Appearance
Open Web Application Security Project (OWASP), Portland, Oregon
44 podcasts
Title: Michael Allen Lake - From the JEDI Initiative to the New U.S. Digital Corps
Guests: Michael Allen Lake
Date: October 10, 2021
Hosts: David Quisenberry
Description:
Our special guest today is Michael Allen Lake who is a digital transformation consultant focused on innovation and change adoption within the Federal government. He has worked on projects at nine different Federal agencies. His experience ranges from helping organizations leverage data as a strategic asset to the adoption and promotion of enterprise-wide cloud computing and artificial intelligence initiatives. In addition, Michael researches and publishes articles on the diplomatic history of the United States and Mongolia. He is also a volunteer with the Medical Reserve Corps, and co-hosts a YouTube channel on Star Wars called Never Tell Us the Odds. You can find more about Michael and his thoughts at YaksOnTheRunway.com.
Title: Sarba Roy - The Security World Is Your Oyster and You Are the Pearl
Guests: Sarba Roy
Date: August 01, 2021
Hosts: John L. Whiteman, David Quisenberry
Description:
Our special guest today is Sarba Roy. Sarba is currently a Product Security Consultant at Umpqua Bank where she is collaborating and acting as a security advisor to the product teams when new digital technologies and/or business needs are identified. She is also the Oregon Affiliate Membership Chair for Women In CyberSecurity (WiCyS), and she also the Oregon Chapter Lead for Infosec Girls and a founding member of WomenH2H, a global community for women leaders and changemakers. She is also a passionate volunteer and advocate for women’s empowerment and education equity while being an artist, writer and mentor at heart, dedicated to helping individuals and organizations to become more compassionate, curious and cybersmart.
Title: Aarti Gadhia - Doing Real Work in Bridging the Diversity Gap in Cybersecurity Leadership
Guests: Aarti Gadhia
Date: June 30, 2021
Hosts: David Quisenberry, John L. Whiteman
Description:
Our special guest today is Aarti Gadhia. She is a highly successful cybersecurity professional who has worked in various leadership roles in sales and marking for well-known companies such as Bugcrowd, Carbon Black, Trend Micro and Sophos. Aarti is also the founder of Standout to Lead and SHE (Sharing Her Empowerment). Aarti is passionate about bridging the diversity gap in STEM and in leadership. She recently presented at our OWASP AppSec Pacific Northwest Conference on the topic of Women in Appsec: Advice to Differentiate Your Skills. As a podcast bonus, you will learn about how a childhood lesson in making roti with her mother helped shape Aarti to become the strong leader she is today.
Title: Jeff Williams - We Are in the Stone Age for Application Security
Guests: Jeff Williams
Date: June 23, 2021
Hosts: David Quisenberry, John L. Whiteman
Description:
Our special guest today is Jeff Williams, Co-Founder and CTO of Contrast Security. Jeff was one of the pioneering members who formed the Open Web Application Security Project® (OWASP). Not only did he chair it, he also contributed to many successful open source projects, including WebGoat, the OWASP Application Security Verification Standard (ASVS), the OWASP Top Ten and much more. Without him and others we would not be doing this podcast today. Besides founding Contrast Security in 2014, he started Aspect Security in 2002. Jeff got his law degree at Georgetown University Law Center along with a computer science and psychology degree at the University of Virginia. In the early 1990's, he built high assurance systems for the U.S. Navy and taught the INFOSEC curriculum for the NSA during the good old days of the Orange Book - a trusted computer system evaluation criteria for the U.S. Department of Defense.
Title: Frank Heidt - CEO and Co-Founder of Leviathan Security Group
Guests: Frank Heidt
Date: June 18, 2021
Hosts: David Quisenberry, John L. Whiteman
Description:
Our special guest today is Frank Heidt who is the CEO and Co-Founder at Leviathan Security Group. Frank is a recognized expert in the fields of information assurance, network security and systems penetration. Prior to starting Leviathan, Frank was a managing security architect for @stake. He also engaged in various computer and networking security projects for the U.S. Department of Defense and the U.S. Department of the Navy. You can watch Frank speak at various TEDx conferences online. Frank is also a master at the living art of bonsai. Check out his delightful Jigsaw Bonsai Workshop on YouTube.
Title: Rebekah Brown and Scott J. Roberts - Intelligence-Driven Incident Response
Guests: Rebekah Brown, Scott J. Roberts
Date: June 13, 2021
Hosts: David Quisenberry, John L. Whiteman
Description:
Our guests today are Rebekah Brown and Scott J. Roberts. They wrote a seminal book together called Intelligence-Driven Incident Response: Outwitting the Adversary. Both have extensive backgrounds in information security. Rebekah started her work as an intelligence and network warfare analyst while honorably serving in the United States Marine Corps, and Scott comes from a more traditional yet impressive background in defensive network security. Both are SANS instructors. To understand its enemy, an organization must first understand its threats by analyzing the data it collects. How to do this effectively is what we will discuss today. Definitely check out their book and listen to this podcast for a surprise announcement.
