This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

OWASP AppSec DC 2012/The Easy Button for Your Web Application Security Career

Revision as of 20:28, 3 April 2012 by Mark.bristow (talk | contribs) (Salvador Grec)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Registration Now OPEN! | Hotel | Schedule | Convention Center |

The Presentation

Note: I am open to other presentation options as well, including shortening it to be a turbo talk or pulling together a panel.
The web application security field has been rapidly growing over the past decade due in part to the continued webinization of the world in combination of ever evolving government laws and regulations, industry compliance requirements, and the ongoing increases in online crime. If you have an interest in the web and security, there has never been a better time to make the transition into this specialization. For those already practicing in this field it's a great time to take advantage of this rapid growth and managing your career to most efficiently meet your goals. Although many career presentations or articles leave people motivated, they don't often provide the quick next steps that participants can take home and immediately start implementing. This presentation tries to overcome this deficiency by not only discussing career planning basics but also providing a career "easy" button with a template framework and actions audience members can start working on immediately. The talk begins with a look at the basic principles of career planning and continues on to introduce the three concepts of a tactical triad, catalysts, and a neural-like career path that represent common threads to use throughout your career stages. It then weaves these threads through the career phases of foundation, transition, and mid-career, and later career in order to help participants most efficiently meet their goals. It concludes with how this strategy fits in with current government career initiatives and a cheatsheet that audience members can use as a tool to start taking action immediately.
The general outline of the talk will be something like the following.
* Introduction * Overarching Principle * Concepts o Tactical Triad o Catalysts o Neural Network Path * Foundation o Tactical Triad o Catalysts o Neural-Like Path * Transitioning into Security o Tactical Triad o Catalysts o Neural-Like Path * Later in Your Career o Tactical Triad o Catalysts o Neural-Like Path * Even More Later in Your Career o Tactical Triad o Catalysts o Neural-Like Path * Government Initiatives * Cheatsheet * Conclusion

The Speakers

Salvador Grec

Owasp logo normal.jpg
Salvador Grec has over 16 years experience, undergraduate and graduate degrees in Electrical Engineering, and a really well known security certification. Even though his training was in Electrical Engineering, Sal has always been more of a Computer Science person at heart going back to his VIC-20, Commodore 64, and high school computer club days. After doing the IT grind for 5 years, he discovered his love of infosec and has been pursuing this career ever since. Currently, he spends his days doing cyber security paperwork drills in building and maintaining multi-billion dollar government systems. At night he runs a local infosec website at and tries to get some hands-on skillz.

Gold Sponsors

Aspect logo owasp.jpg AppSecDC2009-Sponsor-securicon.gif AppSecDC2009-Sponsor-mandiant.gif AppSecDC2012-ISC2.gif

Silver Sponsors


Small Business

AppSecDC2012-Sponsor-sideas.gif BayShoreNetworks.png


link= Codenomicon WhiteHat Logo.png AppSecDC2012-HP.jpg WSI - Logo.jpg