Leaders in APPSEC: THOUGHT LEADERS

Leaders in AppSec is your all-access pass to some of the world's most esteemed cybersecurity experts, academics, and innovators. If you're a security enthusiast, don't miss the opportunity to hear from a diverse range of voices shaping the software security world of tomorrow.

Learn more about our speakers and catch the next event.

Tash Norris

Head Of Cyber Security
Moonpig
During the day Tash is Head of Product Security for Moonpig. Working on all things CloudSec and AppSec related, with a particular fondness for Threat Modelling.Outside of work Tash is one of the co-leads for OWASP Women in AppSec London, and an OWASP project contributor. Tash is also a frequent speaker on blue teaming and threat modelling, a quantum computing nerd and is currently working on a project utilising threat modelling to help target resources against poachers to protect game reserves.

Reena Shah

Head of Security Culture & Skills
Head of Security Culture & Skills

Pieter Danhieux

Co-Founder and CEO
Secure Code Warrior
Pieter Danhieux is a globally recognized security expert, with over 12 years’ experience as a security consultant and 8 years as a Principal Instructor for SANS teaching offensive techniques on how to target and assess organizations, systems, and individuals for security weaknesses. In 2016, he was recognized as one of the Coolest Tech people in Australia (Business Insider), awarded Cybersecurity Professional of the Year (AISA - Australian Information Security Association) and holds GSE, CISSP, GCIH, GCFA, GSEC, GPEN, GWAPT, GCIA certifications.

Ori Troyna

Global Head of Product Security
PayU
Global head of product security at PayU. For the past 10 years, Ori has been specializing in Application security, technologies, SDLC, cloud, mobile in different sized companies. Ori is also the co-chairman of the Israel OWASP chapter.

Neil Schloch

Director, Global Cyber Security
Fiserv
Cyber Security Director leading the Application Security & Software Assurance Program at Fiserv. Neil oversees enterprise cyber security services governing 5,000 developers worldwide, including DAST/SAST, web app pen testing, secure coding training, security champions, and DevSecOps. With 7 years of experience leading 50+ resources in Information Security, he has driven multiple process reengineering efforts, improved service delivery functions, and expanded the supporting cyber security technology footprint.

Meg Anderson

VP/CISO
Principal Financial Group
Meg Anderson leads the Information Security & Risk team for Principal Financial in the role of VP-Chief Information Security Officer. She drives information security strategy for the global Fortune 500 company including security operations, identity and access management, data protection, governance, risk and compliance. Meg participates on a wide variety of CISO councils, is a Board member of the Financial Services Information Sharing and Analysis Center (FS-ISAC) and is chair of the Security and Risk Committee of the board. Previous to the role of VP-CISO, Meg acquired over twenty years of technical and leadership experience in application development. Meg graduated from the University of Iowa with a Bachelor of Business Administration in Management Information Systems.

Matias Madou

CTO & Co-Founder
Secure Code Warrior
Matias Madou, Ph.D. is a security expert, researcher, and CTO and co-founder of Secure Code Warrior. When he is away from his desk, he serves as an instructor for advanced application security training courses and regularly speaks at global conferences including RSA Conference, Black Hat, DefCon, BSIMM, OWASP AppSec, and BruCon. He also loves a Fortnite battle or two (or three, or four… ).

Marilyn Barrios

Global Cybersecurity Services Manager
Motorola Solutions
Marilyn Barrios is the Global Cybersecurity Services Manager at Motorola Solutions. She leads the cybersecurity training, education, and awareness for their workforce. She serves as an advisory board member for the Illinois Institute of Technology's Center for Cybersecurity and Forensics Education, and for ASPIRA of Illinois STEM program. She has also served as an adjunct faculty member at the College of Dupage teaching courses for the STEM program in the Department of Youth Education. In addition, Ms. Barrios serves as a coach/mentor for the United States Air Force (USAF) CyberPatriot program. She presented on cybersecurity workforce development at the National Institute of Standards and Technology-National Initiative for Cybersecurity (NIST-NICE) Conference in 2019 and on MP3 Steganalysis at ForenSecure. Ms. Barrios holds a Master’s degree in computer & information security from the Illinois Institute of Technology.

