This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

2017 BASC Speakers

Revision as of 15:52, 13 October 2017 by Tom Conner (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Home | Agenda | Presentations | Workshops | Speakers | Register | Twitter 32.png
Platinum Sponsors

Black Duck Software MIT Lincoln Laboratory Veracode

Gold Sponsors



Silver Sponsors

Qualys bugcrowd

Sponsorships are available: See Sponsorship Kit
Please help us keep BASC free by viewing and visiting all of our sponsors.

Stephen Allor

Secure Code Warrior
Steve is the US Director for Secure Code Warrior and heads up Global Sales and Business Development.

Phil Barrows

MEI Security

Pete Chestna

Pete Chestna is Director of Developer Engagement at Veracode/CA, and he provides customers with practical advice on how to successfully roll out developer-centric application security programs. Relying on more than 10 years of direct AppSec practitioner experience as both a developer and development leader, Pete provides information on best practices amassed from personal experience in addition to working with Veracode’s 1,000+ global customers. He led Veracode’s transformation from Waterfall to Agile to DevOps and from monolith to microservice architecture. He is certified as both a scrum master and product owner. From his experience as both a practitioner and consultant, Pete has spoken internationally at both security and developer conferences on the topics of Application Security (AppSec), Agile and DevOps.

Anirudh Duggal

Northeastern University
Anirudh Duggal is a graduate candidate at Northeastern University who works with Philips Healthcare. He works on securing medical devices and consumer products. He has around 5 years of experience in the Information Security domain. He has a keen interest in securing and breaking medical devices and infrastructure and has presented his research around the topic at conferences like Blackhat 2016 (Las Vegas), Hack In The Box (Amsterdam), Positive Hack Days (Moscow), Nullcon (Goa), Hacks in Taiwan (Taipei), CoCon (Kochi), Ground Zero (Delhi). Anirudh also leads the ISSA, Northeastern University chapter as the chapter President and conducts dialogues and training on Cyber security in general. Besides working on healthcare security, he has a keen interest in Sustainability and Music. He is often found biking around Boston looking for inspiration to his new music.

Devin Dwyer

Devin Dwyer is a recent graduate of the Computing Security program at Rochester Institute of Technology, and he is currently employed by Salesforce as a Product Security Engineer. Devin is a strong proponent for manual static code analysis and finds joy in performing deep dive code reviews to find issues with authentication logic, data sanitization, and access control. When in need of a confidence boost and a way to kill boredom, he searches for low hanging fruit in Wordpress plugins.

Dave Ferguson

Dave Ferguson is a Solution Architect and SME with Qualys and has been immersed in all things application security since 2006. After writing code as a developer for over a decade, Dave worked as a consultant pen-testing applications and training other developers on how to build secure apps. Prior to Qualys, he led the global application security program at Sabre Corporation and worked at Veracode. Dave is author of the OWASP Forgot Password Cheat Sheet and holds CISSP and CSSLP certifications.

Venkatesh Ganapathy

Black Duck Software
Venkatesh Ganapathy has around 14 years of software development experience in Java and web technologies. He holds a Bachelor’s Degree in Computer Science and Master’s Degree in Computer Applications from Madurai Kamaraj University, India. Venkatesh is also a Sun Certified Java developer and a proud OWASP member who has attended two OWASP-sponsored developer training sessions in the past. His job title is senior software engineer, and it’s been more than 10 years since he joined Black Duck Software located in Burlington, MA. The primary goal of Black Duck Software is to help organizations establish better security practices and policies to protect against vulnerabilities. Venkatesh was involved in designing many features in Black Duck’s flagship product. About 4 years back he started to look deeply into learning and remediating various security vulnerabilities. Venkatesh’s main responsibility in Black Duck is to certify that all security products are released without any vulnerabilities. He is part of the incident response team, performing security reviews, mitigating operational risks and remediating issues. Venkatesh pro-actively uses different tools and techniques to analyze the applications. This includes performing penetration testing in different layers and remediating any issues that are identified.

Robert Hurlbut

Robert Hurlbut Consulting Services
Robert Hurlbut, based in Enfield, CT, is a software security consultant and trainer. Robert is a Microsoft MVP for Developer Technologies and Security and holds the (ISC)2 CSSLP security certification. Robert has 30 years of industry experience in software security, software architecture, and software development. He speaks at user groups, national and international conferences, and provides training for many clients. You can follow Robert on his blog at and on Twitter at and co-hosting on the Application Security Podcast at

Patrick Laverty

Patrick Laverty has been leading the Rhode Island chapter of OWASP since April 2013, and he recently restarted the DefCon401 group in Providence. He works for Rapid7 as a penetration tester with a preference for web applications and teaches Rapid7's Application Assault web pentesting course. He worked at a university building web applications for 12 years, helped out with Rhode Island and Boston Security BSides conferences. Loves cookies. Twitter: @plaverty9

Chris Poulin

Booz Allen Hamilton
Chris Poulin, is Principal/Director in Booz Allen Hamilton’s Strategic Innovations Group, where he leads the Internet of Things security strategy in Booz Allen’s Dark Labs, as well as dabbles in Machine Intelligence. He joins BAH from IBM, where he led their X-Force research teams and built the first prototype Watson for cybersecurity. Despite his recent roles in large enterprises, he has an entrepreneurial background, having founded, built, and sold a boutique information security consulting firm, FireTower, Inc., and served as the Chief Security Officer for Q1 Labs, a startup in the Security Intelligence space. Chris started his security career in the U.S. Air Force over 30 years ago, where he managed global networks and developed software for the intelligence community.

Joe Rozner

Joe Rozner (@jrozner) is a software engineer at Prevoty where he has built semantic analysis tools, language runtimes, generalized solutions to common vulnerability classes, and designed novel integration technology leveraging runtime memory patching. He has a passion for reverse engineering, exploitation, teaching, and sharing research with others.

Abhishek Singh

Northeastern University
Abhishek Singh is a Master's student for Information Assurance and Cyber Security at the Northeastern University. He has over 3 years of experience in Information Security industry. He is proficient with python, perl, bash programming languages. He has working experience in designing penetration testing and end point security testing labs.

Chris Smith

Chris Smith is a Senior Product Security Engineer at Salesforce where he helps design and build new AppSec tools and processes, ensuring that customers, partners, and internal engineering can meet and exceed best security practices. His goal is to make security accessible and understandable by both the security-minded and the security-unaware.

Vik Solem

MEI Security
Vik Solem takes physical and information security seriously, bringing lessons learned from over 30 years experience in IT at such firms as BBN, AtStake, Symantec, and Tufts University. Throughout his career, Vik, a CISSP, has worked passionately on cryptanalysis, forensics, comprehensive risk assessments, vulnerability identification & mitigation, “white hat” penetration testing, security policies, and other aspects of information security in our constantly evolving threatscape. He has presented numerous times on cost-effective security best practices for small and medium sized businesses at client locations and regional conferences. Vik is a contributor to the security related organizations ASIS and Infragard, and organizes the New England Small Business Security Meetup, which meets monthly.

Robert Thau

Robert Thau is currently Chief Architect at Smartleaf, which runs a financial portfolio management system which is used by several major financial institutions to manage portfolios worth over $50 billion. He was also a major contributor to the original Apache Web Server effort (developing the API, among other things), for which he is co-recipient of the ACM System Software Award. He holds a Ph.D. in Computational Neuroscience from MIT.

Roshan Thomas

Northeastern University
Roshan Thomas is a student of Northeastern University currently pursuing his Masters in Information Assurance. He is a SANS GIAC Certified Incident Handler with around 5 years of experience in the Information Security industry. He occassionally doubles as a bug bounty hunter and have been acknowledged by IBM, HP and HDFC Bank. He has presented in OWASP BASC 2016 on Android Penetration Testing.

Jim Weiler

Starwood Hotels
Application Security Architect at Starwood Hotels for 10 years. Application security manager at Staples for 5 years. Boston OWASP Chapter leader for 12 years. Author and primary editor of OWASP Cheatsheet Managing 3rd Party Javascript.

Michael Weissbacher

Northeastern University
Michael Weissbacher is a PhD student and Research Assistant at the SecLab of Northeastern University. His research interests are focused on the security of web applications on both client and server side.

April Wright

Verizon Wireline
April C. Wright is a Senior Security and Compliance Manager for Verizon Wireline, building SDLC program maturity, implementing eGRC, spearheading threat intelligence, and performing risk reduction with a vengeance via leadership of comprehensive security programs for massive global infrastructures. She is a hacker who has spent the last 25 years as a generalist, breaking, making, fixing, and defending all the things, while playing roles on offensive, defensive, operational, and development teams throughout her career. Specializing in seemingly nothing (except maybe learning about everything in the hope of sharing and employing knowledge), April has collected dozens of certifications to add letters at the end of her name, from Social Engineering to Cloud Security to First Aid to Photography. She once read on the interwebs that researchers at the University of North Carolina released a comprehensive report in 2014 confirming that she is the “most significant and interesting person currently inhabiting the earth”, so it must be true.

You can find out more about this conference at the 2017 BASC Homepage
or by emailing [email protected]
Twitter 32.png