Title: Farshad Abasi and Roberto Salgado - Our New Pacific Northwest Application Security Conference (PNWSEC)
Guests: Farshad Abasi, Roberto Salgado
Date: May 29, 2021
Hosts: David Quisenberry, John L. Whiteman
Description:
On Saturday, June 19, 2021 something very special is going to happen. For the first time, a perfect trifecta of OWASP chapters in the Pacific Northwest are getting together to host a virtual conference focused on serious application security. It's called the Pacific Northwest Application Security Conference (PNWSEC). The chapters hosting this fine event are from the beautiful, breathtaking Canadian cities of Vancouver and Victoria B.C. and to the south in the States, Portland, Oregon. Our guests today are Farshad Abasi and Roberto Salgado along with our host David Quisenberry, each a leader of the same OWASP chapters respectively.
Title: Jonathan Badeen - Tinder Co-Founder - Flirting With Fire: A Conversation about Start-ups, Evolving App Sec, and His Path of Creation
Guests: Jonathan Badeen
Date: April 04, 2021
Hosts: David Quisenberry, John L. Whiteman
Description:
Our special guest today is Jonathan Badeen, He is one of the co-founders of Tinder and has been its Chief Strategy Officer since March 2016. He is a programmer, designer and inventor, including Tinder's famous #SwipeRight feature. His other work experiences include Cardify, Chegg Flashcards, Casting Networks' FastCapture & Match Made. He is also an actor with credits in Zombie Wars (2007), The Proposal (2008) and Swiped: Hooking Up in the Digital Age (2018). And if that ain't enough … Jonathan is also lifelong friends with our very own OWASP PDX Chapter President, David Quisenberry.
Title: Nabil Hannan - I Can Teach Someone to Be Smart, but I Can't Teach Someone to Be Clever When It Comes to Training a Pentester; A Pentester Must Be the Latter
Guests: Nabil Hannan
Date: March 06, 2021
Hosts: David Quisenberry, John L. Whiteman
Description:
Our guest today is Nabil Hannan, who is a Managing Director at NetSPI. He leads the company’s consulting practice, focusing on helping clients solve their cyber security assessment, and threat & vulnerability management needs. He has over 13 years of experience in cyber security consulting from his tenure at Cigital/Synopsys Software Integrity Group. Nabil has also worked as a Product Manager at Research In Motion (now, of course, BlackBerry) and has managed several flagship initiatives and projects through the full software development life cycle. You must also check out Nabil's podcast - Agent of Influence.
Title: John Strand - Running a Security Company Is to Do Illegal Things With Permissions
Guests: John Strand
Date: February 20, 2021
Hosts: David Quisenberry, John L. Whiteman
Description:
John Strand is our special guest today. He is the owner of Black Hills Information Security - a company that specializes in penetration testing and security architecture services. He is also cofounder of Active Countermeasures. He created the popular Backdoors and Breaches incident response card game. He wrote a book called Offensive Countermeasures (The Art of Active Defense). He can watch him along with other great guests on the Black Hills Information Security Podcast on YouTube.
Title: Lewis Ardern and PwnFunction - Discovering Clever Ways to Exploit the Vue.js JavaScript Framework
Guests: Lewis Ardern, PwnFunction
Date: February 12, 2021
Hosts: David Quisenberry, John L. Whiteman
Description:
Our special guests today are Lewis Ardern and PwnFunction. Lewis is an Associate Principal Consultant at Synopsys where he focuses on web application security. He is also an organizer for the OWASP Bay Area Chapter. Check out his new SecuriTEA and Crumpets videos on YouTube. PwnFunction is an independent security consultant. He makes popular hacking videos on YouTube. He also created a popular online cross-site scripting (XSS) game where you can learn offensive techniques from basic to advance skill sets.
Title: Volko Ruhnke, Adam Shostack and Hadas Cassorla - Building Games to Teach Real-World Security
Guests: Adam Shostack, Hadas Cassorla, Volko Ruhnke
Date: January 23, 2021
Hosts: David Quisenberry, John L. Whiteman
Description:
We have three very special guests today. All come from different backgrounds but share a common interest in gaming - the kind that can be used to teach you things, like how to become better at handling security incidents or winning a historical insurrection.
Title: Caroline Wong - What a Top Chief Strategy Officer Has to Say About Security These Days
Guests: Caroline Wong
Date: October 17, 2020
Hosts: Kendra Ash, John L. Whiteman
Description:
Our very special guest today is Caroline Wong. She is the Chief Strategy Officer at Cobalt. As CSO, Caroline leads the Security, Community, and People teams at Cobalt. She brings a proven background in communications, cybersecurity, and experience delivering global programs to the role.
Title: Jim Manico - 'Kūlia I Ka Nu'u' to Be Your Best in Security
Guests: Jim Manico
Date: October 09, 2020
Hosts: David Quisenberry, John L. Whiteman
Description:
Our special guest today is Jim Manico. He is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also the co-founder of the LocoMoco Security Conference in Hawaii as well as an investor and advisor for BitDiscovery and Signal Sciences. Jim is a frequent speaker on secure software practices and is a member of the JavaOne rockstar speaker community. He is the author of Iron-Clad Java: Building Secure Web Applications from McGraw-Hill.
