This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

2018 BASC Speakers

Revision as of 21:45, 22 October 2018 by Laberdale (talk | contribs) (Fixed spacing)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Home | Agenda | Code of Conduct | Presentations | Workshops | Speakers | Twitter 32.png

Platinum Sponsors

HackerOne Black Duck Software Optiv Veracode

Gold Sponsors

Checkmarx Dell Qualys nVisium GoSecure


Silver Sponsor


Please help us keep BASC free by viewing and visiting all of our sponsors.

Brock Allen

Solliance, Inc.
Currently Brock is an independent consultant specializing in .NET, web development, and web-based security with 25 years of industry experience. Brock is the co-author of many security related open source frameworks including IdentityServer, which is a popular open source OpenID Connect and OAuth2 framework for ASP.NET Core. He also frequently posts to the ASP.NET forums, is a MVP for ASP.NET/IIS, and a contributor to the ASP.NET platform.

Stephen Allor

Secure Code Warrior
Steve Allor is Director of the Americas for Secure Code Warrior, a global security company that makes software development better and more secure. Since joining Secure Code Warrior soon after its inception, Steve has been passionate about helping large global enterprises in the finance, technology and telecommunications industries to scale an engaging, interactive learning approach, enabling these organizations to rally their developers as the first line of defense in their cybersecurity strategies. Over the past 20 years, Steve has held various executive leadership roles in sales, business development and marketing for technology companies, where his focus was on enabling customer success as he helped scale and grow the business. Steve has earned a Bachelor of Science degree in Marketing at Boston College Carroll School of Management, as well as a Master of Business Administration at Harvard. LinkedIn:

Philippe Arteau

Philippe is a security researcher working for GoSecure. His research is focused on Web application security. His past work experience includes pentesting, secure code review and software development. He is the author of the widely-used Java static analysis tool Find Security Bugs. He is also a contributor to the static analysis tool for .NET called Security Code Scan. He built many plugins for Burp and ZAP proxy tools: Retire.js, Reissue Request Scripter, CSP Auditor and many others. He presented at several conferences including Black Hat Arsenal, ATLSecCon, NorthSec, Hackfest (QC), 44CON and JavaOne.

Phil Barrows

MEI Security
Phil Barrows' first exposure to computer security came in the United States Air Force where he maintained radar digitizing equipment for the airspace defense of the USA, holding a secret security clearance. After service, Phil spent over 20 years in the engineering, manufacturing, and distribution of world leading products in the electro-optics realm. In the last 5 years Phil got pulled into cyber security full time. Phil is a member of InfraGard and leads MEI Security’s weekly InfoSec industry certification study group to help bolster the ranks of people standing on the front lines of Information Security.

Jessica Boy

Dun & Bradstreet
Jessica joined the IT Security world in 2014. After being accepted into an internship program, her role was focused on Application Security; primarily managing/coordinating projects with application teams. This evolved into a larger focus on penetration testing, managing Application Security QA, and delivery of core key metrics. She also helps facilitate third party vendors, schedules assessments, and orchestrates communication with application teams.

Bryan Brannigan

Bryan Brannigan is a business-minded technologist and leader of all things infosec at Upserve. He is an advocate of defensible security practices, a supporter of reality, and practitioner of common sense. Bryan has worked in infosec for 9 years in roles that include security operations, incident response, data loss, architecture, and management.

Angelo Castigliola

Angelo is a Principal Consultant with Optiv Security. Angelo has over 15 years of experience in Security, Consulting, and Programming. He has had a lifelong interest in computer security. Angelo was presented a Cybersecurity award from the Department of Homeland Security for his contributions to President Obama’s Cyberspace Policy Review and The Comprehensive National Cybersecurity Initiative. His work as a Cyber Security expert has been recognized by Maine U.S. Senator Susan Collins. The Cyber Security Grassroots initiative developed by Angelo “will make a difference in our communities and in our state,” Senator Collins said.

Erik Costlow

Contrast Security
Erik Costlow was Oracle's principal product manager for Java 8 and 9, focused on security and performance. His security expertise from managing Fortify's products involves threat modeling, code analysis, and instrumentation of security sensors. He working to is broaden this approach to security with Contrast Security. Before becoming involved in technology, Erik was a circus performer who juggled fire on a three-wheel vertical unicycle.

Deidre Diamond

Deidre Diamond is the Founder/CEO of national cyber security staffing, research and technology company CyberSN (, the Founder of #brainbabe ( and an ICMCP Strategic Board Member. Deidre was previously the CEO of Percussion Software, the first VP of Sales at Rapid7 (NYSE:RPD) and the VP of Sales at Motion Recruitment.

Brent Dukes

Brent Dukes is a systems and security engineer with 14 years' experience working with radio communications and IoT systems from hardware through SaaS. He has experience providing electronics reverse engineering training, but wants everyone to know he enjoys hacking ALL the things when he's not gearing up for his next CTF!

Andrew Gronosky

Andrew Gronosky is a lifetime OWASP member who has been active in the Boston chapter since 2009. As a research scientist at BBN Technologies he co-developed the patented software Crumple Zone resilient security architecture, and was security architect for the DoD-accredited TAK server. Andrew is currently a Principal Software Engineer at Pegasystems, where he is leading the threat modeling initiative.

