AppSecUSA 2012 has ended
View analytic

avatar for Bejtlich, Richard

Bejtlich, Richard

Richard Bejtlich is Chief Security Officer at MANDIANT. He was previously Director of Incident Response for General Electric, where he built and led the 40-member GE Computer Incident Response Team (GE-CIRT). Prior to GE, he operated TaoSecurity LLC as an independent consultant, protected national security interests for ManTech Corporation's Computer Forensics and Intrusion Analysis division, investigated intrusions as part of Foundstone's incident response team, and monitored client networks for Ball Corporation. Richard began his digital security career as a military intelligence officer in 1997... Read more
Company Mandiant
Position Chief Security Officer
Location Metro DC
URL taosecurity.blogspot.com


avatar for sreenarayan a

sreenarayan a

Sreenarayan is currently working as an Independant Information Security Consultant. He was the principal researcher in the Mobile Application Security Team at Paladion, having developed Paladion's Android, iOS, Windows Mobile, BlackBerry Gray Box and Code Review checklists, and has trained 30+ engineers to detect security flaws in mobile applications. He has found flaws in leading Mobile-based financial applications and helped the respective organizations fix those vulnerabilities. He has authored many white papers on information security and network-related research, which have been published... Read more
Company Independant Consultant
Position Information Security Consultant
Location Mumbai Area, India
URL www.crawller.com; www.blogs.crawller.com


avatar for Dan Amodio

Dan Amodio

As a Principal Consultant, Dan manages and defines Aspect Security's line of Assessment Services-- helping organizations quantify their security risks from design to implementation. He works with staff and clients to develop the team members and deliverables.

Dan holds a security clearance and directly supports a variety of client projects. He leads mobile security efforts, security architecture and design reviews, code reviews, and penetration testing for clients in Government, educational, airline, and financial sectors. His expertise spans an array of IT disciplines including: application s... Read more
Company Aspect Security
Position Principal Consultant
Location Pasadena, MD
URL https://www.aspectsecurity.com/



Yaniv Azaria

Yaniv holds a B.Sc and M.Sc in Computer Science. An industry veteran with experience in developing web applications, bio-informatic algorithms and database security products. Was team leader for database security research in Imperva for 3 years and for the past couple of years conducts general database and application security research in general.
Company Imperva


avatar for Ryan Barnett

Ryan Barnett

Ryan C. Barnett is renowned in the web application security industry for his unique expertise. After a decade of experience defending government and commercial websites, Ryan joined Trustwave SpiderLabs Research Team. He specializes in application defense research and leads the open source ModSecurity web application firewall project.

In addition to his commercial work at Trustwave, Ryan is also an active contributor to many community-based security projects. He serves as the Open Web Application Security Project (OWASP) ModSecurity Core Rule Set project leader and contributor on the OWASP To... Read more
Company Trustwave SpiderLabs
Position Lead Security Researcher
Location Metro DC
URL http://www.modsecurity.org


avatar for John Benninghoff

John Benninghoff

John Benninghoff started Transvasive Security to develop Behavioral Information Security, a new philosophy of security that draws on knowledge of how people behave and interact with information. He has spoken at national and regional security conferences, and writes regularly for his company blog at transvasive.com.

John began his information security career when he was asked to build and deploy a Network IDS using free software (SHADOW) after returning from a SANS conference in 1998. John has experience in security policy, program management, incident response, identity management, and network security. John’s accomplishments include developing a comprehensive vulnerability management program that effectively eliminated business outages due to network worms after it was implemented in 2001... Read more
Company Transvasive Security
Position Security Consultant
Location Minneapolis, MN
URL http://transvasive.com


avatar for Tom Brennan

Tom Brennan

Tom Brennan is a mage at Proactive Risk with two decades of hands on the keyboard building, breaking and defending data for clients worldwide. He is a an alumni of McAfee, Intel Security, SafeCode, Trustwave, WhiteHat, ADP, Datek Online and the United States Marines.

As a volunteer Tom serves the community as a elected member of the Global Board of Directors for OWASP Foundation, Chairman of the Americas Board for CREST International, participates as technical advisor for New Jersey Institute of Technology, County College of Morris and the Morris County Economic Development Corporation and is a Rockaway Township Official and member of the CERT team... Read more
Company ProactiveRISK
Position Founder, Security Architect
Location Greater New York City Area
URL http://www.proactiverisk.com



Alejandro Caceres

I am a computer network operations engineer focused on building software products and interested in breaking things, mostly. I've been told I have a "hacker" mindset by my co-workers (I like to think that they meant it in a good way) and that is entirely true. I work on a number of open source projects related to pen testing and particularly enjoy dealing with unique ways of automating exploitation of web applications.
Company Lunarline Inc.
Position Computer Network Operations Engineer
Location Arlington, VA


avatar for Jason Chan

Jason Chan

I work in Netflix’s Cloud and Platform Engineering team as the Cloud Security Architect. In my current role, I work with Netflix engineering, IT, legal, and business teams to ensure the secure design, implementation, and operation of the company’s cloud deployment and overall application environment.