Title: Bruce Schneier - We Live in a Security and Privacy World That Science Fiction Didn't Predict
Guests: Bruce Schneier
Date: October 03, 2020
Hosts: David Quisenberry, John L. Whiteman
Description:
Our distinguished guest today is Bruce Schneier. Bruce is a public-interest security and privacy technologist, cryptographer, an author of over one dozen books, including the famous blue and red versions of Applied Cryptography. His most recent book is Click Here to Kill Everybody. He is a fellow and lecturer at Harvard's Kennedy School and a board member of the Electronic Frontier Foundation. Bruce's blog, Schneier on Security, is read by over a quarter of a million people. You can find it at schneier.com. He has testified before Congress, is a frequent guest on television and radio, served on several government technical committees, and is regularly quoted in the press. Bruce's symmetric key block cipher, called Twofish, was a top five finalist for the Advanced Encryption Standard Selection Process organized by the U.S. National Institute of Standards and Technology.
Title: STÖK - What It Takes to Be a Good Hacker
Guests: STÖK
Date: September 10, 2020
Hosts: John L. Whiteman
Description:
Our guest today is Fredrik Alexandersson. You probably know him better as STÖK. He is a highly regarded Swedish hacker and cyber-security advisor with passions in technology and sustainable fashion. Our conversation today is about hacking and bug bounties. STÖK brings to the table many years of experience with a refreshingly positive perspective in our never-ending quest to find that next security bug in a dark world we call software.
Title: Terry Dunlap - IoT Security Starts with Getting Rid of Your IoT Devices
Guests: Terry Dunlap
Date: September 05, 2020
Hosts: John L. Whiteman, Shayne Morgan
Description:
Our guest today is Terry Dunlap. Arrested at 17 while hacking with a Commodore 64, Terry went on to work for the US National Security Agency to help track terrorists. He left the NSA in 2007 to bootstrap Tactical Network Solutions, an offensive-focused cyber company catering to the world's friendly foreign governments and militaries. Today he's a co-founder of ReFirm Labs, an IoT-focused cybersecurity company.
Title: Dr. Linus Karlsson - The Art of Managing Open Source Vulnerabilities is Good Science Too
Guests: Dr. Linus Karlsson
Date: August 28, 2020
Hosts: John L. Whiteman
Description:
Our guest today is Dr. Linus Karlsson who is a security specialist for Debricked - a company that was founded in 2018 as a spin-off from a research project at Lund University in Sweden. Dr. Karlsson has done some fascinating security research work in the areas of trusted computing, cryptography, software-defined networking and interconnectivity of embedded systems. I encourage you to read his work on Google scholar. Today our discussion focuses on the detection and handling of vulnerabilities in open source software.
Title: Terry Tower - Drones Be Hacked
Guests: Terry Tower
Date: August 21, 2020
Hosts: John L. Whiteman, Shayne Morgan
Description:
Our guest today is our very own Terry Tower. Terry was in the Army for almost 11 years with two deployments in Iraq. He currently works for EZDrone in Portland, Oregon and for VanderHouwen at the Nike Campus doing devops with security in mind. He has a Masters in Computer Science and a Bachelors in Business. Terry's drone experience started out when he was a real estate agent which eventually evolved to a point where drones and security became an integral part of his life. He was a speaker at BSidesPDX talking about none other than drone security. Terry also heads the mentorship program for our OWASP, Portland chapter. If you are interested in becoming a mentor or mentee or both, please talk to Terry. Links are provided in this podcast's RSS feed.
Title: Andrew van der Stock - OWASP Executive Director - Our Software is the Firewall
Guests: Andrew van der Stock
Date: August 08, 2020
Hosts: David Quisenberry, John L. Whiteman
Description:
Our special guest today is Andrew van der Stock. He is our new Executive Director at OWASP, taking the Foundation through organizational change and taking our mission to the next level. Andrew is a seasoned web application security specialist and enterprise security architect. He has worked in the IT industry for over 25 years. He has researched and developed the web application security and architecture fields since 1998. He is a lifetime member of OWASP, a former director, and co-leads the OWASP Application Security Verification Standard (ASVS) and is actively involved in OWASP Top 10 projects too. Andrew is an Australian expat of Melbourne and Sydney. He currently lives in the USA with his family.
Title: Simon Bennetts and Rick Mitchell - The Great Proxy Wars - ZAP vs. Burp Suite
Guests: Simon Bennetts, Rick Mitchell
Date: July 27, 2020
Hosts: John L. Whiteman, Shayne Morgan
Description:
Our special guests today are Simon Bennetts and Rick Mitchell. Simon co-leads the OWASP Zed Attack Proxy (ZAP) project, which he started in 2009 and is a Distinguished Engineer at StackHawk, a SaaS company that uses ZAP to help users fix application security bugs before they hit production. He has talked about and demonstrated ZAP at conferences all over the world, including Blackhat, JavaOne, FOSDEM and OWASP AppSec EU, USA & AsiaPac. Prior to making the move into security he was a developer for 25 years and strongly believes that you cannot build secure web applications without knowing how to attack them. Rick is an IT Security professional from Canada. With over 20 years of experience in the IT industry focused on security for the majority of that time, he really believes in OWASP's mission and the importance of Application Security in the industry. He's co-led a number of community projects including ZAP, The Web Security Testing Guide, and the Vulnerable Web Apps Directory. He's a strong believer in learning by doing and that all community efforts are valuable and make us all strong.
