Justin Derry

Justin Derry

Job: CEO/Managing Partner Appsecure (Australia)

OWASP Involvement:
I've been involved with OWASP for nearly 10 years, and have worked within the organisation in many roles. Recently for a number of years, i've been the conference chair and organiser of the OWASP Asia Pacific/Australia conferences (most years). I worked extensively on the OpenSAMM project with Pravir, and have reviewed other recent projects. Previously i've written and run the Interceptor project for OWASP, and have been a chapter leader and organised many chapter and conference sessions across Australia and Asia Pacific. I've also presented at conferences around the world on Application Security, and spoken and been an evangelist for OWASP and Application Security at many conferences.

• OWASP Asia Pacific/Australia Conferences Chair & Organiser (2008, 2009, 2012)
• Founder of OWASP Brisbane Chapter
• Core Contributor to OpenSAMM Project
• Contributor to the OWASP WASS Project (Now PCI Project)
• Project Lead for OWASP Interceptor Project and SoC (now closed) if you're looking go use ZAP! Awesome tool
• Presentations at OWASP Conferences (Back as far as 2006)
• Presentations at OWASP Japan, China, Australia
• Member of the Global Conferences Committee (Previously)
• Helped to grow Australian Chapters including presentations at each Chapter
• Completed a number of external presentations on OWASP (Auscert, China Software Summit, Japan Developer Group - JAVA & .NET, US, Europe - OWASP)

LinkedIn Profile: Click Here

My OWASP Mission/Vision

To ensure OWASP continues to grow and is a transparent and Open organisation that has global reach across the Information Security and Development Communities.

I’ve been working with OWASP since 2002. During this time, I’ve seen a dramatic rise in the need for Application Security within the global industry. OWASP plays a critical role as an independent advisor to the community on topics of Application Security. I firmly believe that OWASP is the leading and only truly open resource on application security topics. It is the most globally trusted brand in this field. Historically, OWASP has tried to become a global organisation with some success. To be a truly global brand, we need to significantly increase our focus within the Asia Pacific Rim. This can be achieved through a top-down approach of representation on the board and core committees within the region.

The Asia Pacific region has a number of unique challenges. These include language, cultural and distance issues. The majority of OWASP members are from the US or UK geographies. To ensure a global reach, OWASP must meet these challenges head on. This involves growing local, country, and regional chapters. A program must be built to help language-specific translation of key OWASP project resources. OWASP must assist local chapters with planning local conferences, events, and coordinating international speakers. OWASP must also aide in evangelising the mission throughout the region.

We know that the OWASP brand is one of the most trusted brands in Application Security. It is critical that OWASP maintains transparency and be open to members and the community at large.

My key focus statements for OWASP are as follows:

• Global Outreach - Expanding Asia Pacific
  To ensure adequate representation of Asia Pacific region within OWASP, OWASP should assist local regions with chapters, conferences and language translation.

• OWASP - Application Security Evangelism
  I firmly believe that OWASP needs to spend more time with developers, project owners and businesses to deliver a few key messages. These messages emphasize that application security is relevant and important. The messages also need to illustrate the current threat landscape. We need to take our wealth of experience and information to the wider community by attending and presenting OWASP to the community outside of the Application/Information Security forum.

• OWASP Community
  The OWASP Community is a critical resource that we should help continue to grow and expand with updated projects, new technologies and new approaches to solving the risks associated with application security. Firmly investing in these resources will ensure we continue to be recognised as the global leader.

• OWASP Transparency
  With such a recognised brand, I believe transparency and openness of all activities within OWASP ensures that we remain as the “trusted source” of information within the industry.

My BIO

Justin is a seasoned Information Security Professional with over 16 years in the industry. Since 2000, Justin has focused primarily on securing applications and evangelising the need for secure software. He is currently the CEO of Appsecure. Appsecure is Asia-Pacific’s leading Application Security specialist consulting firm. The firm works with industry bodies and large-scale enterprises to identify, educate and minimise information security threats. He brings to clients a wealth of experience in penetration testing, source code reviews, assurance testing, and implementing strategic goals to minimise operational risks associated with application security threats.

Justin has been extensively involved with OWASP since 2002. Within OWASP, he has worked on many different projects, organized and run local chapters, and chaired the Asia Pacific conference each year it has run in Australia. Justin has a strong reputation within the industry and has delivered keynote and technical presentations at many global industry events.

Justin’s passion about application security has lead him to increase the awareness of security threats, participate in open forums, and reach out to developers outside of the information security industry. Most recently, Justin has focused on the strategic problems associated with implementing effective application security controls. Hence, he was one of the core contributors to the OpenSAMM (OWASP) project when Pravir Chandra started it. Lastly, Justin finds time to write code and contribute to the open source community and industry bodies on the topic of secure code development and technology adoption.