Open Web Application Security Project (OWASP) - Portland, Oregon Chapter

Our special guest today is Jeff Williams, Co-Founder and CTO of Contrast Security. Jeff was one of the pioneering members who formed the Open Web Application Security Project® (OWASP). Not only did he chair it, he also contributed to many successful open source projects, including WebGoat, the OWASP Application Security Verification Standard (ASVS), the OWASP Top Ten and much more. Without him and others we would not be doing this podcast today. Besides founding Contrast Security in 2014, he started Aspect Security in 2002. Jeff got his law degree at Georgetown University Law Center along with a computer science and psychology degree at the University of Virginia. In the early 1990's, he built high assurance systems for the U.S. Navy and taught the INFOSEC curriculum for the NSA during the good old days of the Orange Book - a trusted computer system evaluation criteria for the U.S. Department of Defense.
We want to say thank you to Contrast Security for being one of our sponsors for the inaugural OWASP Pacific Northwest Application Security Conference 2021.
Jeff's Links

• Contrast Security
• LinkedIn
• Twitter
• Security Maganize Article - New NIST Standards on IAST and RASP Deliver State-of-the-Art AppSec
• WebGoat
• ASVS
• BlackHat USA - Enterprise Java Rootkits - "Hardly anyone watches the developers"

PNWSEC

• https://pnwcon.com
• Twitter: @pnwseccon
• [email protected] (contact)

Jeff Williams was interviewed by David Quisenberry and John L. Whiteman.
Follow us:

• Homepage
• Twitter
• Meetup
• LinkedIn
• YouTube

Support the Show.

Our special guest today is Aarti Gadhia. She is a highly successful cybersecurity professional who has worked in various leadership roles in sales and marking for well-known companies such as Bugcrowd, Carbon Black, Trend Micro and Sophos. Aarti is also the founder of Standout to Lead and SHE (Sharing Her Empowerment). Aarti is passionate about bridging the diversity gap in STEM and in leadership. She recently presented at our OWASP AppSec Pacific Northwest Conference on the topic of Women in Appsec: Advice to Differentiate Your Skills. As a podcast bonus, you will learn about how a childhood lesson in making roti with her mother helped shape Aarti to become the strong leader she is today.
We want to say thank you to Bugcrowd for being one of our sponsors for the inaugural OWASP Pacific Northwest Application Security Conference 2021.
Show Links:

• LinkedIn
• Bugcrowd
• BSides Vancouver
• The Diana Initiative
• The Rise of the Cyber Women: Volume 2: Inspirational stories from the women who are taking the cyber security industry by storm

PNWSEC

• https://pnwcon.com
• Twitter: @pnwseccon
• [email protected] (contact)

Aarti Gadhia was interviewed by David Quisenberry and John L. Whiteman.
Follow us:

• Homepage
• Twitter
• Meetup
• LinkedIn
• YouTube

Support the Show.

Today we are going to be talking about - OWASP Threat Dragon - and our guests are Mike Goodwin, the founder, and Jon Gadsden, a major contributor to the project.
Threat Dragon is a popular, free tool used for threat modeling, including diagramming, threat identification, mitigation and report generation.
Mike is the VP of Product Security and Architecture and Technical Fellow at Sage Software - a FTSE100 company providing accounting, payroll and HR software to businesses in 23 countries worldwide. After short careers as an academic and then as a nuclear engineer, Mike settled into software development about 20 years ago working for a startup, a government corporation and now the UKs largest tech company. After developing an interest in security during a large cloud migration project, Mike moved to a full-time security role six years ago to help build Sage's AppSec program.
Jon is a software engineer with ForgeRock in Bristol, a company that provides Identity and Access Management services. Jon splits his time between security engineering and embedded C/C++ development - he says that he likes it this way because it reminds him that developers are under time pressure and that security engineers require a whole load of tact. Jon has been involved with the open source software community since Linux 2.0.28, and his latest project is helping with Cupcake's OWASP Threat Modeling project.
OWASP Threat Dragon Project Page

• https://owasp.org/www-project-threat-dragon/

Mike's Medium Article

• https://medium.com/sagefuturemakers/real-world-threat-modelling-fb14ef767c49

Mike and Jon are interviewed by Shayne Morgan and John L. Whiteman
Follow us, join us, be us:

• https://owasp.org/www-chapter-portland/
• https://twitter.com/portlandowasp?lang=en
• https://www.meetup.com/OWASP-Portland-Chapter
• https://www.linkedin.com/groups/4223013/
• https://www.youtube.com/channel/UCYDkARIRTaeiP-o19tSWZfw

Support the Show.

On Saturday, June 19, 2021 something very special is going to happen. For the first time, a perfect trifecta of OWASP chapters in the Pacific Northwest are getting together to host a virtual conference focused on serious application security. It's called the Pacific Northwest Application Security Conference (PNWSEC). The chapters hosting this fine event are from the beautiful, breathtaking Canadian cities of Vancouver and Victoria B.C. and to the south in the States, Portland, Oregon. Our guests today are Farshad Abasi and Roberto Salgado along with our host David Quisenberry, each a leader of the same OWASP chapters respectively.
Tickets are going fast so hurry. Also if you want give a talk, including those short lighting ones, or even volunteer, it's still not too late. Go to pnwcon.com for details also check out this podcast's RSS feed for additional information regarding the conference and our guests.
PNWSEC

• https://pnwcon.com
• https://www.eventbrite.ca/e/first-annual-pacific-northwest-appsec-conference-tickets-155757566073 (buy tickets)
• @pnwseccon
• [email protected] (contact)

Vancouver, B.C. OWASP Chapter

• https://owasp.org/www-chapter-vancouver/
• https://twitter.com/owaspvancouver

Victoria, B.C. OWASP Chapter

• https://owasp.org/www-chapter-victoria/
• https://twitter.com/owaspvictoria

Farshad Abasi (Vancouver, B.C.)

• https://www.linkedin.com/in/farshadabasi/
• Forward Security Inc.
• @farshadabasi

Roberto Salgado (Victoria, B.C.)

• https://www.linkedin.com/in/roberto-salgado/
• Websec Canada
• @lightos

David Quisenberry (Portland, Oregon)

• https://www.linkedin.com/in/davidmquisenberry/
• https://zapproved.com/
• @QuizSec

Farshad Abasi and Roberto Salgado are interviewed by David Quisenberry and John L. Whiteman.
Follow us:

• Homepage
• Twitter
• Meetup
• LinkedIn
• YouTube

Become an OWASP member
- Donate to our OWASP PDX chapter

Support the Show.

Our guest today is Nabil Hannan, who is a Managing Director at NetSPI. He leads the company’s consulting practice, focusing on helping clients solve their cyber security assessment, and threat & vulnerability management needs. He has over 13 years of experience in cyber security consulting from his tenure at Cigital/Synopsys Software Integrity Group. Nabil has also worked as a Product Manager at Research In Motion (now, of course, BlackBerry) and has managed several flagship initiatives and projects through the full software development life cycle. You must also check out Nabil's podcast - Agent of Influence.
This podcast is sponsored by the We Hack Purple Academy.
Links from the show:

• NetSPI
• Agent of Influence Podcast
• Nabil's Twitter Account
• Nabil's LinkedIn Account
• DarkReading Posts by Nabil

Nabil Hannan is interviewed by David Quisenberry and John L. Whiteman
Follow us:

• Homepage
• Twitter
• Meetup
• LinkedIn
• YouTube

Become an OWASP member
- Donate to our OWASP PDX chapter

Support the Show.