OWASP SoC 2008 ASDR Reviewers
He is an application security researcher and analyst who programmed his first application over 20 years ago with punched cards. For the past seven years he has been a technical and application security SME for corporate and govt. entities. Recently, he presented an application security session at the Gartner IT Security Summit.
Kenneth R. van Wyk
Kenneth R. van Wyk is an internationally recognized information security expert and author of the O’Reilly and Associates books, Incident Response and Secure Coding. In addition to providing consulting and training services through his company, KRvW Associates, LLC, (http://www.KRvW.com), he currently holds numerous positions: Founder and moderator of the “Secure Coding” mailing list, SC-L@SecureCoding.org, Member of the Board of Directors and Steering Committee for non-profit organization, FIRST.org, Inc. (http://www.first.org), monthly columnist for on-line security portal, eSecurityPlanet(http://www.eSecurityPlanet.com), and a Visiting Scientist at Carnegie Mellon University's Software Engineering Institute (http://www.sei.cmu.edu).
Ken has 20+ years experience as an IT Security practitioner in the academic, military, and commercial sectors. He has held senior and executive technologist positions at Tekmark, Para-Protect, Science Applications International Corporation (SAIC), in addition to the U.S. Department of Defense and Carnegie Mellon and Lehigh Universities. Ken also served a two-year elected position as a member of the Steering Committee, and a one-year elected position as the Chairman of the Steering Committee, for the Forum of Incident Response and Security Teams (FIRST) organization. At Carnegie Mellon University’s Software Engineering Institute, Ken was one of the founders of the Computer Emergency Response Team (CERT®).
He holds an engineering degree from Lehigh University and is a frequent speaker at technical conferences, and has presented tutorials and technical sessions CSI, ISF, USENIX, FIRST, AusCERT, and others. Ken is also a CERT® Certified Computer Security Incident Handler.
His background is generally IT focused with the last 4 years in security and controls. Currently he's an internal auditor for a financial company. He spend a lot of time reviewing documentation and checking controls for security related issues or vulnerabilities. He also does training for the auditors to help them understand IT General controls and what vulnerabilities are, what they could be, and how to find them. He has had about 3 years experience testing security controls on applications.
He does some programming, though I am not a programmer. He understands concepts for applications and can read (and program utilities in) Java, Ruby, C++, VB.net, C#, Python and a few other older programming languages (currently looking into newLisp). He can write documentation fairly well, edit professionally and review with an eye of expertise.
Darren W. Challey
Darren has held a variety of roles at General Electric Company and started in 1990 as a Mechanical Engineering Co-Op within the Steam Power Division in Schenectady, NY while at Union College. He hired into The GE Field Engineering Program in 1992 after receiving his BSME and spent the next 8 years in the Naval Nuclear Program in a variety of roles. In 2000, he moved into Information Technology after having completed a Masters in Computer Systems Engineering at Rensselaer Polytechnic Institute and spent the next 5 years at GE Commercial Finance as a Webmaster, Program Manager and Six Sigma Black Belt. In 2005, he moved to GE Corporate in Fairfield, CT where he was IT Controller and IT S-Ox Leader for Corporate Information Systems. In January of 2007, Darren became the GE Application Security Leader and currently leads the Application Security program for The Company. His main responsibilities include providing the guidance, policies, education, tools, metrics and services for the company in this space.
Darren holds a CISSP and CISA certification, is a certified Six Sigma Black Belt, is a graduate of the GE Edison Engineering Program, and is a member of Tau Beta Pi (National Engineering Honor Society), Pi Tau Sigma and Sigma Xi.