture, development, software quality assurance, quality management, process architecture & improvement, knowledge management and security. He is a frequent contributor, speaker and trainer for regional, national and international... Read more

Former Executive Director, OWASP Foundation
I am based in San Francisco, Californa, USA and served as the Executive Director of the OWASP Foundation from April 2013 through July 2014. In this role, I supervise the paid OWASP staff in addition to administering all programs and operations of the OWASP Foundation, reporting to the OWASP Board of Directors.

Serg is a co-founder and a CTO of Bugcrowd. Bugcrowd delivers ad-hoc, ongoing and objective-based bug bounties. Our clients can elect to engage the full crowd, or run a private bounty with just the top ranked testers. Our service let's you test web, mobile and client-side applications using our curated crowd of 3,500 security researchers and Crowdcontrol - our unique bug bounty management platform.



Serg is passionate about all things IT Security and Internet in general. And has spent most of his nerdy career in the Application Security space, working on a broad range of application security p... Read more

Simon Bennetts is the OWASP Zed Attack Proxy (ZAP) Founder and Project Leader, and a Distinguished Engineer at Jit.

He has talked about and demonstrated ZAP at conferences all over the world, including Blackhat, JavaOne, FOSDEM and OWASP AppSec EU, USA & AsiaPac.

Prior to making the move into security he was a developer for 25 years and strongly believes that you cannot build secure web applications without knowing how to attack them.

Ryan is the Chief Security Officer at Sonatype. Before joining Sonatype, Ryan was a co-founder and chief scientist for Ounce Labs which was acquired by IBM in 2009. Ryan holds multiple patents and is a popular speaker, instructor and author, in the fields of security, risk management, and secure application development. Prior to Ounce Labs, Ryan co-founded Qiave Technologies, a pioneer in kernel-level security, which later sold to WatchGuard Technologies in 2000. In the late 1990's, Ryan also designed and developed the infrastructure for GTE Internetworking/Genuity's appliance-based managed security... Read more

Israel Bryski has over 7 years of experience in technology and information risk management. He is currently working in IT Security at Nomura and is Chapter Leader for the NYC OWASP Chapter.

Michael is Manager of Tech Policy and Programs at Access, an international human rights organization fighting to defend and extend the digital rights of users at risk around the world. There he manages projects that analyze digital attacks on civil society and media organizations, support the development of innovative secure communications technologies, and provide preventative advice to civil society organizations and human rights defenders in staying digitally secure. Prior to Access, he worked at the intersection of technology and journalism at a number of international nonprofits and local n... Read more

Pravir Chandra is a veteran in the security space and a long-time OWASP contributor, including his role as the creator and leader of the Open Software Assurance Maturity Model (OpenSAMM) project. Currently as security architect for the CTO of Bloomberg, he drives proactive security initiatives that demonstrate concrete value for the firm. Prior to this, Pravir was Director of Strategic Services at HP/Fortify where he lead software security assurance programs for Fortune 500 clients in a variety of verticals. He is responsible for standing up the most comprehensive and measurably effective programs... Read more

I am interested in visualization, user interfaces, security and security usability, typography, tinkering, and science, medicine, and technology in general.

Felix, qui potuit rerum cognoscere causus. - Virgil; (“Happy is he who knows the cause of things.”)

I love living in the future!

Michael Coates is the Chairman of the OWASP board, an international non-profit organization focused on advancing and evangelizing the field of application security.  In addition, he is the creator of OWASP AppSensor, a project dedicated to creating attack aware applications that leverage real time detection and response capabilities.

Michael is also the Director of Product Security at Shape Security, a Silicon Valley startup developing an entirely new type of web security product to protect web sites against modern attacks.

Previously, Michael was the Director of Security Assurance at M... Read more

Joseph R. Concannon brings his leadership, program management skills and endless energy to the helm of Integris Security LLC., a boutique security startup firm. Mr. Concannon, with his experience, brings to Integris Security information and physical security, disaster recovery/business continuity planning and intelligence services along with his leadership capabilities.
Prior to Integris Security, Mr Concannon led the FBI public/private initiative called InfraGard in NYC for 12 years. His vision and endless energy pushed the NYC alliance into the national spotlight which enabled the FBI to expand its national membership and provide a road map for other alliances around the nation to establish similar programs. As a result the NYC InfraGard grew beyond normal size in comparison to the entire national program. At the helm of NYM InfraGard, Mr. Concannon provided five distinct educational programs. These are monthly security summits, IGtv, trusted partner conference... Read more

Larry is the co-project leader of the OWASP Code Review Guide. His current emphasis is in Microsoft .NET technologies including C#, VB.NET, and SQL Server. Recent project experiences include converting legacy VB software to .NET, creating and maintaining operational support web sites to help QuikTrip manage it’s 600+ stores. Larry is currently a Senior Software Developer for QuickTrip. 