Lucian Corlan

AppSec Director
Sage
Lucian CorlanLucian is a Director Application Security at SagePay. Lucian holds a number of security certifications – MSc ITSec, MA Security Studies, CISSP, CSSLP (a), CISM, CISA, CEH, OSCP, SABSA Foundation and has previously worked for Betfair in the InfoSec/AppSec Manager and Acting Head of AppSec roles. Lucian has also led one of the Romanian OWASP Chapters and is still involved in OWASP. Before that he worked for several multi-national organisations in the banking (chip card security & app security) and telecom (infra & app security) sectors. If there’s any free time left…, he spends it meddling with astronomy (planetary & galactic), reading philosophy/crypto detective books and dissecting bits of geo-economy politics.

Lewis Bramfitt

CEO
CEO, Bramfitt Labs

Lee Thurlow

AppSec Manager
AppSec Manager

Kevin Fielder

CISO
Just Eat
Passionate and driven CISO who specialises in building teams and delivering security strategy for businesses. Kevin firmly believes that security must enable the business. His mantra is ‘Enabling secure business and technical agility’ and he achieves this by ensuring the security strategy is appropriate for the organisation. He enables businesses to securely achieve their goals and to be trusted by their to their customers, partners and third parties, by building the right strategy for the organisation, taking into account goals, culture, threat and regulatory landscapes. Kevin builds high performing teams to deliver strategies that align to this goal. He is happy hiring people more technical than himself to build the best team. He is comfortable flexing to converse as a ‘business person with a security lens’ with the business and exec, then as a ‘technical person with a security lens’ to the tech teams. This enables him to ensure delivery of improved security behaviour across all areas of the business, plus means he has to keep his technical understanding sharp! Kevin has a proven ability to lead and deliver significant transformational security change in dynamic, fast paced business environments. Kevin believes in building a strong network and giving back to the community, he regularly speaks at, supports and hosts events to bring diverse people together in order to promote and further our industry. He is passionate about improving how we share information, ideas and resources to better protect all of us.

Jo (Shua) Gamradt

Service Manager Rugged DevOps
Optum
Shua has over 15 years of experience in Technology Development and Process Improvement, IT Security, Business Process, Data Management (Data Quality, Data Governance, and Metadata Management), Reporting, Security, and DevOps culture across multiple organizations and platforms.

Jim Manico

Founder
Manicode Security
Jim is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He has an 18 year history of building software as a developer and architect and is a frequent speaker on secure coding practices.

James Bore

Security Consultant
UnderwriteMe
James Bore is a cybersecurity Jack of all trades by vocation and choice. In over a decade he has gathered experience meandering across a range of industry sectors, organisations, and disciplines in IT, always with a focus on championing and improving security. He spends much of his spare time either researching security, keeping bees, running obstacle races, playing with locks, drinking coffee, or preaching the virtue of good security practices and reasons to be fascinated with the field to anyone who will sit or stand still long enough. He has spoken to crowded lecture theatres and sparsely populated wine bars and coffee shops about cyber, has experience communicating clearly with both experts and the merely interested, and always looks forward to new opportunities to promote the field.

Grant Ongers

Co-Founder
Secure Delivery
OWASP Global board member, Grant Ongers is well known in the international InfoSec community (it's hard to forget the beard!). His 10 years plus experience in Dev, 20 years in Ops and 30 years in Sec (mainly white hat) has made him a firm believer that there's no such thing as DevSecOps - just DevOps done right. He is the co-founder of Secure Delivery.

Fatemah Beydoun

VP of Customer Success
Secure Code Warrior
Fatemah Beydoun is a founding team member of Secure Code Warrior, having been an integral part of the company since 2014. Fatemah began her time at Secure Code Warrior as Chief Awesome and Regional Director of APAC between 2014 and 2018. Now as VP of Customer Success and Operations, Fatemah is responsible for turning Secure Code Warrior’s customers into its biggest advocates, improving Customer Success maturity, and leading the Customer Success teams globally.

Derek Hill

Director of Application Security (AppSec) Engineering
ForgeRock
Derek Hill has over 20 years of IT and security experience. He is an active community and mentor instructor in the SANS Institute and for the past two years has served as the Director of AppSec Engineering at ForgeRock

Colin Domoney

Security Architect
CyberProof, a UST Global company
Originally an embedded systems developer working on military grade secure communications systems in South Africa, Colin has over 20 years of development and security expertise in the telecommunications, consumer, medical and financial service industries. His most recent experience was as the technical expert leading a large scale application security programme in a large multinational investment bank, where he was responsible for the deployment and operation of the Veracode service, leading the remediation programme and even deploying a RASP solution.