Prior to joining Netflix, I led the information security team at VMware and spent most of my earlier career as a security consultant for firms such as @stake and iSEC Partners. I've presented at SANS, OWASP, United, and other conferences, briefed the NSA on cloud security, contributed to a book, and served as a technical editor for a number of other publications... Read more
Company Netflix
Position Cloud Security Architect
Location Los Gatos, CA
URL www.netflix.com


avatar for Shay Chen

Shay Chen

Shay Chen is the CEO of Effective Security, an information-security boutique company specializing in information security assessments and in automating security processes of vulnerability management and SDLC. He has over twelve years in information technology and security, a strong background in software development, and a stream of previously published vulnerabilities, attack vectors, benchmarks and hacking methodologies. Shay is an experienced speaker, and regularly instructs a wide variety of security related courses in Conferences and Enterprises. Before moving into the information security... Read more
Company Effective Security
Position CEO
URL http://sectooladdict.blogspot.com



Jonathan Chittenden

Prior to his employment with iSEC, Jonathan worked for the Air Force as a civilian. His roles consisted of reverse engineering malware for both signature and exploitation development. This experience enabled Jonathan to be comfortable working at a low-level with unknown protocols and binaries. During this time, he also assisted in the development of an open-source intelligence application to be used to identify indicators of compromise.
During his employment with iSEC Partners, Jonathan has been tasked with a variety of engagements. Of which his memorable projects include performing assessments of a novel application container and custom kernel modules to be used for virtualization. Jonathan has also collaborated and presented on a tool called AWS Scout. Scout helps automate security assessments of several Amazon Web Services. The tool was showcased at Blackhat USA 2012 Arsenal and OWASP AppSec 2012 conference. Recently Jonathan gave a turbo talk at Blackhat USA 2013 on an embedded system called Twine, which covered analysis and findings of the research project

... Read more
Company iSEC Partners
URL https://www.isecpartners.com/


avatar for Bill Chu

Bill Chu

I received my Ph.D. in Computer Science from University of Maryland at College Park. My current research is focused on building interactive tools to support developers writing more secure code. Part of this effort is the OWASP ASIDE project(https://www.owasp.org/index.php/OWASP_ASIDE_Project). Outside work I enjoy readings in philosophy and history.
Company University of North Carolina at Charlotte
Position Professor
Location Charlotte, NC


avatar for Michael Coates

Michael Coates

Michael Coates is the Chairman of the OWASP board, an international non-profit organization focused on advancing and evangelizing the field of application security.  In addition, he is the creator of OWASP AppSensor, a project dedicated to creating attack aware applications that leverage real time detection and response capabilities.

Michael is also the Director of Product Security at Shape Security, a Silicon Valley startup developing an entirely new type of web security product to protect web sites against modern attacks.

Previously, Michael was the Director of Security Assurance at M... Read more
Company Shape Security
Position Director of Product Security
Location Mountain View, California
URL michael-coates.blogspot.com


avatar for Justin Collins

Justin Collins

Justin is a security engineer at Twitter and a long-time computer science PhD student at UCLA. He spends most of his time working on Brakeman, a static analysis security scanner for Ruby on Rails.
Company Twitter
Position Security Engineer
Location Los Angeles
URL presidentbeef.com


avatar for Josh Corman

Josh Corman

Joshua Corman is the Director of Security Intelligence for Akamai. Most recently he served as Research Director for Enterprise Security at The 451 Group. Mr. Corman’s cross-domain research highlights adversaries, game theory and motivational structures. His analysis cuts across sectors to the core security challenges plaguing the IT industry, and helps to drive evolutionary strategies toward emerging technologies and shifting incentives.

A staunch advocate for CISOs, Corman also serves as a Fellow with the Ponemon Institute, on the Faculty for IANS, co-founder of Rugged Software and was a Top Influencer of IT in NetworkWorld. Corman received his bachelor’s degree in philosophy, graduating summa cum laude, from the University of New Hampshire... Read more
Company Akamai Technologies
Position Director of Security Intelligence
Location It depends...
URL http://blog.cognitivedissidents.com


avatar for Dan Cornell

Dan Cornell

Entrepreneur, software developer and security professional. CTO at Denim Group. CrossFitty and Paleo-ish.
Company Denim Group
Position CTO
Location San Antonio, TX
URL https://www.denimgroup.com/


avatar for Douglas Crockford

Douglas Crockford

Douglas Crockford was born in the wilds of Minnesota, but left when he was only six months old because it was just too damn cold. He is best known for having discovered that there are good parts in JavaScript. This was an important and completely unexpected discovery. He also discovered JSON, the world's best loved data interchange format.
Company PayPal
Position The Boss of You
Location San Jose
URL http://www.crockford.com/




avatar for Seba Deleersnyder

Seba Deleersnyder

Co-founder & managing partner application security at Toreon.com
As application security specialist for more than 10 years, Sebastien has helped various companies improve their ICT-, Web- and Mobile Security, including BNP Paribas Fortis, Atos Worldline, KBC, NationaleNederlanden (ING), Isabel, Fluxys, OLAF, EU Council, TNT Post, Flemish Community, Agfa-Gevaert and ING Insurance International.
Sebastien is the Belgian OWASP Chapter Leader, co-project leader of the OpenSAMM project, served on the OWASP Foundation Board member (2007-2013) and performed several presentations and trainings on Web Application, Mobile and Web Services Security. Furthermore Sebastien co-organizes the yearly BruCON conference in Ghent (Belgium... Read more
Company Toreon
Position managing partner application security
Location Belgium
URL http://www.toreon.com