Joshua Corman is the Director of Security Intelligence for Akamai. Most recently he served as Research Director for Enterprise Security at The 451 Group. Mr. Corman’s cross-domain research highlights adversaries, game theory and motivational structures. His analysis cuts across sectors to the core security challenges plaguing the IT industry, and helps to drive evolutionary strategies toward emerging technologies and shifting incentives.

A staunch advocate for CISOs, Corman also serves as a Fellow with the Ponemon Institute, on the Faculty for IANS, co-founder of Rugged Software and was a Top Influencer of IT in NetworkWorld. Corman received his bachelor’s degree in philosophy, graduating summa cum laude, from the University of New Hampshire... Read more

A globally recognized software security expert, Dan Cornell has over 20 years of experience architecting, developing and securing software systems. As Vice President of Product Strategy at Coalfire, Dan works with customers and industry partners to help drive the direction of their product portfolio. Prior to its acquisition by Coalfire, Dan was a founder of and the Chief Technology Officer at Denim Group, where he helped Fortune 500 companies and government organizations integrate security throughout the development process.

Cornell is an active member of the development community and a sought-after speaker on topics of application and software security, speaking at international conferences including RSA Security Conference, OWASP AppSec USA and EU, TEDx, and Black Hat Arsenal. He holds three patents in the area of software security... Read more

Dinis Cruz is a Developer and Application Security Engineer focused on how to develop secure applications. A key drive is on 'Automating Application Security Knowledge and Workflows' which is the main concept behind the OWASP O2 Platform. After many years (and multiple roles) Dinis is still very active at OWASP, currently leading the O2 Platform project and helping out other projects and initiatives. After failing to scale his own security knowledge, learned Git, created security vulnerabilities in code published to production servers, delivered training to developers, and building multiple CI... Read more

Johanna Curiel is a security engineer and researcher with 18 years experience in programming, testing and quality control. Her early encounters with hackers and cybercrime was a turning point in her career to work in the area of Cyber security.Between 2005 and 2007, she worked as web developer for SafeBoot, which was later sold to McAfee. This division is now part of Intel Security Group who acquired McAfee in 2016 . In 2010, she obtained a master's degree in Information Security from Liverpool University. Johanna has been an active contributor of the Open Source community through Google Mentor... Read more

Mary Ann Davidson is the chief security officer at Oracle, responsible for Oracle software security assurance. She represents Oracle on the board of directors of the Information Technology Information Sharing and Analysis Center (IT-ISAC), and serves on the international board of the Information Systems Security Association (ISSA). She has been named one of Information Security’s top five "Women of Vision," is a Federal 100 Award recipient from Federal Computer Week, and was recently named to the ISSA Hall of Fame.
                                     Davidson has served on... Read more

Sebastien (Seba) Deleersnyder is co-founder and CTO of Toreon. He started the Belgian OWASP chapter and was an OWASP Foundation Board member. With a development background and years of security experience, he has trained countless developers to create more secure software. Co-leading OWASP projects such as OWASP SAMM, he has genuinely helped make the world a safer place. What’s he currently up to? Right now, he’s busy adapting application security models to the evolving field of DevOps and is also focused on getting the word out on Threat Modeling to a broader audience. Bart De Win is working... Read more

John Dickson is an internationally recognized security leader, entrepreneur and Principal at Denim Group, Ltd. He has nearly 20 years hands-on experience in intrusion detection, network security and application security in the commercial, public and military sectors. As a Denim Group Principal, he helps executives and Chief Security Officers (CSO’s) of Fortune 500 companies and government organizations launch and expand their critical application security initiatives. His leadership has been instrumental in Denim Group being honored by Inc. Magazine as one of the fastest growing companies in... Read more

Ralph Durkee is the principal security consultant and president of Durkee Consulting, Inc since 1996. Ralph founded the OWASP Rochester, NY chapter and has served on the board since 2004. Ralph served on the ISSA chapter board to start the Rochester ISSA chapter as well as starting the annual Rochester Security Summit. He has served as the ISSA chapter president since 2010. He performs a variety of network and application penetration tests, software security assessments and secure software development consultations for clients. His expertise in penetration testing, incident handling, secure software... Read more

Tor was lead trial counsel for Andrew Auernheimer (“Weev”) in his prosecution under the Computer Fraud and Abuse Act (“CFAA”) for downloading roughly 120,000 iPad subscriber email addresses from AT&T’s publicly accessible server.  He is currently lead counsel in Mr. Auernheimer’s appeal to the Third Circuit Court of Appeals, working alongside Mark H. Jaffe, Orin Kerr, the Electronic Frontier Foundation and Nace Naumoski in what is one of the most important CFAA cases of recent years. Tor is also trial co-counsel, along with Jay Leiderman, for indicted former Reuters Social Media Editor...