Title: Eva Galperin - Director of Cybersecurity at the Electronic Frontier Foundation (EFF) - Go Look Where No One Else is Looking
Guests: Eva Galperin
Date: July 22, 2020
Hosts: Kendra Ash, John L. Whiteman
Description:
Our special guest today is Eva Galperin who is the Director of Cybersecurity at the Electronic Frontier Foundation (EFF). Prior to 2007, when she came to work for EFF, Eva worked in security and IT in Silicon Valley and earned degrees in Political Science and International Relations from San Francisco State University (SFSU). Her work is primarily focused on providing privacy and security for vulnerable populations around the world. To that end, she has applied the combination of her political science and technical background to everything from organizing EFF's Tor Relay Challenge, to writing privacy and security training materials (including Surveillance Self Defense and the Digital First Aid Kit), and publishing research on malware in Syria, Vietnam, Kazakhstan. When she is not collecting new and exotic malware, she practices aerial circus arts and learning new languages.
Title: Glenn Bravy and Merritt Wilson - Secure Code Warrior - Are Some Languages More Dangerous Than Others?
Guests: Glenn Bravy, Merritt Wilson
Date: July 14, 2020
Hosts: John L. Whiteman
Description:
Our guests today are Glenn Bravy and Merritt Wilson. Glenn works at Secure Code Warrior, partnering with people who believe that secure code training can be both hands-on and enjoyable. When it comes to getting upskilling, active learning and consistent practice outperform talent over time. When not working, Glenn is trying to hack and grow veggies at home. Merritt Wilson also works at Secure Code Warrior. He helps customers prudently solve real world cyber security and compliance problems. He enjoys working with those who truly understand their business objectives and challenges. During his off time, Merritt's passions include anything automobile-related and woodworking.
Title: Jake King - Linux Cloud and Endpoint Security - Do It Wisely. Make it Easy.
Guests: Jake King
Date: July 08, 2020
Hosts: Kendra Ash, John L. Whiteman
Description:
Our guest today is Jake King, who is the CEO & Co-Founder of Cmd. He's a long-time security practitioner specializing in infrastructure security, primarily in cloud environments. Prior to starting Cmd, Jake managed the security program at social media giant Hootsuite where he experienced first-hand the risks pertaining to Linux systems at scale. Cmd was born out of these, and many other frustrations, quickly becoming one of the hottest startups in the cybersecurity space. Jake is a frequent speaker on the topic of Linux Security at BSides, MITRE, and other conferences, as well as an active member of the Vancouver cybersecurity community. An Australian native, Jake studied cyber forensics and information security management before relocating to Vancouver, Canada in 2013.
Title: Eric Higgins - Security From Zero: Practical Security for Busy People
Guests: Eric Higgins
Date: June 25, 2020
Hosts: John L. Whiteman, Shayne Morgan
Description:
Our guest today is Eric Higgins. He has been in the technology industry for over 20 years. He spent a decade in Silicon Valley, where he worked at Google and then led the security team at Optimizely. Now he runs a consulting firm that helps business leaders understand how to start a security program at their company - and how to help it be successful. Based on this work, he just wrote a book called Security From Zero.
Title: Mike Goodwin and Jon Gadsden - Threat Dragon is for Threat Modeling. Come Help Build It!
Guests: Mike Goodwin, Jon Gadsden
Date: June 06, 2020
Hosts: John L. Whiteman, Shayne Morgan
Description:
Today we are going to be talking about - OWASP Threat Dragon - and our guests are Mike Goodwin, the founder, and Jon Gadsden, a major contributor to the project. Threat Dragon is a popular, free tool used for threat modeling, including diagramming, threat identification, mitigation and report generation. Mike is the VP of Product Security and Architecture and Technical Fellow at Sage Software - a FTSE100 company providing accounting, payroll and HR software to businesses in 23 countries worldwide. After short careers as an academic and then as a nuclear engineer, Mike settled into software development about 20 years ago working for a startup, a government corporation and now the UKs largest tech company. After developing an interest in security during a large cloud migration project, Mike moved to a full-time security role six years ago to help build Sage's AppSec program. Jon is a software engineer with ForgeRock in Bristol, a company that provides Identity and Access Management services. Jon splits his time between security engineering and embedded C/C++ development - he says that he likes it this way because it reminds him that developers are under time pressure and that security engineers require a whole load of tact. Jon has been involved with the open source software community since Linux 2.0.28, and his latest project is helping with Cupcake's OWASP Threat Modeling project.
Title: Ashish Patel - Best Practices for Proactive Cloud Security
Guests: Ashish Patel
Date: June 02, 2020
Hosts: John L. Whiteman
Description:
We're super delighted to have today, Ashish Patel. He's a security engineer on the Box Infrastructure Security team. He usually lives in the realm of cloud security and automating security related tasks that scale across multiple clouds & attack surfaces.
