Tuesday, September 3, 2013

Meet our new Technical Project Advisors!



As the OWASP Projects Inventory continues to grow, we continue to work towards improving the operations side of OWASP Projects. One of the major items on the agenda in 2013 is to review and update the current project assessment criteria and graduation process. The update is needed as there are now over 100 OWASP Projects, and the assessment criteria and process must be able to meet the demand for quality reviews. This is why the Technical Project Advisors were brought together. 

The Technical Project Advisors were recruited as volunteers to help the organization review and update the current assessment criteria and project graduation process. They each are responsible for six different areas that encompass the subject matter of our projects. Please help me in welcoming our new Technical Project Advisors.

Technical Project Advisors












Chuck Cooper
Secure Development Advisor
Chuck.Cooper@owasp.org

Chuck has been developing and/or managing several award winning software products for over 25 years including working on Great Plains Property Management, Borland Paradox, Acuity Projects, CA Clarity, and Paylocity Web Pay.  For the past 8 years he has been working as the CIO at Paylocity, and recently he earned his CISSP certification and became the CISO and Sr. VP of Enterprise Architecture. Now he can focus primarily on network and application security for Paylocity's Software-as-a-Service Payroll, HR, Time & Labor Management, and Online Benefits products.  

Given the importance of web security in our society today, Chuck hopes that price is never a deterring factor to individuals and companies adopting best security practices so he is very excited to be working with OWASP to help make important security applications and training available to everyone as open source at, no cost.
................................................................................................................................................................................................................................................












Joshua Clements
Governance Advisor
Joshua.Clements@owasp.org

Josh Clements is an application development manager at AAA Inc., where he has been since 2001. At AAA, Josh is responsible for teams that develop GPS-enabled applications for fleet telematics. He graduated from Florida Institute of Technology with a degree in Computer Information Systems while working full time and raising three young children.
................................................................................................................................................................................................................................................













Ly Vandy
Education Advisor
Ly.Vandy@owasp.org

Based on my experience of web application development for almost 7 years, I have now become a Web Project Manager for GreenICT Technology, Co.,LTD since 2011. Currently, beside my website development career, I am also a Web Application Security Consultant to many big companies in Cambodia in order to test their products, both finding vulnerabilities (security assessment), and protection configuration (on web application layer and web server). 
Beside my professional employment at a private company, I also volunteer as an Incident Analyst at CamCert (NiDA) by helping the head of the department on general security assessment, protection, and forensic work. With this work, I can help make penetration-testing or check hacked websites (victim) find the way an attacker hacked into their website by showing proof, a report, and giving recommendations.
Moreover, I have just become “Technical Project Advisor” for OWASP in the role of Education Advisor. I am very happy to become a part of this advisory group so that I can share and update my knowledge.
................................................................................................................................................................................................................................................













Chris Bush
Secure Lifecycle Activity Advisor
Christopher.Bush@owasp.org

Chris Bush is going into his third decade of combined experience in IT and information security consulting and solutions delivery. Chris specializes in application security, including application penetration testing, secure code review, and integrating security into the software development lifecycle.

Having been a contributing member of the information security community for many years, Chris currently serves as a volunteer for OWASP as a Technical Project Advisor, is an officer of the (ISC)2 Cleveland Chapter, and has a wide variety of public speaking credits, including:

•“Security ROI – Demonstrating The Value of Investing in Information Security”,
Information Security Summit 2012, Cleveland, OH
•“How Cross-Site Request Forgery Can Turn Your Employees Into Unwitting Internal Hackers”, North East Ohio InfoSec Form, November 2010, Information Security Summit 2011, Cleveland,OH
•“Threat Modeling With Abuse Cases”, Information Security Summit 2008, Cleveland, OH
•“Application Security: Who’s Job Is It?”, Cyber Security Summit 2006, Ponte Vedra, FL; Information Security Summit 2006, Cleveland, OH; Software Security Summit 2007, San Mateo, CA.
•“Secure Coding: Tips and Techniques”, Information Security Summit 2005, Cleveland, OH.

Chris is a Certified Information Systems Security Professional (CISSP) and holds a Masters Degree in Computer Science from Binghamton University, Binghamton, New York and a Bachelors Degree in Computer Science from University of Buffalo, Buffalo, New York.
................................................................................................................................................................................................................................................













Johanna Curiel 
Static Analysis Advisor
Johanna.Curiel@owasp.org

Johanna Curiel is a senior security information analyst with more than 10 years of extensive experience in programming and software development. She works, at the moment, in the Banking sector in the Dutch Caribbean, Curacao. She has extensive experience as a software developer in the .NET platform, but also open source tools and languages such as Java.

Johanna is married, has a kid of 11 years old and 2 cats. She loves sports like swimming and tennis, and tries to eat healthy most of the time. She enjoys programming even in her free time, and loves to read about the latest security breaches and hacks.

From June 2012, Johanna is an active chapter leader of the OWASP Curacao Chapter. Johanna also has an M.Sc. in Computer Security from the Liverpool University (2010).
................................................................................................................................................................................................................................................













John Krogulski
Dynamic Analysis Advisor
John.Krogulski@owasp.org

My current position is a Software Architect. In this role, I lead a team of developers designing and building .Net custom interfaces used to integrate disparate third party applications for a health insurance company. These systems must comply with all DIACAP regulations as the company does extensive work with Tricare.

I develop both Client server and Web based applications. I have been trained on the current FDA guidelines for medical devices and software systems. I worked as a software developer for the UW Hospital designing their new organ transplant system ensuring it met all HIPAA, HITECH Act and FDA requirements. I have designed and built active directory modules for use with web applications. I have extensive knowledge of SQL Server and Oracle database design and development, and I have been a windows server administrator.

Last year, I assisted a client in developing a module to allowed them to properly manage credit card information in their systems. This involved both database re-design as well as ensuring their web component did not leak any PCI data.

I hold a current Comptia Security + certification as well as a Certified Ethical Hacker certification, and I have designed enterprise systems that meet federal security requirements. I am trying to transition to a full-time security role.
................................................................................................................................................................................................................................................


Please feel free to reach out to me, or any of our advisors above, if you need more information on the work we are doing. 

1 comment:

Tom Brennan said...
This comment has been removed by a blog administrator.