Difference between revisions of "User:Wichers"

From OWASP
Jump to: navigation, search
(OWASP Contributions)
(12 intermediate revisions by 2 users not shown)
Line 1: Line 1:
I'm Dave Wichers, Chief Operating Officer (COO) of [http://www.aspectsecurity.com Aspect Security], a company that specializes in application security services. For OWASP, I'm the volunteer [[:Category:OWASP_AppSec_Conference | OWASP Conferences]] Chair, a volunteer member of the OWASP Board, and a coauthor of the [[OWASP_Top_Ten_Project | OWASP Top 10]].
+
=About=
  
I have over 20 years of experience in the information security field, and have focused exclusively on application security for the past 10 years. At Aspect, in addition to my COO duties, I'm Aspect's application security courseware lead, one of their chief instructors, and provide a wide variety of application security consulting services to Aspect's clients. Prior to starting Aspect, I ran the Application Security Services Group at Exodus Communications. I have a Bachelors and Masters degree in Computer Science, am a CISSP, and a CISM.
+
==BIO==
 +
 
 +
Dave Wichers is a cofounder and the Chief Operating Officer (COO) of [http://www.aspectsecurity.com Aspect Security], a company that specializes in application security services. He is also a long time contributor to OWASP including being a member of the OWASP Board since it was formed in 2003.
 +
 
 +
Dave has over 20 years of experience in the information security field, and has focused exclusively on application security since 1998. At Aspect, in addition to his COO duties, he is Aspect's application security courseware lead, one of their chief instructors, and provides a wide variety of application security consulting services to Aspect's clients. Prior to starting Aspect, he ran the Application Security Services Group at Exodus Communications. Dave has a Bachelors and Masters degree in Computer Science, is a CISSP, and a CISM.
 +
 
 +
==OWASP Contributions==
 +
 
 +
I have been contributing to OWASP since 2002. In 2004, along with Jeff Williams, we established the 501c3 organization that is now the OWASP Foundation. Since establishing the OWASP Foundation, I have served and continue to serve as the de facto Chief Financial Officer of OWASP, managing all financial transactions, authorizing all payments from OWASP, and making sure we are good stewards of OWASP's financial resources. I also negotiate and sign for virtually all contracts OWASP enters into with other parties. I also established all the financial accounts for the OWASP Foundation including bank accounts, credit cards, tax IDs, and helped hire all the employees of the OWASP Foundation and provide oversight for their work. I also helped determine the benefits that these employees would receive, and established the procedures for how they would receive those benefits including health insurance, payroll, etc. In late 2004, I volunteered to become the OWASP Conferences Chair where I launched the OWASP Conferences Series, personally organized all the  U.S. and European AppSec conferences from 2005 through 2008, and helped launch the Global Conferences Committee in 2009, which has now taken over the primary organizational duties for the OWASP Conferences. The OWASP Conferences have grown to serve as the primary fundraising resource for OWASP.  I have also spent countless hours helping to initially establish the OWASP wiki, and then continuing to improve it, proofreading articles, encouraging others to contribute, etc.
 +
 
 +
As a volunteer to OWASP, Dave is or has been:
 +
 
 +
* A continuous member of the [[About_OWASP#Global_Board_Members|OWASP Board]] since it was established in 2004,
 +
* The [[:Category:OWASP_AppSec_Conference | OWASP Conferences]] Chair,
 +
* Project lead and coauthor of the [[OWASP_Top_Ten_Project | OWASP Top 10]],
 +
* Coauthor of the [[ASVS | OWASP Application Security Verification Standard]],
 +
* Contributor to the [[ESAPI | OWASP Enterprise Security API (ESAPI)]] project,
 +
* Lead of the OWASP Prevention Cheat Sheet Series and primary author of the [[SQL_Injection_Prevention_Cheat_Sheet | SQL Injection Prevention Cheat Sheet]].
 +
 
 +
For more details than this short bio on what I've done at OWASP, listen to my [http://www.owasp.org/download/jmanico/owasp_podcast_82.mp3 OWASP podcast].
 +
 
 +
[[:Special:Contributions/Wichers|Wiki Contributions]]
 +
 
 +
I've also done lots of OWASP conference presentations. Here are some of them:
 +
 