In the course of implementing CSRF defenses in the extremely broad (over 3000 web applications) and diverse environment that is the NIH, I have found that not all CSRF defenses are created equal. A lot of research, experimentation, and conversations with vendors and developers have yielded an understanding of the wide variety of csrf defenses and their tradeoffs, which I would like to share with the industry at large.

As Founder of Bugcrowd, Casey Ellis brings over 14 years of information security experience to lead the company’s technology vision and strategic operation. Prior to Bugcrowd, he served as chief security officer at ScriptRock and as an information security specialist and account manager for Vectra Corporation Ltd. A former penetration tester, Casey has taken on the role of “white hat” to connect organizations large and small with the power of Bugcrowd’s platform for a revolutionary approach to cybersecurity. Casey has presented at several top security shows including RSA, DerbyCon, BSides

... Read more

James is CEO and Founder of Cognitive Extension, Inc., leading the development of inqiri.com and the Decision Optimization Engine technology platform.  He has extensive experience developing and managing enterprise cyber-security programs, in both the public and private sectors having served as the Chief Information Security Officer for the State of Nevada, Director of IS Security and Internal Controlsfor International Game Technology (IGT), and most recently, as Symantec’s Director of Security Strategy & Programs. James is the current Chairman of the Privacy Coordination Standing Committee...

Chris Eng is vice president of research at Veracode, where he leads the team responsible for integrating security expertise into Veracode’s core product offerings. Prior to Veracode, he was technical director at Symantec (formerly @stake) and an engineer at the National Security Agency.

Chris is a frequent speaker at premier industry conferences, and he has been featured in media outlets such as Bloomberg, Fox Business, and CBS. He currently serves on program committees for the O'Reilly Security Conference and the Kaspersky Security Analyst Summit and was a founding member of the SOURCE Bosto... Read more

Simon Roses holds a B.S. from Suffolk University (Boston), Postgraduate in E-Commerce from Harvard University (Boston) and Executive MBA from IE Business School (IE, Madrid). Frequent speaker at security industry events including BLACK HAT, RSA, OWASP, SOURCE. DeepSec and Microsoft Security Technets.

Judith A. Fincher, PhD, is a Senior Security Engineer at Electrosoft Services, Inc., a boutique identity management firm offering security services to federal and non-federal clients. In that role she provides security architecture consulting services to the Veterans Health Administration (VHA), other federal clients. Working with the VHA Security Architect (John “Mike” Davis), she developed the official VHA Security and Privacy Architecture (VHA-SPA) and is currently engaged in an effort by the Software Engineering Institute (SEI) to align and integrate the SPA with the VHA Health Systems/Business... Read more

Kelly has a BS in Computer Science from CSUSB. She was awarded a full academic scholarship from the National Science Foundation. In her senior year of college she took a job at EvidentData doing computer forensics. From there she fell in love with the dark side and purposely went in persuit of a career in computer security looking at the bleedy places where people and technology bruise. Kelly has worked at Symantec since 2003 and has two single-filer patents pending.

Shawn Fitzgerald is a senior security consultant at iSEC Partners, an information security firm specializing in application, network, and mobile security. At iSEC, Shawn specializes in web based applications, client/server testing, cryptographic systems, security design and security protocol reviews.

Jeff Fox is an Electronics Deputy Content Editor at Consumer Reports magazine and ConsumerReports.org. He has covered online security and privacy for 19 years and edited the annual Consumer Reports State of the Net investigative report for the past 9 years. Prior to joining Consumer Reports, he was president of Fox & Geller, a nationally recognized publisher of personal computer software. He holds an MS in Journalism from Columbia University, an MS in Information Science from Harvard University, and a BE in Engineering Science from Stony Brook University.