Cedric Levy-Bencheton

CEO
Cetome
As the CEO of Cetome, Cedric provides advisory on cyber security to IoT manufacturers and critical infrastructure operators. Key achievements: - Training of UK regulators on the NIS Directive. - Security strategy, improvement roadmap and budget - Governance and CISO support - Security by design and DevSecOps Contribution to: - ENISA (IOTSec expert) - OWASP IoT Top 10 and ISVS

Ashutosh Agrawal

Director of Security & Privacy Compliance
DroneDeploy
Ashutosh Agrawal is an experienced Information Security Leader with a long history of building security and privacy programs around NIST 800-53, ISO 27000 series standards. He has implemented key security capabilities for Fortune 500 organizations including secure code-review, penetration testing, threat modelling, DevSecOps, security metrics, vulnerability management, open-source management, security training etc.

Anthony Johnson

Managing Partner
Delve Risk
Anthony Johnson is a Managing Partner at Delve Risk, where he leads a practice focused on driving technology and risk management transformation on behalf of their clients. He brings extensive technical and executive leadership experience to the practice while also serving as a technology advisor to a number of software solution providers. Anthony is a graduate of Indiana University, where he received a Masters of Business Administration (MBA) and of Regis University where he received a BS in Computer Information Systems

Andreas Meister

AppSec & Software Engineering Team Lead
SBB Berufswelten
Currently working as AppSec team lead at SBB, Andreas has a passion for software architecture, agile methods, code design, DevSecOps and of course, his team. He has many years of experience in these areas, both in an SME environment and on large scale projects.

Aaron Bedra

Senior Software Engineer
DRW
Aaron Bedra is always exploring new and interesting ways to break and defend software. He is a Senior Software Engineer at DRW, where he works at the intersection of software, security, and business. Aaron has served as a Chief Scientist, Chief Security Officer, Chief Technology Officer, and Principal Engineer/Architect. He has worked professionally on programming languages, most notably Clojure and ClojureScript. Aaron is the creator of Repsheet, an open source threat intelligence toolkit. He is the co-author of Programming Clojure, 2nd and 3rd Edition and a contributor to Functional Programming: A PragPub Anthology.

Reena Shah

Head of Security Culture & Skills
Head of Security Culture & Skills

Meg Anderson

VP/CISO
Principal Financial Group
Meg Anderson leads the Information Security & Risk team for Principal Financial in the role of VP-Chief Information Security Officer. She drives information security strategy for the global Fortune 500 company including security operations, identity and access management, data protection, governance, risk and compliance. Meg participates on a wide variety of CISO councils, is a Board member of the Financial Services Information Sharing and Analysis Center (FS-ISAC) and is chair of the Security and Risk Committee of the board. Previous to the role of VP-CISO, Meg acquired over twenty years of technical and leadership experience in application development. Meg graduated from the University of Iowa with a Bachelor of Business Administration in Management Information Systems.

Marilyn Barrios

Global Cybersecurity Services Manager
Motorola Solutions
Marilyn Barrios is the Global Cybersecurity Services Manager at Motorola Solutions. She leads the cybersecurity training, education, and awareness for their workforce. She serves as an advisory board member for the Illinois Institute of Technology's Center for Cybersecurity and Forensics Education, and for ASPIRA of Illinois STEM program. She has also served as an adjunct faculty member at the College of Dupage teaching courses for the STEM program in the Department of Youth Education. In addition, Ms. Barrios serves as a coach/mentor for the United States Air Force (USAF) CyberPatriot program. She presented on cybersecurity workforce development at the National Institute of Standards and Technology-National Initiative for Cybersecurity (NIST-NICE) Conference in 2019 and on MP3 Steganalysis at ForenSecure. Ms. Barrios holds a Master’s degree in computer & information security from the Illinois Institute of Technology.

Lucian Corlan

AppSec Director
Sage
Lucian CorlanLucian is a Director Application Security at SagePay. Lucian holds a number of security certifications – MSc ITSec, MA Security Studies, CISSP, CSSLP (a), CISM, CISA, CEH, OSCP, SABSA Foundation and has previously worked for Betfair in the InfoSec/AppSec Manager and Acting Head of AppSec roles. Lucian has also led one of the Romanian OWASP Chapters and is still involved in OWASP. Before that he worked for several multi-national organisations in the banking (chip card security & app security) and telecom (infra & app security) sectors. If there’s any free time left…, he spends it meddling with astronomy (planetary & galactic), reading philosophy/crypto detective books and dissecting bits of geo-economy politics.