 +
* 2012 AppSec USA: [https://www.owasp.org/images/c/c5/Unraveling_some_Mysteries_around_DOM-based_XSS.pdf Unraveling some of the Mysteries around DOM-based XSS]
 +
* 2012 AppSec EU: [https://www.owasp.org/images/3/30/AppSecEU2012_DOM-based_XSS.pdf Unraveling some of the Mysteries around DOM-based XSS]
 +
* 2012 AppSec DC: [[OWASP_AppSec_DC_2012/Unraveling_some_of_the_Mysteries_around_DOMbased_XSS | Unraveling some of the Mysteries around DOM-based XSS]]
 +
* 2010 AppSec DC: [[The_Strengths_of_Combining_Code_Review_with_Application_Penetration_Testing | Strengths of Combining Code Review with Application Penetration Testing]] - [http://vimeo.com/groups/asdc10/videos/19104928 Video] | [[Media: 2010-DC_The_Power_of_Code_Review.pptx|Slides]]
 +
* 2010 AppSec Europe: [[OWASP_AppSec_Research_2010_-_Stockholm,_Sweden#OWASP_Top_10_2010 | OWASP Top 10 for 2010 - Final]] - [http://owasp.blip.tv/file/3917942/ Video] |[[Media:OWASP_AppSec_Research_2010_OWASP_Top_10_by_Wichers.pdf | PDF]]
 +
* 2009 AppSec DC: [[OWASP_Top_10_2010_AppSecDC | Debut of the OWASP Top 10 for 2010 Release Candidate]] - [http://www.vimeo.com/9006276 Video] | [[Media: AppSec DC 2009 - OWASP Top 10 - 2010 rc1.pptx | Slides]]
 +
* 2009 Appsec Ireland: [[How_to_Avoid_Flaws_in_the_First_Place:_The_OWASP_Enterprise_Security_API_(ESAPI)_Project | How to Avoid Flaws in the First Place: The OWASP ESAPI Project]]
 +
* 2009 AppSec Europe: [[ASVS | OWASP ASVS Project]] - [http://www.owasp.org/images/7/78/AppsecEU09_OWASP_ASVS_WebApp_Standard.ppt Slides]
 +
* 2009 AppSec Europe: [[ESAPI | OWASP Enterprise Security API (ESAPI) Project]] - [http://blip.tv/file/2215191 Video] | [http://www.owasp.org/images/1/11/AppSecEU09Poland_ESAPI.pptx Slides]
 +
* 2008 AppSec NY: Security in Agile Development - [http://video.google.com/videoplay?docid=-8287209466278543377&hl=en Video] | [http://www.owasp.org/images/a/a3/AppSecNYC08-Agile_and_Secure.ppt Slides]
 +
* 2008 AppSec Europe: [[AppSecEU08_The_OWASP_ESAPI_project | Fundamental Application Security Building Blocks - The Benefits of Establishing an Enterprise Security API (ESAPI) for Your Organization]] - [http://www.owasp.org/images/c/cd/AppSecEU08-ESAPI.ppt Slides]
 +
* 2008 AppSec Europe: [[AppSecEU08_Agile_Security_Breaking_the_Waterfall_Mindset | Agile Security - Breaking the Waterfall Mindset of the Security Industry]] - [http://www.owasp.org/images/b/b8/AppSecEU08-Agile_and_Secure.ppt Slides]
 +
* 2007 AppSec Europe: OWASP WebGoat and WebScarab - [http://www.owasp.org/images/5/55/OWASPAppSec2007Milan_WebGoatv5.ppt WebGoat Slides] | [http://www.owasp.org/images/d/d7/OWASPAppSec2007Milan_WebScarabNG.ppt WebScarab Slides]
 +
* 2006 AppSec Seattle: Why AJAX Applications are far more likely to be insecure, and What to do about it - [http://www.owasp.org/index.php/Image:OWASPAppSec2006Seattle_Why_AJAX_Applications_More_Likely_Insecure.ppt Slides]
 +
 
 +
Dave can be reached at: dave.wichers (at) aspectsecurity.com or dave.wichers (at) owasp.org

Revision as of 14:14, 2 May 2013

About

BIO

Dave Wichers is a cofounder and the Chief Operating Officer (COO) of Aspect Security, a company that specializes in application security services. He is also a long time contributor to OWASP including being a member of the OWASP Board since it was formed in 2003.

Dave has over 20 years of experience in the information security field, and has focused exclusively on application security since 1998. At Aspect, in addition to his COO duties, he is Aspect's application security courseware lead, one of their chief instructors, and provides a wide variety of application security consulting services to Aspect's clients. Prior to starting Aspect, he ran the Application Security Services Group at Exodus Communications. Dave has a Bachelors and Masters degree in Computer Science, is a CISSP, and a CISM.

OWASP Contributions

I have been contributing to OWASP since 2002. In 2004, along with Jeff Williams, we established the 501c3 organization that is now the OWASP Foundation. Since establishing the OWASP Foundation, I have served and continue to serve as the de facto Chief Financial Officer of OWASP, managing all financial transactions, authorizing all payments from OWASP, and making sure we are good stewards of OWASP's financial resources. I also negotiate and sign for virtually all contracts OWASP enters into with other parties. I also established all the financial accounts for the OWASP Foundation including bank accounts, credit cards, tax IDs, and helped hire all the employees of the OWASP Foundation and provide oversight for their work. I also helped determine the benefits that these employees would receive, and established the procedures for how they would receive those benefits including health insurance, payroll, etc. In late 2004, I volunteered to become the OWASP Conferences Chair where I launched the OWASP Conferences Series, personally organized all the U.S. and European AppSec conferences from 2005 through 2008, and helped launch the Global Conferences Committee in 2009, which has now taken over the primary organizational duties for the OWASP Conferences. The OWASP Conferences have grown to serve as the primary fundraising resource for OWASP. I have also spent countless hours helping to initially establish the OWASP wiki, and then continuing to improve it, proofreading articles, encouraging others to contribute, etc.

As a volunteer to OWASP, Dave is or has been:

For more details than this short bio on what I've done at OWASP, listen to my OWASP podcast.

Wiki Contributions

I've also done lots of OWASP conference presentations. Here are some of them:

Dave can be reached at: dave.wichers (at) aspectsecurity.com or dave.wichers (at) owasp.org