NYSE Euronext - Application Security Program, Security Architecture; Merrill Lynch - Pentest Program, Security Architecture; Johnson & Johnson - Risk Assessments and Pentests of M&A targets & Operating Companies, Development of Security Processes; Various financial firms, startups, and AT&T - Application Development

23+ software development and management experience Education: MSCS, BSEE. Active research and development in iOS security, Android development, Ruby on Rails web apps, and project leadership. For the past five years his passion has been in the mobile field and in particular mobile security where he is the Principal Investigator of iMAS (iOS Mobile Application Security) a collaborative research project from the MITRE Corporation focused on open source iOS security controls. iMAS currently has thirteen (13) security controls open sourced on github – ready for download and use! Click here for more... Read more

Both trainers are Hackademic project leaders, long time OWASP members and application security professionals

Suprotik Ghose
Head of Security, IT Risk & Control, M&IB Americas
Head of Security Operations, Global M&IB

Suprotik Ghose has over 22 years of experience (18 years in financial services), in infosec policy, privacy, compliance and IT risk. Since June 2012, Mr. Ghose has been the Head of Security, Risk & Control at Royal Bank of Scotland (RBS) Americas. Previously he was VISA's Global Head of CyberSecurity and the Principal CyberSecurity Strategist within Microsoft’s Worldwide Cybersecurity team responsible for providing Cybersecurity and related services to global CIOs and CISOs. Earlier from 2003-2010, Mr. Ghose was the Head of Information Security at the Financial Industry Regulatory Authority... Read more

Tobias Gondrom is a global board member of OWASP (Open Web Application Security Project) and former chairman until December 2015. And until April 2015, he was leading a boutique Global CISO and Information Security & Risk Management Advisory based in Hong Kong, United Kingdom and Germany. He has over 15 years of experience leading global teams in information security, software development, application security, cryptography, electronic signatures and global standardization organizations working for independent software vendors and large global corporations in the financial, technology and government... Read more

Joan Goodchild writes frequently about security leadership, social engineering, social media security and cybercrime in her role as Executive Editor, Online with CSO.
Her previous experience in business journalism includes roles as broadcast and web editor with the Boston Business Journal and as a news writer covering the Windows OS with TechTarget. Prior to that, she worked as a television reporter and anchor for more than a decade.
Joan has a Master’s degree in journalism from Northwestern University’s Medill School of Journalism.

Jeremiah Grossman is the Founder and iCEO of WhiteHat Security, where he sets overall company vision and oversees day to day operations. Over the last decade, Mr. Grossman has written dozens of articles, white papers, and is a published author. His work has been featured in the Wall Street Journal, Forbes, NY Times and hundreds of other media outlets around the world.

As a well-known security expert and industry veteran, Mr. Grossman has been a guest speaker on six continents at hundreds of events including TED, BlackHat Briefings, RSA, SANS, and others. He has been invited to guest lecture at top universities such as UC Berkeley, Stanford, Harvard, UoW Madison, and UCLA. Mr. Grossman is also a co-founder of the Web Application Security Consortium (WASC) and previously named one of InfoWorld's Top 25 CTOs. He serves on the advisory board of two hot start-ups, Risk I/O and SD Elements, and is a Brazilian Jiu Jitsu Black Belt. Before founding WhiteHat, Mr. Gr... Read more

Dennis Groves is the co-founder of OWASP and a well known thought leader in application security who's work focuses on multidisciplinary approaches to information security risk management. He holds an MSc in Information Security from Royal Holloway, University of London. 

Samantha Groves is the Project Manager at OWASP. Samantha has led many projects in her career, some of which include website development, brand development, sustainability and socio-behavioral research projects, competitor analysis, event organization and management, volunteer engagement projects, staff recruitment and training, and marketing department organization and strategy implementation projects for a variety of commercial and not-for-profit organizations. She now works to help our OWASP Project leaders, aiding them in starting and running their OWASP based projects.

Ron Gutierrez is a senior engineer at Gotham Digital Science (GDS), where he specializes in a application security code reviews, mobile application assessments, black box application testing and threat modeling. Ron is a member of the SendSafely development team and a frequent contributor to the GDS Security Blog (http://blog.gdssecurity.com). Ron has spoken at security conferences such as AppSec USA and Shmoocon. Ron's current interests include NodeJS Security,  iOS Application Security, and Cryptography.

I currently facilitate information security consulting at HP which includes developing test plans for Fortune 100 companies and competing in "bake-offs" against other top tier consulting vendors. My strengths are web, network, and mobile assessments. I write for my own infosec website (www.securityaegis.com) that reviews industry training, interviews security professionals, and provides anecdotal/practical advice related to offensive security. I also write articles for security publications and speak at security conferences whenever possible. I am a semi-regular player on the capture the flag team... Read more

Robert Hansen (CISSP) is the Director of Product Management at WhiteHat Security. He's the former Chief Executive of SecTheory and Falling Rock Networks which focused on building a hardened OS. Mr. Hansen began his career in banner click fraud detection at ValueClick. Mr. Hansen has worked for Cable & Wireless doing managed security services, and eBay as a Sr. Global Product Manager of Trust and Safety. Mr. Hansen contributes to and sits on the board of several startup companies.