avatar for John Dickson

John Dickson

John Dickson is an internationally recognized security leader, entrepreneur and Principal at Denim Group, Ltd. He has nearly 20 years hands-on experience in intrusion detection, network security and application security in the commercial, public and military sectors. Dickson is a popular speaker on security at industry venues including the RSA Security Conference, the SANS Institute, the Open Web Application Security Project (OWASP) and at other international security conferences. He is a sought-after security expert and regularly contributes to Dark Reading and other security publications. A Distinguished... Read more
Company Denim Group
Position Principal
Location San Antonio, TX
URL https://appseccalifornia.org/speakers/john-dickson


avatar for Fred Donovan

Fred Donovan

Fred is a Professor and an application security researcher.
Location USA


avatar for Brendan Eich

Brendan Eich

Brendan Eich is CTO of Mozilla and widely recognized for his enduring contributions to the Internet revolution. In 1995, Eich invented JavaScript (ECMAScript), the Internet’s most widely used programming language. He also co-founded the mozilla.org project in 1998, serving as chief architect. Eich helped launch the award winning Firefox Web browser in November 2004 and Thunderbird e-mail client in December 2004. Today, Eich’s central focus is guiding the future technical work to keep Mozilla vital and competitive. In the greater Web community, Eich remains dedicated to driving innovation in

... Read more
Company Mozilla
Position Chief Technology Officer


avatar for Alex Emsellem

Alex Emsellem

Currently pursuing a bachelor's degree in Computer Science. I'm primarily focused on software reverse engineering and exploitation. Around ten years ago I found my first vulnerability in a web application, and remember it vividly. I live for innovative ideas and the cutting-edge.
Company Aspect Security
Position Intern Software Engineer
Location Bethesda, MD
URL alexemsellem.com


avatar for Chris Evans

Chris Evans

Chris Evans is the author of vsftpd, a vulnerability researcher and for a paycheck, he built and now looks after the Google Chrome Security Team. Unruly bunch.

Details of vsftpd are at https://security.appspot.com/vsftpd.html. His research includes vulnerabilities in all the major browsers (Firefox, Safari, Internet Explorer, Opera, Chrome); the Linux and OpenBSD kernels; Sun's JDK; and lots of open source packages. He blogs about some of his work at http://scarybeastsecurity.blogspot.com/. At Google, Chris is passionate about watching out for hundreds of millions of Chrome end users.

Wh... Read more
Company Google
Position Troublemaker
Location Silicon Valley
URL http://scarybeastsecurity.blogspot.com/



Simon Roses Femerling

Simon Roses holds a B.S. from Suffolk University (Boston), Postgraduate in E-Commerce from
Harvard University (Boston) and Executive MBA from IE Business School (IE, Madrid).

Currently is the CEO at VULNEX, driving security innovation. Former Microsoft,
PriceWaterhouseCoopers and @Stake.

Simon has authored and cooperated in several security Open Source projects like OWASP
Pantera and LibExploit. He has also published security advisories in commercial products.

Frequent speaker at security industry events including BLACKHAT, RSA, OWASP, SOURCE.
DeepSec and Microsoft Security Technets.


... Read more
Company VULNEX
Position CEO
URL www.simonroses.com


avatar for Nick Galbreath

Nick Galbreath

Nick Galbreath is Vice President of Engineering at IPONWEB, a world leader in the development of online advertising exchanges and media trading platforms. Prior to IPONWEB, his role was Director of Engineering at Etsy, overseeing groups handling security, fraud, security, authentication and other enterprise features.  Prior to Etsy, Nick has held leadership positions in number of social and e-commerce companies, including Right Media, UPromise, Friendster, and Open Market.  He is the author of "Cryptography for Internet and Database Applications"  (Wiley). Previous speaking engagements have...
Company Client9
Position Owner
Location Tokyo, Japan
URL https://appseccalifornia.org/speakers/nick-galbreath


avatar for Konstantinos Papapanagiotou, Spryros Gastreratos

Konstantinos Papapanagiotou, Spryros Gastreratos

Both trainers are Hackademic project leaders, long time OWASP members and application security professionals
Company OTE
Position Information Security Services Team Lead
Location Athens, Greece


avatar for Tobias Gondrom

Tobias Gondrom

Tobias Gondrom is Managing Director of Thames Stanley, a CISO and Information Security & Risk Management Advisory based in Hong Kong, United Kingdom and Germany. He has fifteen years of experience in software development, application security, cryptography, electronic signatures and global standardisation organisations working for independent software vendors and large global corporations in the financial, technology and government sector, in America, EMEA and APAC. As the Global Head of the Security Team at Open Text (2005-2007) and from 2000-2004 as the lead of the Security Task Force at IXOS... Read more
Company Thames Stanley: Information Security and Risk Management Advisory
Position Managing Director
Location Hong Kong
URL www.thamesstanley.com


avatar for Jeremiah Grossman

Jeremiah Grossman

Jeremiah Grossman is the Founder and iCEO of WhiteHat Security, where he sets overall company vision and oversees day to day operations. Over the last decade, Mr. Grossman has written dozens of articles, white papers, and is a published author. His work has been featured in the Wall Street Journal, Forbes, NY Times and hundreds of other media outlets around the world.

