Difference between revisions of "User:MichaelCoates"

From OWASP
Jump to: navigation, search
m
Line 9: Line 9:
 
Twitter:[https://twitter.com/_mwc @_mwc]
 
Twitter:[https://twitter.com/_mwc @_mwc]
  
'''OWASP Involvement'''
+
=About=
 +
 
 +
==OWASP Involvement==
  
 
[[:Category:OWASP_AppSensor_Project|AppSensor]]  - Project Lead, project started Summer of Code 2008
 
[[:Category:OWASP_AppSensor_Project|AppSensor]]  - Project Lead, project started Summer of Code 2008
Line 20: Line 22:
  
 
[https://www.owasp.org/index.php/Special:Contributions/MichaelCoates| Wiki Contributions]
 
[https://www.owasp.org/index.php/Special:Contributions/MichaelCoates| Wiki Contributions]
 
'''Bio'''
 
 
Michael Coates has extensive experience in application security, security code review and penetration assessments. He has conducted numerous security assessments for financial, enterprise and cellular customers worldwide.  Michael holds a master's degree in Computer Security from DePaul University and a bachelor's degree in Computer Science from the University of Illinois. 
 
 
Michael is the creator and leader of the AppSensor project and a contributor to the 2010 OWASP Top 10. He is a frequent speaker at OWASP security conferences in the US and Europe and has also spoken at the Chicago Thotcon conference and provided security training at BlackHat.
 
 
As the web security lead at Mozilla, Michael protects web applications used by millions of users each day. 
 
 
'''OWASP Events'''
 
  
 
Speaker at following OWASP conferences/events:
 
Speaker at following OWASP conferences/events:
Line 44: Line 36:
 
Full conference speaking history [http://michael-coates.blogspot.com/p/speaking-events.html here]
 
Full conference speaking history [http://michael-coates.blogspot.com/p/speaking-events.html here]
  
'''A bit more about me'''
+
==Bio==
 +
 
 +
Michael Coates is currently the Web Security lead at Mozilla. In this role he is responsible for the security lifecycle of Mozilla web applications that are used by millions of users each day.  Michael holds a Master's degree in computer security from DePaul University and a Bachelor of Science degree in computer science from the University of Illinois.
 +
 
 +
Michael Coates has extensive experience in application security, security code review and penetration assessments. He has conducted hundreds of security assessments for financial, enterprise and cellular customers worldwide.  Michael is an active leader in OWASP since 2008. He is the creator and leader of the AppSensor project, a project to create attack aware applications that leverage real time detection and response capabilities, and is a recognized contributor to the 2010 OWASP Top 10. He is a frequent speaker at security conferences including numerous OWASP conferences in US and Europe, the Chicago Thotcon conference, and has provided application security training for BlackHat and many enterprises.
 +
 
 +
==History==
 +
 
 +
A bit more in my own words...
  
 
Today I work at Mozilla, a company of less then 500 people with a massive footprint with over 450 million users. Here I'm responsible for the security of all of our web applications. This includes threat modeling, secure design, training, testing and continual security maintenance.  Security can be tough, and perhaps one of the most interesting challenges is designing security solutions that scale and are usable to such a massive number of people.
 
Today I work at Mozilla, a company of less then 500 people with a massive footprint with over 450 million users. Here I'm responsible for the security of all of our web applications. This includes threat modeling, secure design, training, testing and continual security maintenance.  Security can be tough, and perhaps one of the most interesting challenges is designing security solutions that scale and are usable to such a massive number of people.

Revision as of 18:50, 18 May 2011

Michael Coates

MichaelCoates-OWASP.jpg

Contact at : Michael.Coates [at] owasp.org

Blog: http://michael-coates.blogspot.com

Twitter:@_mwc

Contents

About

OWASP Involvement

AppSensor - Project Lead, project started Summer of Code 2008

Global_Membership_Committee - Member since committee inception November, 2008

OWASP Top 10 2010 - Recognized Contributor

OWASP Transport Layer Protection Cheat Sheet - Author

Wiki Contributions

Speaker at following OWASP conferences/events:

  • OWASP Minneapolis Chapter, 2011
  • OWASP San Antonio Chapter, 2011
  • OWASP World Summit - Portugal, 2011
  • OWASP AppSec USA California, 2010
  • OWASP Northern Virginia Chapter, 2010
  • OWASP Chicago Chapter, 2009
  • OWASP AppSec EU Poland, 2009
  • OWASP World Summit - Portugal, 2008

Full conference speaking history here

Bio

Michael Coates is currently the Web Security lead at Mozilla. In this role he is responsible for the security lifecycle of Mozilla web applications that are used by millions of users each day. Michael holds a Master's degree in computer security from DePaul University and a Bachelor of Science degree in computer science from the University of Illinois.

Michael Coates has extensive experience in application security, security code review and penetration assessments. He has conducted hundreds of security assessments for financial, enterprise and cellular customers worldwide. Michael is an active leader in OWASP since 2008. He is the creator and leader of the AppSensor project, a project to create attack aware applications that leverage real time detection and response capabilities, and is a recognized contributor to the 2010 OWASP Top 10. He is a frequent speaker at security conferences including numerous OWASP conferences in US and Europe, the Chicago Thotcon conference, and has provided application security training for BlackHat and many enterprises.

History

A bit more in my own words...

Today I work at Mozilla, a company of less then 500 people with a massive footprint with over 450 million users. Here I'm responsible for the security of all of our web applications. This includes threat modeling, secure design, training, testing and continual security maintenance. Security can be tough, and perhaps one of the most interesting challenges is designing security solutions that scale and are usable to such a massive number of people.

Security is what I do. Like many of us in the security industry, this is more than just a means of employment, it's a hobby and a passion. Throughout my professional career I've had the opportunity to assess and secure a wide variety of systems. Straight out of college my career started in the risk division of a CPA firm. With a focus on financial institutions, our security team performed traditional no knowledge black box penetration assessments, internal network assessments, and even social engineering. Some of my best security stories involve the stories and persona I invented in order to talk my way into the bank's vault or server room (all part of the approved engagement of course).

My next opportunity led me to a major telecommunication and mobile company. I had the opportunity to work in the security operations center for a period of time where I gain an eye opening experience being on the "other side of the fence". Tasked with defending and investing attacks on a network of 150K seats, there was never a dull moment. I also had the opportunity to transition into the consulting division where I performed secure architecture design review on mobile and telecommunications networks. Another great security story involved an assessment where, with just a tethered cell phone and an international data connection, I was able to gain full control of the data service for the targeted mobile provider in Asia.

I was fortunate enough to land a spot in a top-notch application security consulting firm. With this company I was able to focus every day on threat modeling, code review and web application penetration assessments for the most critical applications in the world. From working on major financial systems to voting devices, I had a chance to really see it all.

Don't get me wrong, the deep dive into the technical items is great. I've done it for years. But the key has been bringing that up to overall risk to the business. Managing risk is the driving factor for everyone that we end up doing.