User:Tony UcedaVelez

From OWASP
Jump to: navigation, search

Tony UV

Tony is the founder and CEO of VerSprite - a global security consulting firm based in Atlanta, GA. He is also the author of Wiley's Risk Centric Threat Modeling, a book based upon a patented methodology that applies a risk or asset centric approach to threat modeling. Tony has spoken at numerous OWASP, ISACA, ASIS, ISC2, ISSA, BSides conferences across four continents on the topics of application security, risk management, threat modeling, secure software development life cycles, and also conducted various training briefings to both development groups and company executives who need to understand the impact of security programs to business/ product objectives. Tony's 20 years of IT/IS experience began with hands-on operations in the areas of system administration, network engineering, software development. His IT formation, combined with his work in penetration testing, dynamic/ static application testing, security architecture, vulnerability and risk management, has served Tony well to speak on realistic challenges and solutions for IT groups and businesses alike in applying realistic security measures to enterprise processes. Tony serves as interim CISO for various startups and mid-size organization and is responsible for the overall build out of these security programs.


Prior to starting VerSprite, Tony served as a professional security consultant at Dell-SecureWorks and Symantec, and also worked as a security leader across various Fortune 500 banking, financial, and information services organizations in the global Fortune 500 ranking. Tony's leadership roles experience in security includes companies such as Equifax, SunTrust Banks, Morgan Stanley, Symantec, and SecureWorks.


Since late 2007, Tony leads the OWASP Atlanta Chapter, where he manages monthly workshops and events for the Atlanta web application security community. He also organizes BSides Atlanta – an underground grassroots un-conference that takes place annually and aims at providing new ideas and real conversations/ solutions around common challenges in InfoSec today.