As a well-known security expert and industry veteran, Mr. Grossman has been a guest speaker on six continents at hundreds of events including TED, BlackHat Briefings, RSA, SANS, and others. He has been invited to guest lecture at top universities such as UC Berkeley, Stanford, Harvard, UoW Madison, and UCLA. Mr. Grossman is also a co-founder of the Web Application Security Consortium (WASC) and previously named one of InfoWorld's Top 25 CTOs. He serves on the advisory board of two hot start-ups, Risk I/O and SD Elements, and is a Brazilian Jiu Jitsu Black Belt. Before founding WhiteHat, Mr. Gr... Read more
Company WhiteHat Security
Position Founder
URL https://appseccalifornia.org/speakers/jeremiah-grossman


avatar for Travis H

Travis H

Travis has been employed doing security or cryptography for financial institutions, top 50 web sites, e-commerce hosting companies, web software companies, and other organizations. He has been part of the largest security monitoring operation in the world, part of the security team for the most widely used piece of software in the world, and helped design an intrusion detection system. He occasionally teaches classical cryptology at Stanford.
Company Well-Known Financial Institution
Position Secure Software Development Life Cycle Specialist
Location San Francisco Bay Area, CA, USA, Milky Way
URL http://www.subspacefield.org/~travis/


avatar for Mark Haase

Mark Haase

I've been writing software since I was 13, writing software as a job since Junior year of college, and working professionally as a software engineer since I graduated in financial services and then information security.
Company Lunarline, Inc.
Position Sr. Security Software Engineer
Location Washington, DC
URL http://markhaase.com


avatar for Phillip Hallam-Baker

Phillip Hallam-Baker

Dr Hallam-Baker is an internationally recognized computer security specialist credited with 'significant contributions' to the design of HTTP 1.0, the core protocol of the World Wide Web.

His book 'dotCrime Manifesto: How to Stop Internet Crime' sets out the first technical blueprint for how to make the Web and the Internet a less crime permissive environment by introducing accountability controls for transactions that require them.

Hallam-Baker has made significant contributions to core Internet security protocols, including XKMS, SAML, WS-Security, WS-Trust and KEYPROV. He has participated in standards groups in IETF, W3C and OASIS and played a key role in establishing the concept of Extended Validation certificates as an Industry standard... Read more
Company Comodo Inc.
Position Vice President and Principal Scientist
Location Boston MA


avatar for Brett Hardin

Brett Hardin

Brett Hardin is a developer, author, advisor, and speaker on information security and entrepreneurship. Brett began programming at the age of 8 and began his professional career getting paid to find and exploit vulnerabilities within Fortune 500 organizations. Brett has been focused on helping developers secure code. Brett also co-authored the book Hacking: The Next Generation.
Company SourceNinja
Position CEO
Location Santa Clara, California
URL http://bretthard.in


avatar for Jerry Hoff

Jerry Hoff

Jerry Hoff is the VP of the Static Code Analysis Division at WhiteHat Security. In addition to WhiteHat, he is a co-founder and managing partner at Infrared Security. Jerry has worked at a number of fortune ten financial firms, along with years of hands-on security consulting, where he specialized in manual code review, web application penetration testing, and architecture reviews. Jerry also has years of development and teaching experience. He taught for over seven years at Washington University's CAIT program, and the microcomputer program at University of Missouri in St. Louis.

Jerry is the writer/producer of the popular OWASP Appsec Tutorial Series and the lead developer for the WebGoat.NET project... Read more
Company WhiteHat Security
Position VP, Static Code Analysis Division
URL http://www.youtube.com/user/AppsecTutorialSeries



Michael Howard

Michael Howard is a principal cybersecurity architect in the Public Sector Services group. Prior to that, he was a principal security program manager on the Trustworthy Computing (TwC) Group’s Security Engineering team at Microsoft, where he was responsible for managing secure design, programming, and testing techniques across the company.


Howard is an architect of the Security Development Lifecycle (SDL), a process for improving the security of Microsoft’s software.


Howard began his career with Microsoft in 1992 at the company’s New Zealand office, working for the first

... Read more
Company Microsoft
Position Principal Cybersecurity Architect


avatar for Abraham Kang

Abraham Kang

Abraham Kang is fascinated with the nuanced details associated with programming languages and their associated APIs. Kang has a B.S. from Cornell University. He currently works for Samsung as a Senior Director Software helping to drive security and development in Samsung. Prior to joining Samsung, he worked as Principal Security Researcher for HP in their Software Security Research group. Prior to this, he worked in application security for over 10 years, reviewing over 12 million lines of code and working for over four years as a dedicated security code reviewer at Wells Fargo. He is focused on... Read more
Company Samsung Research America
Position Senior Director Software
Location Sunnyvale, CA
URL https://www.linkedin.com/in/abrahamkang/


avatar for Eoin Keary

Eoin Keary

Eoin Keary is an international board member of OWASP. He leads the OWASP code review project. Eoin is the CTO and founder of BCC Risk Advisory Ltd.

He has also led global security engagements for some of the world’s largest financial services and consumer products companies. Eoin is a well known technical leader in industry in the area of software security and penetration testing.

Eoin lives in Dublin, Ireland. 