Title: Theresa Masse - Department of Homeland Security - Tips,Tricks and Free AppSec Services from the DHS - Stay Protected from the New Bad COVID-19 Actors
Guests: Theresa Masse
Date: April 13, 2020
Hosts: John L. Whiteman, Shayne Morgan
Description:
Our honored guest today is Theresa Masse. She is the U.S. Department of Homeland Security's Cyber Security Advisor for Region X, including Oregon, Washington, Idaho and Alaska. Ms. Masse was the first Chief Information Security Officer (CISO) for the State of Oregon as well as the CISO for the Port of Portland for almost 15 years combined. We'll talk about some of the new bad actors and security threats that have emerged during the COVID-19 pandemic and what precautions you should take. Also, did you know that DHS offers remote pentesting, web and database vulnerability scanning and other comprehensive security assessments that your organization may be eligible for free? Please listen to this podcast for additional details and contact information.
Title: John Andersen - The Easiest Way to Use Machine Learning for AppSec (DFFML)
Guests: John Andersen
Date: April 04, 2020
Hosts: John L. Whiteman
Description:
John Andersen is our distinguished guest today. He is a software security engineer with a passion for open source. He works for a really big Fortune 500 company here in Oregon doing product security and runs an open source project called Data Flow Facilitator for Machine Learning or DFFML. He's also done product level pentesting, secure design lifecycle consulting, and is currently trying his hand at Linux kernel hardening. John is a native Portlander, does Brazilian Jiu-Jitsu and loves spending time in the great outdoors when there isn't a pandemic.
Title: Tanya Janca - SheHacksPurple - Some of the Best AppSec Advice You'll Ever Hear Here!
Guests: Tanya Janca
Date: March 28, 2020
Hosts: Kendra Ash, John L. Whiteman
Description:
Our special guest today is Tanya Janca, also known as 'SheHacksPurple'. She is the founder, security trainer and coach of SheHacksPurple.dev, specializing in software and cloud security. Her obsession with securing software runs deep, from starting her company, to running her own OWASP chapter for 4 years in Ottawa, co-founding a new OWASP chapter in Victoria, and co-founding the OWASP DevSlop open-source and education project. With her countless blog articles, workshops and talks, her focus is clear. Tanya is also an advocate for diversity and inclusion, co-founding the international women’s organization WoSEC, starting the online #CyberMentoringMonday initiative, and personally mentoring, advocating for and enabling countless other women in her field. As a professional computer geek of 20+ years, she is a person who is truly fascinated by the 'science' of computer science.
Title: Laura Chappell - Inspiring the Next Generation of Security People to Do Wireshark Packet Analysis on the Interplanetary Internet
Guests: Laura Chappell
Date: March 19, 2020
Hosts: John L. Whiteman
Description:
Our special guest today is Laura Chappell. She's a leading expert in network packet analysis, a public speaker, educator and author, including several best selling books on Wireshark and TCP/IP. She's the founder of Chappell University that helps students to prepare for the WCNA certification exam. Her work doesn't stop here on Earth's Terrestrial Internet. She also researches the Interplanetary Internet (IPN) where round-trip times (RTT) across the vastness of space are measured in minutes, not milliseconds. Her passion is to motivate young people to embrace a career in network communications and to solve the challenges associated with the IPN. Laura invites you to the CORE-IT virtual conference coming up on March 24-30, 2020. The event brings together existing and next-generation industry talent to train, speak and mentor. It's free and virtual.
Title: Kaliya Young - How We See Identity for Authentication Needs to Change
Guests: Kaliya Young
Date: March 15, 2020
Hosts: John L. Whiteman
Description:
Our special guest today is Kaliya Young. She is an expert when it comes to self-sovereign identity on the Internet. For many of us who build and integrate authentication systems into our web apps, an identifier is usually nothing more than an e-mail address or an account number that we define and not the individual. Kaliya and other industry leaders are looking at changing this by creating an open standard based on existing Internet protocols that give individuals the sovereignty to control their own identifiers. Twice a year since 2005, people come to meet at the Internet Identity Workshop (IIW) to discuss these matters. Kaliya is the co-founder of the workshop that also brought other technologies to the forefront, such as OAuth, OpenID and FIDO.
Title: U.S. Senator Ron Wyden (OR) - Election Security, Mind Your Own Business Act, Encryption Weakening, NSA Surveillance, FISA, SIM Swapping and STEM Initiatives
Guests: U.S. Senator Ron Wyden
Date: February 29, 2020
Hosts: David Quisenberry, John L. Whiteman
Description:
Today we have a very distinguished guest, senior United States Senator for Oregon, Ron Wyden. He's been a senator for our beautiful state since 1996. He's a member of the Democratic Party and has previously served in the U.S. House of Representatives from 1981 until 1996. He is the current dean of Oregon's congressional delegation. He's been a senator for our beautiful state since 1996. He's a member of the Democratic Party and has previously served in the U.S. House of Representatives from 1981 until 1996. He is the current dean of Oregon's congressional delegation. We want to give a special thanks to the Senator's staff, Hank and Grace, for helping us arrange this interview. We also want to thank Warner Pacific University and its president, Dr. Andrea Cook, for the hospitality and generosity to use their facilities to conduct our interview last week (Saturday, February 22, 2020).