Lewis Bramfitt

CEO
CEO, Bramfitt Labs

Lee Thurlow

AppSec Manager
AppSec Manager

Kevin Fielder

CISO
Just Eat
Passionate and driven CISO who specialises in building teams and delivering security strategy for businesses. Kevin firmly believes that security must enable the business. His mantra is ‘Enabling secure business and technical agility’ and he achieves this by ensuring the security strategy is appropriate for the organisation. He enables businesses to securely achieve their goals and to be trusted by their to their customers, partners and third parties, by building the right strategy for the organisation, taking into account goals, culture, threat and regulatory landscapes. Kevin builds high performing teams to deliver strategies that align to this goal. He is happy hiring people more technical than himself to build the best team. He is comfortable flexing to converse as a ‘business person with a security lens’ with the business and exec, then as a ‘technical person with a security lens’ to the tech teams. This enables him to ensure delivery of improved security behaviour across all areas of the business, plus means he has to keep his technical understanding sharp! Kevin has a proven ability to lead and deliver significant transformational security change in dynamic, fast paced business environments. Kevin believes in building a strong network and giving back to the community, he regularly speaks at, supports and hosts events to bring diverse people together in order to promote and further our industry. He is passionate about improving how we share information, ideas and resources to better protect all of us.

Grant Ongers

Co-Founder
Secure Delivery
OWASP Global board member, Grant Ongers is well known in the international InfoSec community (it's hard to forget the beard!). His 10 years plus experience in Dev, 20 years in Ops and 30 years in Sec (mainly white hat) has made him a firm believer that there's no such thing as DevSecOps - just DevOps done right. He is the co-founder of Secure Delivery.

Cedric Levy-Bencheton

CEO
Cetome
As the CEO of Cetome, Cedric provides advisory on cyber security to IoT manufacturers and critical infrastructure operators. Key achievements: - Training of UK regulators on the NIS Directive. - Security strategy, improvement roadmap and budget - Governance and CISO support - Security by design and DevSecOps Contribution to: - ENISA (IOTSec expert) - OWASP IoT Top 10 and ISVS

Anthony Johnson

Managing Partner
Delve Risk
Anthony Johnson is a Managing Partner at Delve Risk, where he leads a practice focused on driving technology and risk management transformation on behalf of their clients. He brings extensive technical and executive leadership experience to the practice while also serving as a technology advisor to a number of software solution providers. Anthony is a graduate of Indiana University, where he received a Masters of Business Administration (MBA) and of Regis University where he received a BS in Computer Information Systems

Aaron Bedra

Senior Software Engineer
DRW
Aaron Bedra is always exploring new and interesting ways to break and defend software. He is a Senior Software Engineer at DRW, where he works at the intersection of software, security, and business. Aaron has served as a Chief Scientist, Chief Security Officer, Chief Technology Officer, and Principal Engineer/Architect. He has worked professionally on programming languages, most notably Clojure and ClojureScript. Aaron is the creator of Repsheet, an open source threat intelligence toolkit. He is the co-author of Programming Clojure, 2nd and 3rd Edition and a contributor to Functional Programming: A PragPub Anthology.

Tash Norris

Head Of Cyber Security
Moonpig
During the day Tash is Head of Product Security for Moonpig. Working on all things CloudSec and AppSec related, with a particular fondness for Threat Modelling.Outside of work Tash is one of the co-leads for OWASP Women in AppSec London, and an OWASP project contributor. Tash is also a frequent speaker on blue teaming and threat modelling, a quantum computing nerd and is currently working on a project utilising threat modelling to help target resources against poachers to protect game reserves.

Pieter Danhieux

Co-Founder and CEO
Secure Code Warrior
Pieter Danhieux is a globally recognized security expert, with over 12 years’ experience as a security consultant and 8 years as a Principal Instructor for SANS teaching offensive techniques on how to target and assess organizations, systems, and individuals for security weaknesses. In 2016, he was recognized as one of the Coolest Tech people in Australia (Business Insider), awarded Cybersecurity Professional of the Year (AISA - Australian Information Security Association) and holds GSE, CISSP, GCIH, GCFA, GSEC, GPEN, GWAPT, GCIA certifications.