Company BCC Risk Advisory Ltd.
Position CTO and Founder
URL http://bccriskadvisory.com


avatar for David Kennedy

David Kennedy

Dave Kennedy is founder and principal security consultant of TrustedSec, LLC - An information security consulting firm located in Cleveland Ohio. David was the former Chief Security Officer (CSO) for a Fortune 1000 where he ran the entire information security program. Kennedy is a co-author of the book “Metasploit: The Penetration Testers Guide,” the creator of the Social-Engineer Toolkit (SET), and the creator of Artillery. Kennedy has presented on a number of occasions at Blackhat, Defcon, ShmooCon, BSIDES, Infosec World, Notacon, AIDE, ISACA, ISSA, Infragard, Infosec Summit, and

... Read more


avatar for Gene Kim

Gene Kim

Gene is a multiple award winning CTO, researcher and author.  He was founder and CTO of Tripwire for 13 years. He has written three books, including “The Visible Ops Handbook” and “The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win."  Gene is a huge fan of IT operations, and how it can enable developers to maximize throughput of features from “code complete” to “in production,” without causing chaos and disruption to the IT environment.  He has worked with some of the top Internet companies on improving deployment flow and increasing the rigor around IT...
Company IT Revolution
Position Author, Researcher
Location US
URL www.itrevolution.com


avatar for Matt Konda

Matt Konda

Matt Konda is a developer and application security expert. He founded Jemurai to focus on working with teams to deliver secure software. Jemurai works with clients on security automation, training, strategy, building AppSec teams and more. Matt is on the global board of OWASP, active in developer and devops focused OWASP open source projects and regularly gives industry talks.
Company Jemurai
Position Founder
Location Chicago, IL
URL http://www.jemurai.com


avatar for Sherif Koussa

Sherif Koussa

Sherif comes from a software development background where he designed, implemented and led software teams for 9 years.
His journey with application security started back in 2006 where he kicked off the OWASP Chapter in Ottawa, followed by leading a major release for WebGoat v5.0 by adding over 12 new lessons.
In addition, Sherif helped SANS\GIAC kick off the GSSP-NET and GSSP-JAVA exams. He is also leading the Static Code Analysis Evaluation Criteria (SATEC) project by WASC.
Sherif works now as Principal Application Security at Software Secured where he performs source code driven security assessments for major financial institutions, healthcare organizations and startups... Read more
Company Software Secured
Position Principal Application Security Consultant
Location Ottawa, Canada
URL www.softwaresecured.com


avatar for Dan Kuykendall

Dan Kuykendall

Dan has been with NTO for more than 10 years and is responsible for the strategic direction and development of products and services. He also works closely with technology partners to make sure our integrations are both deep and valuable. As a result of Dan’s dedication to security, technology innovation and software development, NTO application security scanning software is often recognized as the most accurate because of its sophisticated automation techniques.

Dan joined NTO from Foundstone, where he was a key developer of FoundScane’s scan management, and remediation capabilities. Be... Read more
Company NT OBJECTives
Position co-CEO and CTO
Location Irvine, CA
URL http://www.ntobjectives.com



Zane Lackey

Zane Lackey is the Director of Security Engineering at Etsy and a member of the Advisory Council to the US State Department-backed Open Technology Fund. Prior to Etsy, Zane was a Senior Security Consultant at iSEC Partners.

He has been featured in notable media outlets such as the BBC, Associated Press, Forbes, Wired, CNET, Network World, and SC Magazine. A frequent speaker at top industry conferences, he has presented at BlackHat, RSA, Microsoft BlueHat, Toorcon, SANS, OWASP, QCon, and has given invited lectures at NYU, UC Davis, and Reykjavik University.

He is a contributing author of Mobile Application Security (McGraw-Hill), a co-author of Hacking Exposed: Web 2.0 (McGraw-Hill), and a contributing author/technical editor of Hacking VoIP (No Starch Press). He holds a Bachelor of Arts in Economics with a minor in Computer Science from the University of California, Davis... Read more
Company Etsy
Position Director of Security Engineering
Location Brooklyn
URL https://appseccalifornia.org/speakers/zane-lackey


avatar for David Lindner

David Lindner

David Lindner, a Managing Consultant and Global Practice Manager, Mobile Application Security Services at Aspect Security. David brings 15 years of IT experience including application development, network architecture design and support, IT security and consulting, and application security. David's focus has been in the mobile space including everything from mobile application penetration testing/code review, to analyzing MDM and BYOD solutions. David also specializes in performing application penetration tests utilizing commercial and freeware products as well as manual testing methods. David... Read more
Company Aspect Security
Position Managing Consultant and Global Practice Manager
Location Waterloo, Iowa Area
URL http://www.aspectsecurity.com


avatar for Jim Manico

Jim Manico

Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also the founder of Brakeman Security, Inc. and is a investor/advisor for Signal Sciences. Jim is a frequent speaker on secure software practices and is a member of the JavaOne rockstar speaker community. Jim is also a volunteer and former board member for the OWASP foundation. He is the author of "Iron-Clad Java: Building Secure Web Applications" from McGraw-Hill. For more information, see http://www.linkedin.com/in/jmanico.
Company Manicode Security
Position Author and Educator, OWASP volunteer
Location Anahola, Hawaii
URL http://www.manicode.com