Title: Ian Melven - Playing the Long Game in Infosec
Guests: Ian Melven
Date: February 21, 2020
Hosts: John L. Whiteman
Description:
Welcome to another edition of the Portland, Oregon OWASP podcast. Today we'll be talking with, Ian Melven. Bio: Ian Melven currently leads security at an Los Angeles based startup. Previously, he built and led the Product Security team at New Relic. Ian has worked in security related roles for over 15 years, including at Mozilla, Adobe, McAfee and @stake. Ian has been involved in the Portland chapter of OWASP since moving to the area in 2013 and was chapter chair for 2019. He supports West Ham United.
Title: Mark Curphey - Founder of OWASP - Security. Don't Be Shy. Just Ask!
Guests: Mark Curphey
Date: February 14, 2020
Hosts: John L. Whiteman
Description:
Welcome back to the OWASP PDX Podcast. Today, we're talking with none other than Mark Curphey, the founder of OWASP. Mark is also founder and CEO of SourceClear. And, as we just learned this week, cofounder of his new venture Open Raven. Mark moved to the U.S. in 2000 to join Internet Security Systems (now a part of IBM), and later held roles. including director of application security at Charles Schwab, VP of Professional Services at Foundstone McAfee and lead the security tools team at Microsoft. Mark holds a Masters of Information Security at Royal Holloway University. He's an avid cyclist and currently resides with his family in the San Francisco Bay Area.
Title: Chad Holmes - CMD+CTRL Web Application Cyber Range
Guests: Chad Holmes
Date: February 07, 2020
Hosts: John L. Whiteman
Description:
Today we'll be talking with Chad Holmes. Chad is a Product Marketing Manager for Security Innovation with a focus on educating customers on emerging Cyber Range technologies and how they can improve security education within organizations. Prior to joining Security Innovation, Chad was a Penetration Tester, Product Manager, Security Program Manager and Team Lead at Cigital, Veracode and Red Hat.
Title: Aaron and Ray - Application Security. It's Really About the Code!
Guests: Aaron and Ray
Date: February 01, 2020
Hosts: John L. Whiteman
Description:
Today we'll be talking with Aaron and Ray. Aaron is an Application Security Engineer with almost 10 years of experience. His unorthodox career path has led to many unique insights in the security industry. Ray is a life coach and conspiracy theorist. He does AppSec in his non-spare time for money. Both are insightful and brutally honest appsec bloggers for their website: hella-secure.com. We're going to be talking about Application Security. It's Really About the Code!
Title: Ryan Krause - Some Good Advice for Those Who Want to Become Pen Testers
Guests: Ryan Krause
Date: January 10, 2020
Hosts: John L. Whiteman
Description:
Today we'll be talking with Ryan Krause.Ryan is a penetration tester based Portland, Oregon. He's worked in various security areas for the past 11 years, including companies such as HP, eEye Digital Security, which is now BeyondTrust, and Comcast with a primary focus on app security and development. He's currently a consultant at NetSPI, where he performs web and network pen tests and assists clients with reducing their overall security exposure. Ryan will be presenting an introduction to Burp Suite at our next chapter meeting. Go to meetup.com and look up the OWASP Portland Chapter Group for more details. Today Ryan will talk about his experiences in pen testing along with great advice for those who want to break into this exciting field.
Title: Tim Morgan - Breaking New Ground in Predictive Risk-Based Vulnerability Management
Guests: Tim Morgan
Date: December 29, 2019
Hosts: John L. Whiteman
Description:
Today we will be talking to one of our own, Tim Morgan. Tim has had a fascinating journey in the world of security. He started in his teens as an old school hacker. And now owns his own security consulting and research company headquartered right here in Portlandia. For the past three years, Tim has been working on a new, innovated, risk-based vulnerability management system called DeepSurface. It's built on both hard science and hard lessons that he learned from his customers over the years. For more information about DeepSurface and Tim go to kanchil.com. After earning his computer science degrees (B.S., Harvey Mudd College and M.S., Northeastern University) and spending a short time as a software developer, Tim began his career in application security and vulnerability research. In his work as a consultant over the past 14 years, Tim has led projects as varied as application pentests, incident response, digital forensics, secure software development training, phishing exercises, and breach simulations. Tim has also presented his independent research on Windows registry forensics, XML external entities attacks, web application timing attacks, and practical application cryptanalysis at conferences such as DFRWS, OWASP's AppSec USA, BSidesPDX, and BlackHat USA. For the past three years Tim has been building an innovative new risk-based vulnerability management product (DeepSurface) that helps his customers gain a much deeper understanding of the complex relationships present in their digital infrastructures. Visit kanchil.com to learn more about Tim's latest R&D effort.
Title: Patterson Cake - Overcoming Your Greatest InfoSec Adversary: You!
Guests: Patterson Cake
Date: December 19, 2019
Hosts: John L. Whiteman
Description:
Tips on formulating complete sentences without acronyms, learning to pretend you aren't the smartest person in the room, choosing the right animations for your PowerPoint presentations, and more! Lets be honest, you probably didn't get into info-sec because of your love for public speaking, your mastery of written and verbal communication, or your highly-tuned social skills! Regardless, these things are key to your success or failure in info-sec. Dare to join me for a frank if somewhat tongue-in-cheek conversation regarding strategies for simplifying complex conversations, recognizing and overcoming common communication obstacles, translating leet-speak to business language and creating effective visual presentations. Patterson has been in information technology for over 20 years, focusing on security for the past several years in offensive, defensive and leadership roles. He is the founder of Haven Information Security, an instructor for SANS, and the Principal Cybersecurity Engineer for PeaceHealth.
