This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Difference between revisions of "User:Mtesauro"

Jump to: navigation, search
(Updated my profile page on the wiki)
(Removed old DevOps info from my profile page)
Line 10: Line 10:
* To see my wiki contributions, [[:Special:Contributions/Mtesauro|click here]].
* To see my wiki contributions, [[:Special:Contributions/Mtesauro|click here]].
* [mailto:[email protected] Email address].
* [mailto:[email protected] Email address].
= DevOps aka IT Admin OWASP =
[Note this is old information from when I was a contractor for the OWASP Foundation]
In theory, I work 10 hours per week on OWASP IT administration and sundry tech related issues for OWASP.  I tend to exceed that on a regular basis since I want the IT operations side of OWASP to work so well its invisible to the community - but, hey, that's life.
<u>What I work on:</u>
# Keeping the OS and software which runs the various OWASP servers up to date
# Hardening the various OWASP servers
# Keeping up to speed on new software releases, security vulnerabilities and other things impaction IT operations for OWASP
# Managing SSL certificates, Domain names and DNS
# Documenting existing IT infrastructure, processes and methods of operation
# Co-Administration of the Foundation's Google Apps account with several staff memebers
# Mail list administration, WordPress updates, installations and hardening
# Providing advice and updates to staff/board on various IT issues
# Managing the Barracuda Anti-SPAM gateway which filters mail list emails
# Setting up and managing the Akamai CDN for the OWASP wiki
# Manage backups for all staff laptops
<u>What the IT infrastructure looks like:</u>
* The OWASP Wiki - aka this site which runs MediaWiki
* The [ OWASP Mail list] - which runs Mailman version 2.x
* Various confernece websites depending on the time of year including:
** [ AppSec APAC]
** [ AppSec EU]
** [ AppSec USA]
** [ AppSec California]
* Archives of previous conference sites
* Several minor sites for things like Salesforce integration, redirects or other minor web content
The majority of our infrastructure runs on Rackspace's Cloud infrastructure.  For those systems at Rackspace, I provide the following:
* Create cloud servers as needed for various OWASP initiatives
* Manage OS and Linux distribution provided updates
* Manage the updates of additional software installed on the servers (e.g. MediaWiki)
* Trouble shoot any operational issues
* Backups of the server
** Full VM backups on a daily basis
** File-level backups on a daily basis
** Database backups on a daily basis
* Setup monitoring and alerts for performance, availability and system resources (RAM, CPU, disk space, ...)
** React to monitoring alerts as needed
* Configure outbound SMTP handling via Smart hosts using [ Mailgun]
* Conference site specific maintenance
** Creation of DNS, redirects and conference site setup for each years site
** Archival of the conference site prior to transitioning to the next years conference
** Monitoring WordPress admin access plus software and plugin updates
<u>How I prioritize the work:</u>
# Current operations issues which impact production 
# Assisting with time critical requests or changes
# Software updates, OS updates and general good IT hygene
# Automation of existing processes, installations or hardening steps
# Correcting existing weaknesses and non-optimal configurations
# New initiatives or services
# Gold plating existing services
{{#widget:PayPal Donation
{{#widget:PayPal Donation

Revision as of 04:04, 11 September 2018

General info

Matt Tesauro is the Director of Community and Operations at the OWASP Foundation.

Bio: Matt Tesauro is currently the Director of Community and Operations at the OWASP Foundation.  Prior to his current role, he was a Senior AppSec Engineer building an AppSec Pipeline and continuous security program for Duo Security.  Previously, he was a founder and CTO of Infinitiv, a Senior Software Security Engineer at Pearson and the Senior Product Security Engineer at Rackspace.  He is also an Adjunct Professor for the University of Texas Computer Science department teaching the next generation of CS students about Application Security.  Matt is broadly experienced information security professional of 15 years specializing in application and cloud security. He has also presented and provided trainings at various international industry events including DHS Software Assurance Workshop, OpenStack Summit, SANS AppSec Summit, AppSec US, EU and LATAM.  His work has included security consulting, penetration testing, threat modeling, code reviews, training and teaching at the University of Texas and Texas A&M University. He is a former board member of the OWASP Foundation and project lead for OWASP AppSec Pipeline & WTE projects. WTE is a collection of application security testing tools and the AppSec Pipeline project brings lessons from DevOps and Agile into Application Security. He holds two degrees from Texas A&M University and several security and Linux certifications.

For more detailed information, please see my public LinkedIn page.

Gratuitous place to put links to things: