This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit


Jump to: navigation, search

About Sherif

Based in London, UK, I have been an OWASP member for 7 years and I lead the OWASP London chapter. I have worked in Information Security for 13 years, and hold an MSc in Information Security from the Royal Holloway College University of London. Twitter: Kerberosmansour | Linkedin

Board Level Experience

As a chairman and company secretary of a private UK company, I possess over 6 years board experience.

During this time I have helped to shape the company strategy. Taking an active role in the review of the annual returns and accounts, and running the AGMs has given me a comprehensive understanding of the business. Holding a certificate in Company Direction from the Institute of Directors (IoD) gives me valuable certification and experience in this area. I am currently on the path to becoming a Chartered Company Director.

OWASP Community Experience

Building on my community organization experience, I take the role of chapter leader of the OWASP London and Royal Holloway Information Security Alumni Group.

OWASP London have an engaged community and effective marketing strategy. In 2016, we hosted more events than any other chapter, which are typically fully booked within 24 hours.

I'm also an active volunteer for a children's charity cancer hospital in Egypt, where I established a relationship between the hospital and the child's play foundation to donate toys on an annual basis.

Taking an active lead with OWASP ZAP Product Management, I seconded an intern who contributed automation code for ZAP to run in a CI/CD pipeline(see link).

Technical Experience

I’ve worked in large tech & finance companies and led the software security program for Expedia Inc. These roles have provided me both product and project management experience, as a scrum (Agile) product owner, in global cybersecurity teams.

During my time as an AppSec engineer, I discovered several undisclosed security vulnerabilities in third-party enterprise software.

To date, Microsoft 2010) and SAP (April 2012) have acknowledged my security research work and both companies have listed my work on their websites.

I am also one of two authors of the CIS hardening benchmarks for Apache Tomcat 7 & 8