For over 25 years, my passion has been improving the security of the world’s software. I founded three very different but highly successful organizations to help solve the problem.
* Contrast Security (2014) is focused on fully automated application security at the speed and scale of DevOps. We invented a revolutionary technique leveraging dynamic binary instrumentation to assess applications for vulnerabilities *and* prevent vulnerabilities from being exploited. If you called it AppDynamics for security, you wouldn’t be too far off.
* Aspect Security (2002) was one of the first consulting firms to focus exclusively on application security. We supported very high profile financials, utilities, government agencies, entertainment, airline, and other industries with manual security code review and penetration testing, hands-on training and eLearning, architecture review and threat modeling, and other services. Aspect was acquired by EY in 2017.
* OWASP (2001) is a worldwide open source application security organization with hundreds of chapters and 50,000 members worldwide. I created the Foundation, set up the Board, started chapters and conferences, and volunteered as Global Chair for 9 years. I also started and led many open-source projects used by millions, including the OWASP Top Ten, WebGoat, ESAPI, ASVS, and XSS Prevention Cheat Sheet.
In the early 1990’s, I built high assurance systems for the Navy and taught the INFOSEC curriculum at the NSA during the Orange Book days. Later, I Chaired the Author Group for the SSE-CMM (now ISO 21827). I designed and built a high assurance guard in Java on Trusted Solaris.