Mr. Hansen has co-authored "XSS Exploits" by Syngress publishing and wrote the eBook, "Detecting Malice." Robert i... Read more

Devindra Hardawar is VentureBeat's National Editor and lead mobile writer, focusing on the latest news from Apple, Google, Samsung, Blackberry and Motorola, along with the hottest startups that are disrupting the industry. Devindra has been writing about technology since 2004, worked in IT support for years, and studied philosophy at Amherst College. He has appeared as an expert source on CNBC, WNYC, NPR and other leading outlets. Devindra is also an organizer of MobileBeat, VentureBeat's flagship mobile conference.  

Software Developer Engineer based on San José, Costa Rica. With more than 6 years of experience building financial applications and with his high sense of responsibility and quality, Michael always work hard to do things better. Currently Michael works as a Software Developer Engineer for one of the best Application Security company in the market. He also leads the OWASP Chapter in Costa Rica and he is always writing about software, testing, quality and application security. Blog : http://blog.michaelhidalgo.info

Jerry Hoff is the VP of the Static Code Analysis Division at WhiteHat Security. In addition to WhiteHat, he is a co-founder and managing partner at Infrared Security. Jerry has worked at a number of fortune ten financial firms, along with years of hands-on security consulting, where he specialized in manual code review, web application penetration testing, and architecture reviews. Jerry also has years of development and teaching experience. He taught for over seven years at Washington University's CAIT program, and the microcomputer program at University of Missouri in St. Louis.

Jerry is the writer/producer of the popular OWASP Appsec Tutorial Series and the lead developer for the WebGoat.NET project... Read more

Brian is a founding member of Gotham Digital Science. He has over 10 years of experience performing penetration testing and code review. Brian is also the team lead for SendSafely, an browser based encrypted file exchange platform. Brian has spoken at numerous security conferences including BlackHat, RSA, AppSec USA, Source Boston and Shmoocon.

I’m a computer scientist, mobile security and forensics researcher, and co-founder of NowSecure. I’m also a testifying expert witness, author of two books on mobile forensics for Android and iOS, and hold two patents in the areas of forensics and data recovery.

Dawn-Marie has over fourteen years’ experience in information technology starting her career in the Walt Disney World Merchandise Information Systems organization.She moved into IT Security in 2004 in the Philadelphia based Independence Blue Cross where she spent the following eight years helping tobuild and mature the information security program. In an effort to expand her knowledge and diversify her industry experience she moved into security advisory consulting before assuming the role as Head of the Global Information Security and Privacy program at Urban Outfitters, Inc. The retailer operates... Read more

Dawn Isabel is currently a Mobile Security Consultant at HP ShadowLabs, where she tests iOS and Android applications and develops in-house tools for static and dynamic analysis of mobile apps. Prior to that, she designed and ran a penetration testing service at the University of Michigan, and developed Python automation for vulnerability management with Nessus. Dawn was team lead of the Computer Incident Response Team (CIRT) at Ford Motor Company and developed global standards for incident response while there, as well as performing penetration tests of internal applications. As an experienced... Read more

Gursev Singh Kalra serves as a Senior Principal with Foundstone Professional Services, a division of McAfee. Gursev has authored several security related whitepapers and his research has been voted among the top ten web hacks for 2011 and 2012. He loves to code and he has authored several free security tools like TesserCap, Oyedata, SSLSmart and clipcaptcha. He has spoken at conferences like BlackHat, ToorCon, OWASP, NullCon, Infosec Southwest etc...

Eoin Keary is an international board member of OWASP. He leads the OWASP code review project. Eoin is the CTO and founder of BCC Risk Advisory Ltd.

He has also led global security engagements for some of the world’s largest financial services and consumer products companies. Eoin is a well known technical leader in industry in the area of software security and penetration testing.

Eoin lives in Dublin, Ireland. 

Rich experience as a speaker in industry conferences and technical panels such as OWASP and academia.

Matt Konda is a developer and application security expert. He founded Jemurai to focus on working with teams to deliver secure software. Jemurai works with clients on security automation, training, strategy, building AppSec teams and more. Matt is on the global board of OWASP, active in developer and devops focused OWASP open source projects and regularly gives industry talks.

Ondrej Krehel is principal and founder of LIFARS LLC, an international cyber security and digital forensics firm. He’s the former Chief Information Security Officer of Identity Theft 911, the nation’s premier identity theft recovery and data breach management service. He previously conducted forensics investigations and managed the cyber security department at Stroz Friedberg and the Loews Corporation. With two decades of experience in computer security and forensics, he has launched investigations into a broad range of IT security matters—from hacker attacks to data breaches to intellectual

... Read more

Rick Kuhn is a computer scientist in the Computer Security Division of the National Institute of Standards and Technology. He has authored more than 100 publications on information security, empirical studies of software failure, and software assurance, and is a senior member of the IEEE. He co-developed the role based access control model (RBAC) used throughout industry and led the effort establishing RBAC as an ANSI standard. Previously he served as Program Manager for the committee on applications and technology of the President's Information Infrastructure Task Force and as manager of the Software... Read more

Extensive experience in designing, implementing, and managing enterprise Software Security Program from ground up.  Strong innovation skills have led in many value delivery systems in the enterprise. Strong believer in implementing security process and technology controls over the information lifecycle.