John Hammond

US Coast Guard
US Coast Guard hacker and CTF enthusiast. USCG Academy Cyber Team Captain who led the team to winning placements in multiple competitions, both civilian and military. Personally developed training material & infosec challenges, and briefed multiple VIPs on cyber security (USCG Commandant, members of Congress, DHS NPPD Undersecreary). Instructor and curriculum author for Coast Guard course on "Introduction to Linux," with gamifying learning material and classroom activities. Online YouTube personality to showcase programming tutorials, cyber security guides, and CTF video walkthroughs.

Robert Hurlbut

Bank of America
Robert Hurlbut, is a Threat Modeling Architect / Lead at Bank of America. Robert is a Microsoft MVP for Developer Security and Technologies and holds the (ISC)2 CSSLP security certification. Robert has 30 years of industry experience in secure security, software architecture, and software development. He speaks at user groups, national and international conferences, and has provided training for many companies in the past. Robert is also a co-host of the Application Security Podcast at - follow on Twitter @AppSecPodcast .

Katie Knowles

MWR InfoSecurity
Katie Knowles is an information security practitioner with a love of exploration. As a Security Consultant with MWR InfoSecurity, she serves as a penetration tester to assure the security of client networks and applications as a penetration tester. Her previous work in security engineering grants her a passion to ensure the security teams she supports are equipped to quickly reduce risk and support the new business projects securely. Katie holds OSCP and GPEN certifications, and earned her BS in Electrical Engineering at RIT. She firmly believes in growing alongside her peers, contributing to strong teams, and good time spent on intriguing projects.

Chris Olson

The Media Trust
Chris Olson co-founded The Media Trust and continues to shape its vision and direction. Prior to founding the company, Olson served in leadership positions for various high tech and ad technology companies. He is a board member of the Interactive Advertising Bureau's Advertising Technology Council and regularly speaks about cybersecurity trends and best practices at industry events, including events such as Black Hat, Evanta, FS-ISAC and RSA. Olson earned his bachelor’s degree from Georgetown University, Washington, DC and an Executive MBA from the New York University Stern School of Business.

Kristen Pascale

Kristen Pascale has worked as part of the Dell PSIRT for over 6 years. Prior to that, she worked at Fidelity Investments for 14 years supporting implementations and data management in the 401(k) retirement sector . She spends most of her spare time with her four boys. She is an avid runner and enjoys travelling with her family.

Dzung Pham

Visa, Inc.
Dzung is a mobile security engineer at Visa. She discovered the world of cybersecurity in the Boston Security Meetup and has been hooked every since. Before Visa, she worked as a security consultant for Synopsys.

Joshua Piotrowski

Dun & Bradstreet
Josh has always had an interest in computer hacking and application security. From using tools like Cheat Engine, he moved towards the application development track and eventually IT Security. As his role evolved from Identity and Access Management, he took up arms in the Application Security realm where his core focus is on conducting manual ethical hacking while aiming to become a breaker of all things!

Milan Shah

Uptycs, Inc.
Milan is a serial entrepreneur with a track record of building and leading cutting edge cybersecurity technology companies. Prior to co-founding Uptycs, Milan was SVP of Products and Engineering at Core Security, where he formulated a vision for a new class of automated pen testing solutions. Milan has also served as VP of Engineering at CA Technologies and IMlogic, which was successfully acquired by Symantec. The first part of his career was spent as a member of the early Windows NT development team, and he was a key architect of Microsoft Exchange. Milan holds a Masters in EECS degree from MIT, and a Bachelors in EECS from University of Illinois, Urbana.

Vik Solem

MEI Security
Vik Solem takes physical and information security seriously, bringing lessons learned from over 30 years experience in IT at such firms as BBN, AtStake, Symantec, and Tufts University. Throughout his career, Vik, a CISSP, has worked passionately on cryptanalysis, forensics, comprehensive risk assessments, vulnerability identification & mitigation, “white hat” penetration testing, security policies, and other aspects of information security in our constantly evolving threatscape. He has presented numerous times on cost-effective security best practices for small and medium sized businesses at client locations and regional conferences. Vik is a contributor to the security related organizations ASIS and InfraGard, and organizes the monthly New England Small Business Security Meetup.

Tania Ward

Tania Ward has worked as part of Dell PSIRT for over 5 years. Prior to that, she had worked at Microsoft for just under 14 years working on products from SQL Server, Windows Live to Microsoft Office. In her spare time she volunteers as an EMT in her local town as well as a ski patroller at Wachusett Mountain Ski Resort.

Eitan Worcel

Eitan Worcel was an experienced developer with years of experience in the area of Application Security testing. A few years ago, Eitan crossed sides from the development organization into the product management world and now is leading the Application Security on Cloud service which helps users to secure their web or mobile applications. Eitan has worked closely with a wide range of customers assisting them in their quest to build secured web and mobile applications. He had participated in panels and presented in security events around the world, along with writing a numerous of blogs on the Application Security topic.

You can find out more about this conference at the 2018 BASC Homepage
or by emailing [email protected]
Twitter 32.png