This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit


Jump to: navigation, search


My name is Tobias Gondrom. My main areas of interest are application security in Enterprise Applications and cryptography.
I work as a chair of the Web Security WG at the IETF and some expert groups around the globe.
If you like you can meet me at the IETF conferences or at some of the Asian and European Security Conferences.
Or just send me an email or give me a call. ;-)

I am currently involved in a number of security areas:

  • working in the OWASP CISO Guide project
  • Project Lead for the OWASP CISO Survey & Report 2013
  • OWASP London chapter board member
  • speaker at various OWASP conferences and chapter meetings (AppSec APAC, EU, ...)
  • trainer at OWASP AppSec Asia (CISO workshop)
  • prepared the slide deck for the OWASP Top-10 2013
  • ...

Besides OWASP, I also do:

  • chair of the IETF Web Security WG (WEBSEC)
  • member of the CSA (Cloud Security Alliance) chapter Hong Kong & Macau.
  • some of my specialty areas:
    • Risk Management and Secure SDLC
    • Enterprise Content Management and Document Management
    • CISO Guides

Previous stuff:

  • Member of the OWASP Global Industry Committee
  • participant of the OWASP Summit
  • former lead of the German chapter.
  • former chair of the IETF WG LTANS (Long-term archiving and notary services)

email: tobias.gondrom (at)
email: tobias.gondrom (at)