Enjoy creating state of art practice for security with demonstrated leadership in establishing database and application security programs.

Dan has been with NTO for more than 10 years and is responsible for the strategic direction and development of products and services. He also works closely with technology partners to make sure our integrations are both deep and valuable. As a result of Dan’s dedication to security, technology innovation and software development, NTO application security scanning software is often recognized as the most accurate because of its sophisticated automation techniques.

Dan joined NTO from Foundstone, where he was a key developer of FoundScane’s scan management, and remediation capabilities. Be... Read more

Working mainly in the field of Information Security, Technology Risk, Risk Management, and Security Architecture. I've spent the majority of my career in the financial services industry.

Specialties:Risk Management
Program Management
Application Security
Business Continuity Planning
Security Architecture
Design Reviews
Metrics and Reporting
Regulatory Reporting, Security Laws, and Auditing (e.g. Sarbanes Oxley, PII, GLBA, Basel I & II)
Tools Product Management
Static Code Analysis
Penetration Testing
Code Review
Cryptography... Read more

Erik is a professional Java developer. In addition to writing code, Erik also consults with other developers on how to identify security flaws through code review and secure development patterns.

Java Developer for SendSafely.com and Secure Development Consultant with Gotham Digital Science

AppSec Engineer @ Etsy. Loves pentests, code reviews, and a good cup of tea.
Twitter: @kennysan
Github: https://github.com/kennysan

David Lindner, a Managing Consultant and Global Practice Manager, Mobile Application Security Services at Aspect Security. David brings 15 years of IT experience including application development, network architecture design and support, IT security and consulting, and application security. David's focus has been in the mobile space including everything from mobile application penetration testing/code review, to analyzing MDM and BYOD solutions. David also specializes in performing application penetration tests utilizing commercial and freeware products as well as manual testing methods. David... Read more

By day Mark works as a cybersecurity engineer at Aerstone. By nights and weekends he organizes the Boulder OWASP chapter.

Mark directs the annual Front Range OWASP Conference (SnowFROC) in Denver, CO. In 2014 he took a break from SnowFROC in order to chair AppSec USA. In these roles, Mark was integral in all areas of planning, including budgeting, venue negotiation, sponsorship, vendor management, catering, speaker and volunteer coordination, scheduling, marketing, and registration.

In his free time, Mark brews beer, strums guitar, picks up toys, and reads bedtime stories... Read more

Jack is the CEO at nVisium and loves solving problems in the field of application security. With experience building, breaking, and securing software, he founded nVisium to invent new and more efficient ways of protecting software. Jack is a huge fan of contributing to open source projects, and leads the OWASP Northern Virginia chapter. In his spare time, he loves to kick around new frameworks and technologies, especially things that run Android and code written in Scala. He’s also an optimistic New York Mets fan, although that optimism slowly fades away every summer.

Jonathan has created over a hundred threat models during his career and enjoys sharing his experience. He currently co-leads the OWASP Threat Model Cookbook Project and is a board member of the OWASP Orange County chapter located in beautiful Irvine, California. Originally from Montreal, where he was the local chapter leader and was part of NorthSec CTF as a challenge designer specialized in Web and imaginative contraptions. He is passionate about Application Security and enjoys architecture analysis, code review, threat modeling and debunking security tools. Jonathan holds a bachelor's degree... Read more

Matteo Meucci is the CEO and a cofounder of Minded Security, where he is responsible for strategic direction and business development for the Company. Prior to founding Minded Security, Matteo had several consultancy experiences from BT Global Services, INS, Business-e and CryptoNet. Matteo has more than 13 years of specializing in information security and collaborates from several years at the OWASP project: he founded the OWASP-Italy Chapter in 2005 and leads the OWASP Testing Guide from 2006. Matteo is invited as speaker at many events all around the world talking about Web Application Security

... Read more

Daniel Miessler is Principal Security Architect with HP based out of San Francisco, California. He specializes in application security with specific focus in web and mobile application assessments, helping enterprise customers build effective application security programs, and speaking with executives about how to best leverage technologies and processes to reduce real-world risk. In his spare time he enjoys reading and writing, programming, rowing, and table tennis.

