This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Eoin Keary"

From OWASP
Jump to: navigation, search
m
m
 
(7 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Hello,
+
[[OWASP Board History|OWASP board member]] since 2009.  
I would like to be considered for the OWASP board membership. I am a long time member of OWASP and have contributed year on year to OWASP projects and the OWASP mission of fighting the causes of software insecurity.
+
Elected to position of global Vice Chair, September 2011.
I am based in Dublin, Ireland and run the Ernst & Young application security team across Europe.
 
  
 +
OWASP Board tenure from 2009 to 2015
  
To see updates to the Wiki that I have done see: [[:Special:Contributions/eoin|click here]] - [http://www.linkedin.com/in/eoinkeary LinkedIn Profile]
+
A long time member of OWASP, Based in Dublin Ireland and CEO/Founder of [http://www.bccriskadvisory.com BCC Risk Advisory Ltd.] and [https://www.edgescan.com edgescan]
 +
 
 +
LinkedIn profile [http://www.linkedin.com/in/eoinkeary click here]
 +
[https://www.edgescan.com edgescan]
 +
<br>
 +
 
 +
Eoin Keary has been with OWASP since 2004. He is based in Ireland and runs a software security practice, bccriskadvisory.com and [https://www.edgescan.com edgescan.com]
 +
 
 +
He was on the Global Board of the OWASP foundation from 2009 to 2015. He was the first democratically elected to the board member in 2009.
 +
During this time Eoin assisted in founding the OWASP legal entity in Europe and has helped provide structure to OWASPs finances and strategy.
 +
 
 +
Eoin believes the projects OWASP delivers are a key aspect of the foundation and also very important in helping both developers and security professionals in building more secure software.
 +
 
 +
Eoin previously lead the [[OWASP Testing Project|OWASP Testing Guide]] and  currently the [[OWASP Code Review Guide Table of Contents|OWASP Code Review Guide]] and also contributed to other OWASP projects such as
 +
[[OWASP SAMM Project|OWASP SAMM]],
 +
[[OWASP CISO Guide]] &
 +
CISO Survey,
 +
[[OWASP Cheat sheets]], and the
 +
[[OWASP ASVS Assessment tool|OWASP ASVS]] & [[OWASP Zed Attack Proxy Project|ZAP]] as a reviewer.
 +
 
 +
Eoin also founded the [[OWASP Ireland AppSec 2009 Conference|OWASP Ireland]] chapter in 2006 and the OWASP Ireland event in 2008 which is in its 4th year and also hosted [[OWASP EU]] in 2011.
 +
 
 +
Eoin believes OWASP needs to focus more on outreach to the software development community and also involve itself more with the industries which rely on software to achieve business and social goals by assisting organisations, CISO's and security communities in writing and defending software infrastructure.
 +
 
 +
To this end,  Eoin frequently delivers free technical and executive awareness workshops to help organisations achieve their goals in a secure manner.
  
  
  
 
----
 
----
 +
 
'''My involvement in OWASP to date.............'''<br>
 
'''My involvement in OWASP to date.............'''<br>
  
 
'''OWASP Ireland Chapter leader and founder since 2004'''<br>
 
'''OWASP Ireland Chapter leader and founder since 2004'''<br>
  
Have held regular meetings, promoted OWASP and application security in general.<br>
+
Have held regular meetings, promoted OWASP and application security in general.<br>I have developed a stong community within Ireland in terms of secure development such that large organisations are aware of OWASP and invite me for comment and involvement in application security awareness efforts. I am involved in ongoing efforts to consolidate the security community with groups such as IISF, IAI and ISSA.<br>
I have developed a stong community within Ireland in terms of secure development such that large organisations are aware of OWASP and invite me for comment and involvement in application security awareness efforts. I am involved in ongoing efforts to consolidate the security community with groups such as IISF, IAI and ISSA.<br>
 
  
 