Ofer Maor

Ofer Maor has over sixteen years of experience in information security, and is a pioneer in the application security field. He has been involved in leading research initiatives, has published numerous papers, appears regularly at leading conferences and is considered a leading authority by his peers. He also currently serves as the Chairman of OWASP Israel and a member of the OWASP Global Membership Committee. In his current role as Founder and CTO of Quotium (through the merger with Seeker Security), Mr. Maor is leading Seeker® - the new generation of application security, allowing organizations... Read more
Company Quotium
Position CTO


avatar for Neil Matatall

Neil Matatall

Twitter security engineer, football fan, hiker. I like writing code. I like breaking code. I like protecting code.
Company Twitter
Position Information Security Engineer
Location Everywhere and nowhere at once
URL http://twitter.com/nilematotle


avatar for Jon Mccoy

Jon Mccoy

Jon McCoy is into security with a focus on application security under the .NET Framework. Jon started security in forensics and moved to reverse engineering and incident response. He is the founder of DigitalBodyGuard.com and Wave3D.com along with heading a number of open source projects in the area of security tools and disabled assistance/augmentation systems.
Company DigitalBodyGuard
Position Jon' OR DROP ALL TABLES OR 'McCoy
Location SF
URL DigitalBodyGuard.com


avatar for Adam Mein

Adam Mein

Some people like to find bugs; Adam likes to make sure they get fixed. He gets lots of opportunities to fulfill this (admittedly, sad) ambition as Manager of Google's Vulnerability Management team and Web Reward Program.

Outside of work, Adam spends most of his time chasing around his 10 month old son and supporting his beloved Canberra Raiders rugby league team.
Company Google
Position Security Program Manager



Yvan Boily Minion

Yvan Boily is an Application Security Manager with Mozilla Corporation, and prior to that has a background in security with Finance and Government.  Yvan Boily has previously launched an OWASP chapter in Winnipeg and currently leads the OWASP Vancouver chapter.

Company Mozilla
Position Application Security Manager



HD Moore

HD is Chief Security Officer at Rapid7 and Chief Architect of Metasploit, the leading open-source penetration testing platform. HD founded the Metasploit Project in the summer of 2003 with the goal of becoming a public resource for exploit code research and development.

Company Rapid7
Position CSO


avatar for David Mortman

David Mortman

David Mortman is the Chief Security Architect for enStratus and a Contributing Analyst at Securosis. Most recently he was the Director of Security and Operations for C3, LLC. Formerly the Chief Information Security Officer for Siebel Systems, Inc., David and his team were responsible for Siebel's worldwide IT security infrastructure, both internal and external. He also worked closely with Siebel's product groups and the company's physical security team and is leading up Siebel's product security and privacy efforts. Previously, Mr. Mortman was Manager of IT Security at Network Associates, where... Read more
Company enStratus
Position Chief Security Architect


avatar for Wendy Nather

Wendy Nather

Wendy Nather is Research Director, Security, within 451 Research's Enterprise Security Program, providing analysis on the current state of security from the perspective of a veteran CISO. Wendy's primary areas of coverage are on application security and security services. Wendy joined 451 Research after five years building and managing all aspects of the IT security program at the Texas Education Agency, which serves 4.6 million Texas students. In that position, she directed multimillion-dollar initiatives for a statewide external user base of over 50,000. She also provided security guidance for... Read more
Company 451 Research
Position Research Director, Enterprise Security Practice
Location Austin, Texas
URL http://www.451research.com


avatar for Michele Orrù

Michele Orrù

Michele Orru a.k.a. antisnatchor is an IT and ITalian security guy. Lead core developer of the BeEF project, he mainly focuses his research on application security and related exploitation techniques. He is a frequent speaker at hacking conferences, including CONFidence, DeepSec, Hacktivity, SecurityByte, AthCon, HackPra, Semafor, Just4Meeting, OWASP, 44Con, EUSecWest, Ruxcon and more we just can't disclose. Besides having a passion for hacking and being a Senior Spider (for Trustwave SpiderLabs), he enjoys leaving his Mac alone, whilst fishing on salted water and praying for Kubrick's resurre... Read more
Company Trustwave SpiderLAbs
Position Senior Security Consultant
Location London
URL http://antisnatchor.com




avatar for Mano 'dash4rk' Paul

Mano 'dash4rk' Paul

Christian, CyberSecurity Advisor and Strategist, Author, Shark Biologist, Entrepreneur, Security Trainer, Speaker, HackFormer, yada yada yada ...
Ask a resident of Hawaii what Mano means and they would say that it is one of the above. Do you know which one?
Location Pflugerville, Texas


avatar for Juan Perez-Etchegoyen

Juan Perez-Etchegoyen

Juan Pablo is the CTO of Onapsis, leading the Research and Development teams that keep the Company in the cutting-edge of the ERP security field. Juan Pablo is fully involved in the design, research and development of the innovative Onapsis' software solutions.
Being responsible for managing the Onapsis Research Labs, Juan Pablo has also been actively involved in the coordination and research of critical security vulnerabilities in ERP applications and business-critical infrastructure, such as SAP, Oracle and JD Edwards.
Juan Pablo has an extensive experience in the information security fiel... Read more
Company Onapsis, Inc.
Position CTO
Location Boston, MA
URL www.onapsis.com




The number of companies with bug bounty programs has increased dramatically over the last five years. A clever researcher can make easy money disclosing security vulnerabilities responsibly, and some have even turned it into a full-time job.

