In the realm of application security, Tony is a threat modeling evangelist and has provided numerous talks domestically and globally on its many benefits and application. He has served as a guest mentor to teams participating in Kennesaw State University’s annual Cybercrime capture the flag event as well as a Cybercrime speaker for Southern Polytechnic University in Atlanta (2009). He has also served as a guest speaker on the subject of application threat modeling during ISACA’s annual Geek Week event and has also served as a keynote speaker on the subject for ISACA’s Global Symposium web cast series He frequently speaks at various ISACA and OWASP based events nationwide. Additional publications include articles related to CoBIT and the ValIT model (ISACA’s Journal), application threat modeling within the SDLC (InSecureMagazine), and security process engineering for a ROSI (return on security investment) (Journal of Finance). His book on Application Threat Modeling is due to be published in late 2011 along with his co-author and Cincinnati Chapter Lead, [User:Marco_Morana].
Tony is also well regarded in the field of FISMA compliance, having worked with various federal entities and their respective certification & accreditation groups in order to manage compliance requirements against both NIST and FIPS requirements for ensuring data and system level security. NIST has invited Tony to speak twice at their annual SCAP conference in Baltimore on the subject of sustaining compliance across large federal information enterprises.
Tony is the founder and managing partner at VerSprite in Atlanta - a strategic, security pro service firm that is known for their hybrid approach to security service delivery and threat modeling approach to application security. Prior to VerSprite, Tony served as Sr. Director of Security Risk Management to a Fortune 50 organization where he led security assessments against global application environments. His work encompassed web application security testing, security architecture reviews, and analysis for business logic exploits. Previous to this role, he spent more than 5 years in the field of application security across other Fortune 500 organizations within the banking, telecom, and information service industry segments. Tony's leadership roles experience in security includes companies such as Equifax, SunTrust Banks, Morgan Stanley, Symantec, and SecureWorks.
Since late 2007, Tony leads the OWASP Atlanta Chapter, where he manages monthly workshops and events for the Atlanta web application security community. He is also serves on the OWASP Global Membership Board and regularly provides talks to other chapters nationwide, primarily on the topic of application threat modeling. Aside from the OWASP organization, Tony has helped to organize BSides Atlanta – an underground grassroots effort aimed at providing 100%, unsolicited security content to Atlanta Information Security professionals – for free.