Difference between revisions of "User:Mike.boberski"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
I'm Mike Boberski. I work at Booz Allen Hamilton. I have a background in application security and the use of cryptography by applications.
+
[mailto:boberski_michael@bah.com Mike Boberski] works at [http://www.boozallen.com Booz Allen Hamilton]. Mr. Boberski, an Associate in the firm, has more than 14 years experience in application security and the use of cryptography by applications. He is the project lead and a co-author of the application security assessment industry’s first standard for performing application security assessments. The standard is called the Open Web Application Security Project (OWASP) Application Security Verification Standard (ASVS). Mr. Boberski has a background in trusted product evaluation and Public Key Infrastructure (PKI) software development and integration. Experience in security-related testing programs includes the National Security Agency (NSA) Trust Technology Assessment Program (TTAP), NSA CCEVS (Common Criteria Evaluation and Validation Scheme) Common Criteria (CC) program, National Institute of Standards and Technology (NIST) Cryptographic Module Validation Program/ Cryptographic Algorithm Validation Program (CMVP/CAVP) FIPS 140-1 program, NIST CMVP/CAVP FIPS 140-2 program, and the Joint Interoperability Test Command (JITC) Public Key-Enabled (PKE) Application Testing programs. Experience in PKI software development and integration includes Public Key-Enabling applications. Of particular note, Mr. Boberski ran the development team that built, integrated, and maintained the USPS Electronic Postmark (EPM) when it was a server application-based offering, before it was turned into a hosted service. He has experience managing trusted product evaluation testing labs,  professional service software development groups, and professional service software deployment groups. Publications include a technical pocket reference book called “EAL2 Design Pocket Reference” on the topic of developing CC design evidence. Patents include Patent # 7,321,969, Secure Instant Messaging System.
  
I have been working for a little less than 15 years on security-related testing programs. These programs include the Trust Technology Assessment Program (TTAP), Common Criteria (CC), FIPS 140-1, FIPS 140-2, and the Joint Interoperability Test Command (JITC) Public Key-Enabled (PKE) Application Testing programs. I have also been working over the same time frame in areas relating to developing Public Key Infrastructure (PKI) software, focusing largely on areas related to Public Key-Enabling applications. I also ran the development team that built, integrated, and maintained the USPS Electronic Postmark (EPM) when it was a server application-based offering, before it was turned into a hosted service.
+
''Last revised {{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}''
 
+
I have been working recently with the Open Web Application Security Project (OWASP) Foundation to create an Application Security Verification Standard (ASVS). I am the project lead and a co-author of the [[:Category:OWASP Application Security Verification Standard Project | OWASP Application Security Verification Standard]], which is OWASP's first actual standard.
+
 
+
I can be reached at [mailto:boberski_michael@bah.com boberski_michael@bah.com].
+
 
+
last revised {{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}
+

Revision as of 15:07, 12 February 2009

Mike Boberski works at Booz Allen Hamilton. Mr. Boberski, an Associate in the firm, has more than 14 years experience in application security and the use of cryptography by applications. He is the project lead and a co-author of the application security assessment industry’s first standard for performing application security assessments. The standard is called the Open Web Application Security Project (OWASP) Application Security Verification Standard (ASVS). Mr. Boberski has a background in trusted product evaluation and Public Key Infrastructure (PKI) software development and integration. Experience in security-related testing programs includes the National Security Agency (NSA) Trust Technology Assessment Program (TTAP), NSA CCEVS (Common Criteria Evaluation and Validation Scheme) Common Criteria (CC) program, National Institute of Standards and Technology (NIST) Cryptographic Module Validation Program/ Cryptographic Algorithm Validation Program (CMVP/CAVP) FIPS 140-1 program, NIST CMVP/CAVP FIPS 140-2 program, and the Joint Interoperability Test Command (JITC) Public Key-Enabled (PKE) Application Testing programs. Experience in PKI software development and integration includes Public Key-Enabling applications. Of particular note, Mr. Boberski ran the development team that built, integrated, and maintained the USPS Electronic Postmark (EPM) when it was a server application-based offering, before it was turned into a hosted service. He has experience managing trusted product evaluation testing labs, professional service software development groups, and professional service software deployment groups. Publications include a technical pocket reference book called “EAL2 Design Pocket Reference” on the topic of developing CC design evidence. Patents include Patent # 7,321,969, Secure Instant Messaging System.

Last revised 02/12/2009