But how do these programs actually work? I will use my personal experiences on both sides of the fence - as a bug hunter and as a bug bounty submission reviewer - to provide an exclusive look into the world of vulnerability reporting. Learn about the most common eligible vulnerabilities, how to find them, and how to increase your chances of receiving... Read more
Company Bishop Fox
Position Security Associate
Location Houston, TX


avatar for Jarret Raim

Jarret Raim

Jarret Raim is the Security Product Manager at Rackspace Hosting. Since joining Rackspace, he has built a software assurance program for Rackspace?s internal software teams as well as defined strategy for building secure systems on Rackspace?s OpenStack Cloud implementation. Through his experience at Rackspace, and as a consultant for Denim Group, Jarret has assessed and remediated applications in all industries and has experience width a wide variety of both development environments and the tools used to audit them. Jarret has recently taken charge of Rackspace's efforts to secure the Cloud through... Read more
Company Rackspace
Location San Antonio, TX


avatar for Antti Rantasaari

Antti Rantasaari

Antti Rantasaari is currently a security consultant at NetSPI. He is responsible for performing security assessments and contributing to the development of the methodologies, techniques, and tools used during network and application penetration testing.
Company NetSPI
Position Security Consultant
Location Minneapolis,MN



Alex Rice

Product Security, Facebook


avatar for Jon Rose

Jon Rose

Jon has a unique combination of an innovative entrepreneur with the proven ability to lead Fortune 500 companies. With over 16 years of experience launching products, securing environments, training and educating technology teams, and building agile security organizations, Jon has a deep and wide understanding of organizational capabilities for both start-ups and large scale organizations.
Company Dun & Bradstreet
Position Agile Security
Location New York City


avatar for Mathew Rowley

Mathew Rowley

Mathew Rowley is a security consultant for Matasano Security with over 6 years experience as a computer security professional. His experience includes reverse engineering, mobile security, web application security assessment, hardware reversing, network security, fuzzing, and application development.

Capabilities and Skills

- Mobile Application Analysis and Reverse Engineering

- Application Development

- Protocol and Application Fuzzing

- Web Application Penetration Testing

- Hardware Reverse Engineering

Career Highlights

- Presented at Blackhat, Shakacon, Shmoocon, Toorcon, Thotcon, and DC3... Read more
Company Matasano security
Position Senior Security Consultant



Alex Russell

Alex Russell is a software engineer on the Chrome team at Google where he serves on the standards body for JavaScript (ECMA TC39), helps shape new web platform APIs and features, contributes to Chrome for Android and Chrome Frame, and agitates for a better app platform.

Company Google


avatar for Jordan Santarsieri

Jordan Santarsieri

Jordan Santarsieri is a senior Onapsis security consultant and researcher. Being also a member of the Onapsis Research Labs, he is engaged in a daily effort to identify, analyze, exploit and mitigate vulnerabilities affecting ERP systems and business-critical applications.

Jordan has discovered critical vulnerabilities in SAP software and is a frequent author of the "SAP Security In-Depth" publication. Through his work, he has contributed to the security of Global Fortune-100 companies and defense contractors.

He has also been invited to hold workshops and presentations in international security conferences, such as BlackHat DC, Hacker Halted, 8dot8 and Ekoparty. His interests include penetration testing, exploit writing, forensics, data mining and psychology applied to information technology... Read more
Company Onapsis
Position Senior Security Researcher
Location Boston, MA
URL www.onapsis.com


avatar for Shreeraj Shah

Shreeraj Shah

Shreeraj Shah, B.E., MSCS, MBA, is the founder of Blueinfy and iAppSecure Solution. Prior to founding Blueinfy, he was founder and board member at Net Square. He also worked with Foundstone (McAfee), Chase Manhattan Bank and IBM in security space. He is also the author of popular books like Web 2.0 Security, Hacking Web Services and Web Hacking: Attacks and Defense. In addition, he has published several advisories, tools, and whitepapers, and has presented at numerous conferences including RSA, AusCERT, InfosecWorld (Misti), HackInTheBox, Blackhat, OSCON, Bellua, Syscan, ISACA etc. His articles... Read more
Company Blueinfy Solutions
Position Founder & Director
Location India
URL http://shreeraj.blogspot.com


avatar for Jeremiah Shirk

Jeremiah Shirk

Company Venmo
Position Engineering Manager
Location Manhattan, KS


avatar for Amichai Shulman

Amichai Shulman

Amichai Shulman is co-founder and CTO of Imperva, where he heads the Application Defense Center (ADC), Imperva's internationally recognized research organization focused on security and compliance. Mr. Shulman regularly lectures at trade conferences and delivers monthly eSeminars. The press draws on Mr. Shulman's expertise to comment on breaking news, including security breaches, mitigation techniques, and related technologies. Under his direction, the ADC has been credited with the discovery of serious vulnerabilities in commercial Web application and database products, including Oracle, IBM... Read more
Company Imperva


avatar for Alex Smolen

Alex Smolen

Security Engineer at Twitter. Graduate of the UC Berkely I School. Previously at Foundstone.

Interested in security and the human experience.
Company Twitter
Position Security Engineer
Location San Francisco, CA
URL alexsmolen.com


avatar for Josh Sokol

Josh Sokol

Josh Sokol, CISSP, graduated from the University of Texas at Austin with a BS in Computer Science in 2002. Since that time, he has worked for several large companies, including AMD and BearingPoint, spent some time as a military contractor, and is currently employed as the Information Security Program Owner at National Instruments. In his current role, Sokol manages all compliance, security architecture, risk management, and vulnerability management activities for NI. Sokol created the free and open source risk management tool named SimpleRisk, has spoken on dozens of security topics including... Read more
Company National Instruments
Location Austin, TX


avatar for John Steven

John Steven

I spend incalculable time striving to make the perfect macchiato. Passionate about running and reading. I'm alarmed at the lack of innovation within application security over the past five years and anxious to get back to designing and implementing large-scale systems.