Mark Miller, Senior Storyteller, is recognized internationally for weaving engaging tales to simplify the explanation of complex, technological solutions. He is a serial community builder, participating in the creation of global online communities such as NothingButSharePoint, EndUserSharePoint and the Trusted Software Alliance.



Mark travels internationally from his home in New York City, speaking on the building of community, methods for using social media to engage an online audience, and the future of productivity. His most recent excursion with the “Sharing the Point” team found him... Read more

Dr. Morana is SVP at Citi's Information Security based in Tampa focusing on bringing emerging technologies for cybersecurity and FinTech to the level of maturity required for adoption by Citi and Citi clients. In his day to day job his focus is document internal technology standards, direct security reviews of cloud applications and manage proof of concepts and pilots of emerging technologies such as mobile payments, cloud based financial applications and hybrid private/permissioned blockchain consortium developed blockchain applications.

Besides his work with Citi, Dr Morana is active cont... Read more

Tim is credited with the discovery and responsible disclosure of several security vulnerabilities in commercial off-the-shelf and open source software including: IBM Tivoli Access Manager, Real Networks Real Player, Sun Java Runtime Environment, Google Chrome Web Browser, OpenOffice, and Oracle WebLogic Application Server. Tim develops and maintains several open source forensics tools as well as Bletchley, an application cryptanalysis tool kit. Tim presented a training course on application cryptanalysis at AppSecUSA 2012. He regularly gives technical talks on a variety of security topics to local... Read more

I have a drive to improve the security and efficiency of business processes through innovative solutions to perennial problems. Currently I am developing security management through security automation and redefining the security testing process through work with Standards Australia and OWASP.

Information security, cryptography, computer science, and all sorts of geeky stuff make up my life.



I'm doing heavy infosec research as well.



My CV is available at https://abiusx.com/cv

Wendy Nather is Research Director, Security, within 451 Research's Enterprise Security Program, providing analysis on the current state of security from the perspective of a veteran CISO. Wendy's primary areas of coverage are on application security and security services. Wendy joined 451 Research after five years building and managing all aspects of the IT security program at the Texas Education Agency, which serves 4.6 million Texas students. In that position, she directed multimillion-dollar initiatives for a statewide external user base of over 50,000. She also provided security guidance for... Read more

Amy Neustein, Ph.D., is Editor-in-Chief of the International Journal of Speech Technology (Springer), a member of De Gruyter’s STM Editorial Advisory Board, and Editor of their new series, Speech Technologyand Text Mining in Medicine and Healthcare. Dr. Neustein is also Series Editor of Springer Briefs in Speech Technology. She has published over 40 scholarly articles, is a frequent invited speaker at natural language and speech technology conferences, and has given grand round lectures and seminars at over20 leading medical institutions. She is editor of the volume, Advances in Speech Recognition:

... Read more

David came to EMC 2005 in its acquisition of SMARTS. At SMARTS, he devised and implemented the lastest version of its automated root cause analysis algorithm. David received his Phd in Computer Sciences from Columbia University in 1997.

4 years experience in product security assessment and architecture for EMC applications. David Ohsie works on authentication and security architecture for a number of software applications produced by the Advanced Storage Division of EMC Corporation. David has also worked RESTful application architectures across a number of EMC products.

Born in Kobe, Japan, Mr. Okada, the executive researcher of Asterisk Research, has 20+ years of experience in software development and security. He is an experienced CISO advisor, PSIRT practitioner, and author who can implement information security programs. His field of work contributes to consumer services, healthcare services, software development companies, financial services, automotive manufacturing companies, educational institutions, and government agencies.
As a long-time OWASPer, he was also one of the Japanese translators of “OWASP Guide” in the first era of OWASP in the 2000s. ... Read more

Michele Orru a.k.a. antisnatchor is an IT and ITalian security guy. Lead core developer of the BeEF project, he mainly focuses his research on application security and related exploitation techniques. He is one of the authors of Browser Hacker's Handbook, which will be out by late 2013 from Wiley. He is a frequent speaker at hacking conferences, including CONFidence, DeepSec, Hacktivity, SecurityByte, AthCon, HackPra, Semafor, Just4Meeting, OWASP AppSec USA, 44Con, EUSecWest, Ruxcon, ZeroNights and more we just can't disclose. Besides having a passion for hacking and being a Senior Spider (for... Read more

Rajiv Pant is Chief Technology Officer & VP at The New York Times. Prior to his promotion to CTO, Rajiv joined The Times as Vice President of Digital Technology. He supervises a staff of 250+, including the Vice Presidents of Web & Mobile Engineering, CMS & Publishing, and Ecommerce & Customer Service; the Directors of Business Intelligence, Quality, and Project Management; and The Editor of Interactive News Technology. He reports to the Corporate CIO and to the Executive Editor (editor-in-chief) of The New York Times. Prior to his move to The NY Times, Rajiv was at Conde Nast for four y

