Jump to: navigation, search



Tom Brennan is a Director at IOActive. IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Research teams deliver a portfolio of specialist security services ranging from security advising to penetration testing and application code assessment to chip reverse engineering across multiple industries. Tom is also a member of Proactive Risk and has two decades of hands on the keyboard building, breaking and defending data for clients worldwide. He is a an alumni of McAfee, Intel Security, SAFECode, Trustwave, WhiteHat, ADP, Datek Online and the United States Marines.

Tom served the OWASP Foundation as an elected member of the Global Board of Directors for (10) years for OWASP Foundation. He also founded the New Jersey Chapter and grew the New York City as President for (13) Years.

Today Tom is associated with CREST International as its elected Chairman of the Americas Board and participates as technical advisor for New Jersey Institute of Technology, County College of Morris, Morris County Economic Development Corporation, Rockaway Township Official and is a member of the CERT team.


- Written recommendations from 60+ industry leaders: ONLINE

-OWASP interview at AppSecUSA 2013 - Video

-Interview with PenTest Magazine about OWASP Foundation.

- 2012 OWASP Board Candidate Interview: Audio / Transcript

- Video Interview about OWASP with Tom Brennan, 2008 - Video 1, Video 2

- Thousands of wiki commits to OWASP.ORG since 2004 see: Wiki Edits

Contributor and champion to many OWASP projects including:

-- OWASP Incident Response Top 10 Project

-- OWASP Virtual Village

-- OWASP RFQ Criteria, Software Security

-- OWASP Switchblade HTTP Post DoS Tool

-- OWASP Testing Guide

-- OWASP Mod_Security Core Rule Set

-- OWASP Matrix Project

Additional Projects

-- PENTESTON a commercial vulnerability assessment platform utilizing the CATSCAN assessment methodology.

-- HACKNYC Conference

-- New York Metro Joint Cyber Security Conference (NYMJCSC)