Others have said: John’s expertise runs the gamut of software security from threat modeling and architectural risk analysis, through static analysis (with an emphasis on automation), to security testing. As a consultant, John has provided strategic direction to many multi-national corporations, and his keen interest in automation keeps Cigital technology at the cutting edge... Read more
Company Cigital Inc.
Position Internal Chief Technology Officer
Location Washington, DC
URL http://feeds.feedburner.com/M1splacedOnTheWeb


avatar for Scott Sutherland

Scott Sutherland

Scott Sutherland is a Principal Security Consultant at NetSPI. Scott is responsible for the development and execution of penetration testing for the firm. He has developed a number of the proprietary tools and techniques that the company uses and also plays a major role in the skills development and training of the NetSPI network and application penetration testing team. Scott is an active participant in the information security community, regularly contributing technical security blog posts, whitepapers, and presenting at a wide variety of conferences.
Company NetSPI


avatar for Mani Tadayon

Mani Tadayon

I love programming and am now learning Clojure, Lisp and Emacs. Since 2001, I've worked in web development, constantly updating my skills to keep up with new technologies, moving from .NET to php to ruby and beyond. At the same time, I've discovered the importance of strong foundations and continue to re-learn c, html and javascript. My educational background is broad: a bachelor's in Chinese, Japanese & German from UC Berkeley and a second bachelor's in Computer Science (with a minor in Math) from CSU Hayward. Currently, I am a graduate student in Geography at CSU Northridge. My current interests... Read more
Company ZestFinance
Position Senior Software Engineer
Location Los Angeles, California
URL http://bowsersenior.github.com


avatar for Matt Tesauro

Matt Tesauro

Matt Tesauro is currently a Senior AppSec Engineer building an AppSec Pipeline and continuous security program for Duo Security.  Prior, he worked full-time for the OWASP Foundation, adding automation and awesome to OWASP projects as the Operations Director. Previously, he was a founder and CTO of Infinitiv, a Senior Software Security Engineer at Pearson and the Senior Product Security Engineer at Rackspace.  He is also an Adjunct Professor for the University of Texas Computer Science department teaching the next generation of CS students about Application Security.  Matt is broadly...
Company Duo Security
Position Senior AppSec Engineer
Location Texas
URL https://www.owasp.org


avatar for Vaagn Toukharian

Vaagn Toukharian

Senior Software Engineer for Qualys's Web Application Scanner.
Was involved with security industry since 1999.
Experience includes work on Certification Authority systems, encryption devices, large CAD systems, Web scanners.
Outside of work interests include IronMan triathlons and photography.
Company Qualys
Position Senior Software Engineer
Location San Francisco Bay Area
URL Qualys.com


avatar for Will Urbanski

Will Urbanski

Will Urbanski is a security researcher who tracks vulnerability and malware trends. He has experience in both research and security operations in enterprise and higher education environments. Will is the co-author of a patent for an IPv6 moving target defense. He has more than eight years of experience in Information Security and has written articles for numerous journals, including IEEE Security & Privacy. Will holds a Bachelor of Science in Computer Science from the University of Georgia. He is certified as a GIAC Penetration Tester, a GIAC Web Application Penetration Tester, and a GIAC Exploit... Read more
Location USA


avatar for Riyaz Walikar

Riyaz Walikar

I am a Web Application Security Engineer / Pentester / Network Security Architect for food, shelter, fun and passion. I have had luck with finding vulnerabilities with popular web applications like Facebook, Twitter, Google, Cisco, Symantec, Mozilla, PayPal, Ebay, Apigee etc. for which I am on the Hall of Fame for most of these services. You can follow me on twitter @riyazwalikar

My interests lie with vulnerability research, breaking web applications, playing CTFs, finding new ways into computer networks, playing football and fishing..
Location Bangalore, India
URL http://www.riyazwalikar.com


avatar for Dave Wichers

Dave Wichers

Dave Wichers is a cofounder and the Chief Operating Officer (COO) of Aspect Security, a consulting company that specializes in application security services. He is also a long time contributor to OWASP, helping to establish the OWASP Foundation in 2004, serving on the OWASP Board since it was formed from 2004 through 2013, served as OWASP Conferences Chair from 2005 through 2008, is a coauthor of the OWASP Top 10 and has led the project since 2007, and has contributed to numerous other important OWASP projects including WebGoat, ESAPI, ASVS, and the OWASP Cheat Sheet Series. His latest OWASP project... Read more
Company Aspect Security
Position COO
URL www.aspectsecurity.com


avatar for James Wickett

James Wickett

James is an innovative thought leader in the DevOps and InfoSec communities and has a passion for helping big companies work like startups to deliver products in the cloud. He got his start in technology when he ran a Web startup company as a student at University of Oklahoma and since then has worked in environments ranging from large, web-scale enterprises to small, rapidly growth startups. As a Senior DevOps Engineer, James is currently working on launching cloud based-products for the Embedded Software division of Mentor Graphics.

James is a dynamic speaker on topics in cloud computing

... Read more
Company Signal Sciences Corp
Position Sr. Engineer
Location Austin, TX
URL http://theagileadmin.com