Ori Troyna

Global Head of Product Security
PayU
Global head of product security at PayU. For the past 10 years, Ori has been specializing in Application security, technologies, SDLC, cloud, mobile in different sized companies. Ori is also the co-chairman of the Israel OWASP chapter.

Neil Schloch

Director, Global Cyber Security
Fiserv
Cyber Security Director leading the Application Security & Software Assurance Program at Fiserv. Neil oversees enterprise cyber security services governing 5,000 developers worldwide, including DAST/SAST, web app pen testing, secure coding training, security champions, and DevSecOps. With 7 years of experience leading 50+ resources in Information Security, he has driven multiple process reengineering efforts, improved service delivery functions, and expanded the supporting cyber security technology footprint.

Matias Madou

CTO & Co-Founder
Secure Code Warrior
Matias Madou, Ph.D. is a security expert, researcher, and CTO and co-founder of Secure Code Warrior. When he is away from his desk, he serves as an instructor for advanced application security training courses and regularly speaks at global conferences including RSA Conference, Black Hat, DefCon, BSIMM, OWASP AppSec, and BruCon. He also loves a Fortnite battle or two (or three, or four… ).

Jo (Shua) Gamradt

Service Manager Rugged DevOps
Optum
Shua has over 15 years of experience in Technology Development and Process Improvement, IT Security, Business Process, Data Management (Data Quality, Data Governance, and Metadata Management), Reporting, Security, and DevOps culture across multiple organizations and platforms.

Jim Manico

Founder
Manicode Security
Jim is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He has an 18 year history of building software as a developer and architect and is a frequent speaker on secure coding practices.

James Bore

Security Consultant
UnderwriteMe
James Bore is a cybersecurity Jack of all trades by vocation and choice. In over a decade he has gathered experience meandering across a range of industry sectors, organisations, and disciplines in IT, always with a focus on championing and improving security. He spends much of his spare time either researching security, keeping bees, running obstacle races, playing with locks, drinking coffee, or preaching the virtue of good security practices and reasons to be fascinated with the field to anyone who will sit or stand still long enough. He has spoken to crowded lecture theatres and sparsely populated wine bars and coffee shops about cyber, has experience communicating clearly with both experts and the merely interested, and always looks forward to new opportunities to promote the field.

Derek Hill

Director of Application Security (AppSec) Engineering
ForgeRock
Derek Hill has over 20 years of IT and security experience. He is an active community and mentor instructor in the SANS Institute and for the past two years has served as the Director of AppSec Engineering at ForgeRock

Colin Domoney

Security Architect
CyberProof, a UST Global company
Originally an embedded systems developer working on military grade secure communications systems in South Africa, Colin has over 20 years of development and security expertise in the telecommunications, consumer, medical and financial service industries. His most recent experience was as the technical expert leading a large scale application security programme in a large multinational investment bank, where he was responsible for the deployment and operation of the Veracode service, leading the remediation programme and even deploying a RASP solution.

Ashutosh Agrawal

Director of Security & Privacy Compliance
DroneDeploy
Ashutosh Agrawal is an experienced Information Security Leader with a long history of building security and privacy programs around NIST 800-53, ISO 27000 series standards. He has implemented key security capabilities for Fortune 500 organizations including secure code-review, penetration testing, threat modelling, DevSecOps, security metrics, vulnerability management, open-source management, security training etc.

Andreas Meister

AppSec & Software Engineering Team Lead
SBB Berufswelten
Currently working as AppSec team lead at SBB, Andreas has a passion for software architecture, agile methods, code design, DevSecOps and of course, his team. He has many years of experience in these areas, both in an SME environment and on large scale projects.

Fatemah Beydoun

VP of Customer Success
Secure Code Warrior
Fatemah Beydoun is a founding team member of Secure Code Warrior, having been an integral part of the company since 2014. Fatemah began her time at Secure Code Warrior as Chief Awesome and Regional Director of APAC between 2014 and 2018. Now as VP of Customer Success and Operations, Fatemah is responsible for turning Secure Code Warrior’s customers into its biggest advocates, improving Customer Success maturity, and leading the Customer Success teams globally.