'''OWASP Testing guide leader (2005-2007)'''<br>
 
'''OWASP Testing guide leader (2005-2007)'''<br>
  
Handed over from Daniel Cuthbert in 2005.<br>
+
Handed over from Daniel Cuthbert in 2005.<br>Lead the testing guide effort, transferred it to wiki from word document in 2006.<br>Wrote significant portions of the guide.<br>Handed guide to Matteo Meucci in 2007<br>
Lead the testing guide effort, transferred it to wiki from word document in 2006.<br>
 
Wrote significant portions of the guide.<br>
 
Handed guide to Matteo Meucci in 2007<br>
 
  
 
'''Code review guide (V1.1) leader - "Worlds first open source code review guide"'''<br>
 
'''Code review guide (V1.1) leader - "Worlds first open source code review guide"'''<br>
  
Lead and founder of guide.<br>
+
Lead and founder of guide.<br>Authored 70% of currrent code review guide.<br>Considered the most comprehensive code review guide on the web.<br>Ongoing project currently at V1.1<br>Tools such as OWASP code crawler are inspired by the guide.<br>Used by US Gov agencies, Insustry Security standards etc.<br>
Authored 70% of currrent code review guide.<br>
 
Considered the most comprehensive code review guide on the web.<br>
 
Ongoing project currently at V1.1<br>
 
Tools such as OWASP code crawler are inspired by the guide.<br>
 
Used by US Gov agencies, Insustry Security standards etc.<br>
 
  
 
'''OWASP ASVS Reviewer'''<br>
 
'''OWASP ASVS Reviewer'''<br>
  
Reviewed and supplied suggestions for most recent release of ASVS.<br>
+
Reviewed and supplied suggestions for most recent release of ASVS.<br>Presented viability of ASVS to industry leads in terms of integration of standard into strategic direction.<br>
Presented viability of ASVS to industry leads in terms of integration of standard into strategic direction.<br>
 
  
 
'''OWASP SAMM Contributor'''<br>
 
'''OWASP SAMM Contributor'''<br>
  
Along with team members, suggested rewrite of SAMM questionaire based on experience of using in the field.<br>
+
Along with team members, suggested rewrite of SAMM questionaire based on experience of using in the field.<br>With the aim of overall maturity of the SAMM document and process.<br>I have fostered the SAMM approach into a number of large european organisations.<br>
With the aim of overall maturity of the SAMM document and process.<br>
 
I have fostered the SAMM approach into a number of large european organisations.<br>
 
 
 
'''OWASP Ireland 2009'''<br>
 
Sole organiser of successful event which has made a large impact on local application security community.<br>
 
Event covered costs and was within budget.<br>
 
Achieved media coverage with many local and business "broad sheet" newspapaers.<br>
 
Managed to gather an impressive panel of speakers for such a modest event.
 
  
'''OWASP Live CD (2007)'''<br>
+
'''OWASP Ireland 2009,2010,OWASP EU 2011'''<br>Organiser of successful event which has made a large impact on local application security community.<br>Event covered costs and was within budget.<br>Achieved media coverage with many local and business "broad sheet" newspapaers.<br>Managed to gather an impressive panel of speakers for such a modest event.
"Recruited" Josh Perrymon (packetfocus) to donate his Live CD to OWASP.<br>
 
  
'''OWASP Mmebership Packs'''<br>
+
'''OWASP Cheat Sheet Author and reviewer -2011/2012'''<br>
Initiated the summer of code effort to develop membership packs for OWASP individual & corporate members.<br>
+
'''OWASP Workshop Trainer - 2010/2015'''<br>
 +
'''OWASP Reboot project leader 2012'''<br>
  
 +
<br>
  
 
----
 
----
'''My OWASP Roadmap'''<br>
 
 
'''Focus on quality''':
 
 
In order to gain more widespread adoption of OWASP guidence and vision our deliverables need to be of leading practice qualty. "half baked" tools, whitepapers and guides do not assist and in some cases detract from the OWASP "Brand". A core problem with opensource efforts is quality control which must be addressed.
 
 
'''Membership''':
 
 
The concept of membership is still misunderstood. Signing up to a mailing list is not membership. Membership should be defined as an active supporter of OWASP either by actions or in the financial sense. Quality deliverables also shall drive up membership. Organisations and individuals that acquire solutions to their problems from OWASP may be more inclined to give a little back (Join OWASP).
 
 
'''Initiate Governance (but minimize red tape)'''
 
I believe we need a governance model such that industry shall embrace our goals but also limit the bureaucracy which stifles imagination and creativity. This is a fine line but is nevertheless important in terms of attempting to raise the bar for software security.
 

Latest revision as of 09:50, 24 January 2018

OWASP board member since 2009. Elected to position of global Vice Chair, September 2011.

OWASP Board tenure from 2009 to 2015

A long time member of OWASP, Based in Dublin Ireland and CEO/Founder of BCC Risk Advisory Ltd. and edgescan

LinkedIn profile click here edgescan

Eoin Keary has been with OWASP since 2004. He is based in Ireland and runs a software security practice, bccriskadvisory.com and edgescan.com

He was on the Global Board of the OWASP foundation from 2009 to 2015. He was the first democratically elected to the board member in 2009. During this time Eoin assisted in founding the OWASP legal entity in Europe and has helped provide structure to OWASPs finances and strategy.

Eoin believes the projects OWASP delivers are a key aspect of the foundation and also very important in helping both developers and security professionals in building more secure software.

Eoin previously lead the OWASP Testing Guide and  currently the OWASP Code Review Guide and also contributed to other OWASP projects such as OWASP SAMM, OWASP CISO Guide & CISO Survey, OWASP Cheat sheets, and the OWASP ASVS & ZAP as a reviewer.

Eoin also founded the OWASP Ireland chapter in 2006 and the OWASP Ireland event in 2008 which is in its 4th year and also hosted OWASP EU in 2011.

Eoin believes OWASP needs to focus more on outreach to the software development community and also involve itself more with the industries which rely on software to achieve business and social goals by assisting organisations, CISO's and security communities in writing and defending software infrastructure.

To this end,  Eoin frequently delivers free technical and executive awareness workshops to help organisations achieve their goals in a secure manner.



My involvement in OWASP to date.............

OWASP Ireland Chapter leader and founder since 2004

Have held regular meetings, promoted OWASP and application security in general.
I have developed a stong community within Ireland in terms of secure development such that large organisations are aware of OWASP and invite me for comment and involvement in application security awareness efforts. I am involved in ongoing efforts to consolidate the security community with groups such as IISF, IAI and ISSA.

OWASP Testing guide leader (2005-2007)

Handed over from Daniel Cuthbert in 2005.
Lead the testing guide effort, transferred it to wiki from word document in 2006.
Wrote significant portions of the guide.
Handed guide to Matteo Meucci in 2007

Code review guide (V1.1) leader - "Worlds first open source code review guide"

Lead and founder of guide.
Authored 70% of currrent code review guide.
Considered the most comprehensive code review guide on the web.
Ongoing project currently at V1.1
Tools such as OWASP code crawler are inspired by the guide.
Used by US Gov agencies, Insustry Security standards etc.

OWASP ASVS Reviewer

Reviewed and supplied suggestions for most recent release of ASVS.
Presented viability of ASVS to industry leads in terms of integration of standard into strategic direction.

OWASP SAMM Contributor

Along with team members, suggested rewrite of SAMM questionaire based on experience of using in the field.
With the aim of overall maturity of the SAMM document and process.
I have fostered the SAMM approach into a number of large european organisations.

OWASP Ireland 2009,2010,OWASP EU 2011
Organiser of successful event which has made a large impact on local application security community.
Event covered costs and was within budget.
Achieved media coverage with many local and business "broad sheet" newspapaers.
Managed to gather an impressive panel of speakers for such a modest event.

OWASP Cheat Sheet Author and reviewer -2011/2012
OWASP Workshop Trainer - 2010/2015
OWASP Reboot project leader 2012