Difference between revisions of "User:Brennan"

From OWASP
Jump to: navigation, search
m
m
 
(33 intermediate revisions by the same user not shown)
Line 1: Line 1:
[http://www.linkedin.com/in/tombrennan https://www.owasp.org/images/9/90/BRENNAN-PRESS-2-small.png]  
+
[http://www.linkedin.com/in/tombrennan https://www.owasp.org/images/9/90/2013-Brennan-Press-Photo.JPG]  
  
<h2>2012 Election of Officers - Why Me?</h2>
+
[http://www.linkedin.com/in/tombrennan  https://www.owasp.org/images/7/7f/Linkedin-button.png]
Tom Brennan has served on the International Board of Directors since 2007 ( [https://www.owasp.org/index.php/OWASP_Board_Meetings Voting history and Global History] )and has been a active chapter leader and project contributor since 2004. During his leadership of OWASP Foundation he has led many global and local initiatives for OWASP. If reelected he will continue to invest his most valuable resource TIME in support of the mission without prejudice on stratigic or tactical endeavors.
+
'''tomb(@)[http://www.proactiverisk.com proactiverisk.com]
 +
'''
  
 +
Tom Brennan is the Chief Risk Officer of [http://www.proactiverisk.com ProactiveRISK] known recently for CATScan℠, CyberTOOLBELT™ and his volunteer service to the OWASP Foundation since 2007' most recently as the Global Vice Chairman.  Tom is a veteran of the United States Marine Corps and resides in the Rockaway Township, New Jersey, USA with his wife and children.  He enjoys building both open source and commercial software solutions, off-roading with his Jeep and flying FPV Drones in his spare time.
  
- BIO and written recommendations from 60+ infosec community members: [http://www.linkedin.com/in/tombrennan ONLINE] [https://www.owasp.org/images/4/4b/TomBrennan.pdf .PDF]
+
Tom's strengths include;
  
- OWASP Board Candidate Interview: [https://www.owasp.org/download/2012-board-election/OWASP2012BoardInterviews_TomBrennan.mp3 Audio] / [https://www.owasp.org/images/e/e3/OWASP_2012_Board_Interviews_-_Tom_Brennan.pdf Transcript]
+
- Secure Software Concepts - explaining what constitutes secure software and what design aspects to take into consideration to architect hack-resilient software.  
  
- Interview with [https://www.owasp.org/images/9/9f/WEB_APPC_PENTESTING_03_2012.pdf PenTest Magazine] about OWASP Foundation.
+
- Secure Software Requirements - facilitating the capture of all of the security requirements from various stakeholders and understanding the sources and processes needed to ensure a more effective design.  
  
- Video Interview about OWASP with Tom Brennan - [http://vimeo.com/23889097 Video 1], [https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference Video 2]
+
- Secure Software Design - recommend secure design element including, software architecture, secure design review, and conduct threat modeling.  
  
- Thousands of wiki commits to OWASP.ORG since 2004 see:  [https://www.owasp.org/index.php/Special:Contributions/Brennan Wiki Edits]
+
- Secure Software Implementation/Coding - knowledgeable on how to review the code to ensure that there are no errors in the code or security controls.  
  
 +
- Secure Software Testing - Conducting software testing for security functionality, reliability, resiliency to attack, and recoverability.
  
Tom continues to have a global view of the organization in support of it's global mission and locally executes on this mission at the local chapter NYC http://www.meetup.com/OWASP-NYC/  and New Jersey http://www.meetup.com/OWASP-New-Jersey/ noted as the largest and most active OWASP chapter in the world.  As OWASP continues to grow rapidly, technical projects are critical starting with the [https://www.owasp.org/index.php/Projects_Reboot_2012 Project Reboot of 2012], Tom would like to see all future code based projects using [https://github.com/ GitHUB], and task driven advisory groups from industry critical infrastructure representatives.
+
- Software Acceptance - experienced with software acceptance including completion criteria, risk acceptance and documentation, Common Criteria and methods of independent testing and verification
  
 +
- Software Deployment, Operations, Maintenance and Disposal – experienced with security measures that must be taken when a product reaches its end of life.
  
The NYC team will be the hosting the OWASP AppSecUSA 2013 Conference in NYC led by Tom for the second time. He also hosted it AppSecUSA in 2008 [https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference video]
+
- Supply Chain and Software Acquisition – lifecycle thinker with a holistic outline of tasks required in managing risk for outsourced development, acquisition, and procurement of software and related services.
  