Title: Adam Shostack - Threat Modeling
Guests: Adam Shostack
Date: December 19, 2019
Hosts: Ben Pirkl, David Quisenberry, John L. Whiteman
Description:
Adam Shostack is a leading expert on threat modeling, and a consultant, entrepreneur, technologist, author and game designer. He's a member of the BlackHat Review Board, and helped create the CVE and many other things. He currently helps many organizations improve their security via Shostack & Associates, and advises startups, including as a Mach37 Star Mentor. While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the 'Elevation of Privilege' game. Adam is the author of Threat Modeling: Designing for Security, and the co-author of The New School of Information Security.
Title: David Quisenberry & Ben Pirkl - OWASP Top 10 / Juice Shop Hack Session
Guests: Ben Pirkl, David Quisenberry
Date: December 19, 2019
Hosts: John L. Whiteman
Description:
OWASP Portland 2019 Training Day. This session is meant for those new to OWASP Top Ten. We will go over the OWASP Top Ten - where it came from, what it’s good for, what are the top ten, etc. And illustrate the concepts in the OWASP Top Ten through another OWASP Flagship Project - The OWASP Juice Shop. This will be a hands on class so everyone can follow along in the Juice Shop to explore the concepts. There will be time at the end for everyone to continue on their vulnerability hunting and a friendly Juice Shop CTF.
Title: Alex Ivkin - Container Security
Guests: Alex Ivkin
Date: December 19, 2019
Hosts: John L. Whiteman
Description:
OWASP Portland 2019 Training Day. When it comes to container security there are two prevailing schools of thought - either containers are secure by default, so you should not care much, or containers can not be secure in principle, so you should avoid them at all costs. In this training you will go through the real world examples of configuring and running containers in a secure manner. You will get insights into the security of both Windows and Linux containers, container infrastructure, such as container registries and orchestration platforms - docker swarm and kubernetes. We will examine real world vulnerabilities unique to different architectures of containers and how to address them.
Title: Justin Angra - Intro to Chrome Exploitation
Guests: Justin Angra
Date: December 19, 2019
Hosts: John L. Whiteman
Description:
OWASP Portland 2019 Training Day.Over 3 billion browser devices are actively loading arbitrary data served by someone else. What happens if one of those pages contains maliciously crafted JavaScript? Could they capture your passwords, perform UXSS, or worse - execute local code on your machine? In this session, you will get the opportunity to explore the anatomy and play with common vulnerability patterns in the renderer process of Chrome. This will be an interactive class; please bring a laptop with Docker installed.
Title: Michael Allen Lake - From the JEDI Initiative to the New U.S. Digital Corps
Guests: Michael Allen Lake
Date: October 10, 2021
Hosts: David Quisenberry
Description:
Our special guest today is Michael Allen Lake who is a digital transformation consultant focused on innovation and change adoption within the Federal government. He has worked on projects at nine different Federal agencies. His experience ranges from helping organizations leverage data as a strategic asset to the adoption and promotion of enterprise-wide cloud computing and artificial intelligence initiatives. In addition, Michael researches and publishes articles on the diplomatic history of the United States and Mongolia. He is also a volunteer with the Medical Reserve Corps, and co-hosts a YouTube channel on Star Wars called Never Tell Us the Odds. You can find more about Michael and his thoughts at YaksOnTheRunway.com.
Title: Sarba Roy - The Security World Is Your Oyster and You Are the Pearl
Guests: Sarba Roy
Date: August 01, 2021
Hosts: John L. Whiteman, David Quisenberry
Description:
Our special guest today is Sarba Roy. Sarba is currently a Product Security Consultant at Umpqua Bank where she is collaborating and acting as a security advisor to the product teams when new digital technologies and/or business needs are identified. She is also the Oregon Affiliate Membership Chair for Women In CyberSecurity (WiCyS), and she also the Oregon Chapter Lead for Infosec Girls and a founding member of WomenH2H, a global community for women leaders and changemakers. She is also a passionate volunteer and advocate for women’s empowerment and education equity while being an artist, writer and mentor at heart, dedicated to helping individuals and organizations to become more compassionate, curious and cybersmart.
Title: Aarti Gadhia - Doing Real Work in Bridging the Diversity Gap in Cybersecurity Leadership
Guests: Aarti Gadhia
Date: June 30, 2021
Hosts: David Quisenberry, John L. Whiteman
Description:
Our special guest today is Aarti Gadhia. She is a highly successful cybersecurity professional who has worked in various leadership roles in sales and marking for well-known companies such as Bugcrowd, Carbon Black, Trend Micro and Sophos. Aarti is also the founder of Standout to Lead and SHE (Sharing Her Empowerment). Aarti is passionate about bridging the diversity gap in STEM and in leadership. She recently presented at our OWASP AppSec Pacific Northwest Conference on the topic of Women in Appsec: Advice to Differentiate Your Skills. As a podcast bonus, you will learn about how a childhood lesson in making roti with her mother helped shape Aarti to become the strong leader she is today.