... Read more

Security since 2000, application security since 2004, when I made http://www.wisec.it and published several advisories. Stefano Di Paola is the CTO and a cofounder of Minded Security, where he is responsible for the Research and Development Lab. Prior to founding MindedSecurity, Stefano was a freelance security consultant, working for several private and public companies. He also worked in collaboration with University of Florence at the Faculty of Computer Engineering. Stefano is recognized as one of the top application security researchers http://myappsecurity.blogspot.com/2007/05/reflection-on-stefano-di-paola.html... Read more

Mike Park is a Managing Consultant at Trustwave. He is a member of Trustwave's SpiderLabs - the advanced security team focused on penetration testing, incident response, and application security. He has over 12 years experience building and securing software for a variety of companies. Mike is a CISSP and specializes in application security assessment, penetration testing, reverse engineering and secure development life cycle. Mike is an active member of the Ottawa ISSA.

I find a programmatic way to replace myself at work and when I do, I explore new challenges to work on. 

Android Security is my most recent interest. Please visit my Open Source Project at (http://code.google.com/p/asef/)

I have presented my research work at Security Conferences like Sector 2012 (Toronto), BSides 2012 (Vegas, Dallas, Detroit) & S4 Con (San Francisco).

I aspire to create a largest database of behavioral analysis of Android Applications and attempt to answer some of the most burning questions of Android Security.

At Qualys, I enjoy building Backend tools(with UI) which are easy to... Read more

Peck is principle research scientist at Barracuda Networks, he is currently focused on studying uses of social networks as a medium for attacks. Previous research includes comparing content and non content based systems to identify malicious accounts on Twitter/Facebook, exploiting programmable logic controllers, and identifying/classifying malicious javascript. Peck has a Bachelor's of Science in Computer Science from the Georgia Institute of Technology.

With more than 16 years of information security experience, Nicholas is a Director in KPMG's Information Protection practice. Prior to KPMG, Percoco led the global SpiderLabs organization for more than a decade that performed more than 2000 computer incident response and forensic investigations globally, ran thousands of ethical hacking and application security tests for clients, and conducted bleeding-edge security research to improve Trustwave's products.



Prior to joining Trustwave, Percoco ran security consulting practices at VeriSign, and Internet Security Systems. In 2004, he drafted an... Read more

Gary Phillips is Senior Director of Research and Development in the Office of the CTO for Symantec Corporation. In this position, Gary manages a diversity of responsibilities, including technology assurance, product security, software supply chain assurance, and customer assurance. Gary is currently a member of the Cadence Data Soft board of directors and serves as SAFECode's board treasurer. He is also a former member of the Storage Networking Industry Association board, the International Committee for IT Standards (INCITS) executive board, the Software and Information Industry Association (SIIA)

... Read more

Dr Phu Phung is a Research Associate at the University of Illinois at Chicago from December 2012, employed by the University of Gothenburg, Sweden. From October, 2011 to December 2012, he was a postdoctoral researcher at Department of Computer Science and Engineering, Chalmers University of Technology, where he received his PhD in October, 2011. Phu's research directions include web application security, runtime policy enforcement for untrusted software, and policy enforcement for cloud-based sustainability governance platforms. He was involved in the European WebSand project which aims to provide... Read more

James A. St. Pierre is Deputy Director of the Information Technology Laboratory (ITL). ITL is one of six research Laboratories within the National Institute of Standards and Technology (NIST) with an annual budget of $120 million, 367 employees, and about 160 guest researchers from industry, universities, and foreign laboratories.

Along with the ITL Director St. Pierre oversees a research program designed to promote U.S. innovation and industrial competitiveness by developing and disseminating standards, measurements, and testing for interoperability, security, usability, and reliability of information systems, including cybersecurity standards and guidelines for Federal agencies and U.S. industry, supporting these and measurement science at NIST through fundamental and applied research in computer science, mathematics, and statistics. Through its efforts, ITL seeks to enhance productivity and public safety, facilitate... Read more

Gordon Platt is the Founder and President of Gotham Media. He is an attorney, television producer and was the Executive Producer of the Poliak Center for First Amendment Issues at Columbia Journalism School. Platt launched Gotham Media in 2007 as a conference company with a focus on innovation in media, technology, advertising, finance and law. Since then, he has transformed the company into a full service strategic communications and marketing company. Platt began his career as an investigative journalist after receiving from Dartmouth College, the London School of Economics and Harvard Law School

... Read more