 +
Artifacts:
  
Tom was nominated by his technical peers as a candidate for the <b>2012 ISLA Americas [https://www.isc2.org/aisla/default.aspx Awards from ISC2]</b>
+
- Written recommendations from 60+ industry leaders: [http://www.linkedin.com/in/tombrennan ONLINE]
 +
- OWASP interview at AppSecUSA 2013 - [http://www.youtube.com/watch?v=jU-QEUeh9-U Video]
 +
- Interview with [https://www.owasp.org/images/9/9f/WEB_APPC_PENTESTING_03_2012.pdf PenTest Magazine] about OWASP Foundation.
 +
- 2012 OWASP Board Candidate Interview: [https://www.owasp.org/download/2012-board-election/OWASP2012BoardInterviews_TomBrennan.mp3 Audio] / [https://www.owasp.org/images/e/e3/OWASP_2012_Board_Interviews_-_Tom_Brennan.pdf Transcript]
 +
- Video Interview about OWASP with Tom Brennan, 2008 - [http://vimeo.com/23889097 Video 1], [https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference Video 2]
 +
- Thousands of wiki commits to OWASP.ORG since 2004 see:  [https://www.owasp.org/index.php/Special:Contributions/Brennan Wiki Edits]
  
Tom holds many industry certifications since he began his technical journey in 1983 ranging across software mfgs., and industry standards bodies including the (ISC)²® CBK / CISSP and others.
+
Contributor and champion to many OWASP projects including:
 
+
Contributor to many OWASP projects including:
+
  
 
-- [https://www.owasp.org/index.php/OWASP_RFP-Criteria OWASP RFQ Criteria, Software Security]
 
-- [https://www.owasp.org/index.php/OWASP_RFP-Criteria OWASP RFQ Criteria, Software Security]
Line 36: Line 44:
 
-- [https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project OWASP Mod_Security Core Rule Set]
 
-- [https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project OWASP Mod_Security Core Rule Set]
  
In addition to investing thousands of hours sharing technical and non-technical advice at OWASP, since 2010 Tom is the Director of Global Strategic Initiatives at <b>[https://www.trustwave.com/spiderLabs-services.php Trustwave SpiderLabs]</b> focused on [https://www.trustwave.com/compromised.php response and investigation], [https://www.trustwave.com/application-security/ analysis and testing], http://blog.spiderlabs.com/  research and development].    Trustwave with over 1000 employees is headquartered in the United States in Chicago, Ill. with offices throughout Africa, Asia, Australia, Europe, North America and South America.  Recently has pushed the [https://www.trustwave.com/sae_sample/owasp-top-10/Start.htmOWASP Top 10 CBT] to the community
+
-- [https://www.owasp.org/index.php/OWASP_Incident_Response_Project Incident Response Top 10 Project]
 
+
Tom is frequent and entertaining speaker at information security conferences and technical briefings worldwide including Blackhat, GFIRST,HOPE, FBI/DHS/USSS, ISSA, ISACA, Global and Local OWASP events on the convergence of physical and software security risks, threats and suggestions on a better approach to filter the noise with actionable intelligence.
+
 
+
<hr>
+

Latest revision as of 15:10, 22 April 2015

2013-Brennan-Press-Photo.JPG

Linkedin-button.png tomb(@)proactiverisk.com

Tom Brennan is the Chief Risk Officer of ProactiveRISK known recently for CATScan℠, CyberTOOLBELT™ and his volunteer service to the OWASP Foundation since 2007' most recently as the Global Vice Chairman. Tom is a veteran of the United States Marine Corps and resides in the Rockaway Township, New Jersey, USA with his wife and children. He enjoys building both open source and commercial software solutions, off-roading with his Jeep and flying FPV Drones in his spare time.

Tom's strengths include;

- Secure Software Concepts - explaining what constitutes secure software and what design aspects to take into consideration to architect hack-resilient software.

- Secure Software Requirements - facilitating the capture of all of the security requirements from various stakeholders and understanding the sources and processes needed to ensure a more effective design.

- Secure Software Design - recommend secure design element including, software architecture, secure design review, and conduct threat modeling.

- Secure Software Implementation/Coding - knowledgeable on how to review the code to ensure that there are no errors in the code or security controls.

- Secure Software Testing - Conducting software testing for security functionality, reliability, resiliency to attack, and recoverability.

- Software Acceptance - experienced with software acceptance including completion criteria, risk acceptance and documentation, Common Criteria and methods of independent testing and verification

- Software Deployment, Operations, Maintenance and Disposal – experienced with security measures that must be taken when a product reaches its end of life.

- Supply Chain and Software Acquisition – lifecycle thinker with a holistic outline of tasks required in managing risk for outsourced development, acquisition, and procurement of software and related services.

Artifacts:

- Written recommendations from 60+ industry leaders: ONLINE - OWASP interview at AppSecUSA 2013 - Video - Interview with PenTest Magazine about OWASP Foundation. - 2012 OWASP Board Candidate Interview: Audio / Transcript - Video Interview about OWASP with Tom Brennan, 2008 - Video 1, Video 2 - Thousands of wiki commits to OWASP.ORG since 2004 see: Wiki Edits

Contributor and champion to many OWASP projects including:

-- OWASP RFQ Criteria, Software Security

-- OWASP HTTP Post DoS Tool

-- OWASP Testing Guide

-- OWASP Mod_Security Core Rule Set

-- Incident Response Top 10 Project