Title: Jeff Williams - We Are in the Stone Age for Application Security
Guests: Jeff Williams
Date: June 23, 2021
Hosts: David Quisenberry, John L. Whiteman
Description:
Our special guest today is Jeff Williams, Co-Founder and CTO of Contrast Security. Jeff was one of the pioneering members who formed the Open Web Application Security Project® (OWASP). Not only did he chair it, he also contributed to many successful open source projects, including WebGoat, the OWASP Application Security Verification Standard (ASVS), the OWASP Top Ten and much more. Without him and others we would not be doing this podcast today. Besides founding Contrast Security in 2014, he started Aspect Security in 2002. Jeff got his law degree at Georgetown University Law Center along with a computer science and psychology degree at the University of Virginia. In the early 1990's, he built high assurance systems for the U.S. Navy and taught the INFOSEC curriculum for the NSA during the good old days of the Orange Book - a trusted computer system evaluation criteria for the U.S. Department of Defense.
Title: Frank Heidt - CEO and Co-Founder of Leviathan Security Group
Guests: Frank Heidt
Date: June 18, 2021
Hosts: David Quisenberry, John L. Whiteman
Description:
Our special guest today is Frank Heidt who is the CEO and Co-Founder at Leviathan Security Group. Frank is a recognized expert in the fields of information assurance, network security and systems penetration. Prior to starting Leviathan, Frank was a managing security architect for @stake. He also engaged in various computer and networking security projects for the U.S. Department of Defense and the U.S. Department of the Navy. You can watch Frank speak at various TEDx conferences online. Frank is also a master at the living art of bonsai. Check out his delightful Jigsaw Bonsai Workshop on YouTube.
Title: Rebekah Brown and Scott J. Roberts - Intelligence-Driven Incident Response
Guests: Rebekah Brown, Scott J. Roberts
Date: June 13, 2021
Hosts: David Quisenberry, John L. Whiteman
Description:
Our guests today are Rebekah Brown and Scott J. Roberts. They wrote a seminal book together called Intelligence-Driven Incident Response: Outwitting the Adversary. Both have extensive backgrounds in information security. Rebekah started her work as an intelligence and network warfare analyst while honorably serving in the United States Marine Corps, and Scott comes from a more traditional yet impressive background in defensive network security. Both are SANS instructors. To understand its enemy, an organization must first understand its threats by analyzing the data it collects. How to do this effectively is what we will discuss today. Definitely check out their book and listen to this podcast for a surprise announcement.
Title: Farshad Abasi and Roberto Salgado - Our New Pacific Northwest Application Security Conference (PNWSEC)
Guests: Farshad Abasi, Roberto Salgado
Date: May 29, 2021
Hosts: David Quisenberry, John L. Whiteman
Description:
On Saturday, June 19, 2021 something very special is going to happen. For the first time, a perfect trifecta of OWASP chapters in the Pacific Northwest are getting together to host a virtual conference focused on serious application security. It's called the Pacific Northwest Application Security Conference (PNWSEC). The chapters hosting this fine event are from the beautiful, breathtaking Canadian cities of Vancouver and Victoria B.C. and to the south in the States, Portland, Oregon. Our guests today are Farshad Abasi and Roberto Salgado along with our host David Quisenberry, each a leader of the same OWASP chapters respectively.
Title: Jonathan Badeen - Tinder Co-Founder - Flirting With Fire: A Conversation about Start-ups, Evolving App Sec, and His Path of Creation
Guests: Jonathan Badeen
Date: April 04, 2021
Hosts: David Quisenberry, John L. Whiteman
Description:
Our special guest today is Jonathan Badeen, He is one of the co-founders of Tinder and has been its Chief Strategy Officer since March 2016. He is a programmer, designer and inventor, including Tinder's famous #SwipeRight feature. His other work experiences include Cardify, Chegg Flashcards, Casting Networks' FastCapture & Match Made. He is also an actor with credits in Zombie Wars (2007), The Proposal (2008) and Swiped: Hooking Up in the Digital Age (2018). And if that ain't enough … Jonathan is also lifelong friends with our very own OWASP PDX Chapter President, David Quisenberry.
Title: Nabil Hannan - I Can Teach Someone to Be Smart, but I Can't Teach Someone to Be Clever When It Comes to Training a Pentester; A Pentester Must Be the Latter
Guests: Nabil Hannan
Date: March 06, 2021
Hosts: David Quisenberry, John L. Whiteman
Description:
Our guest today is Nabil Hannan, who is a Managing Director at NetSPI. He leads the company’s consulting practice, focusing on helping clients solve their cyber security assessment, and threat & vulnerability management needs. He has over 13 years of experience in cyber security consulting from his tenure at Cigital/Synopsys Software Integrity Group. Nabil has also worked as a Product Manager at Research In Motion (now, of course, BlackBerry) and has managed several flagship initiatives and projects through the full software development life cycle. You must also check out Nabil's podcast - Agent of Influence.
Title: John Strand - Running a Security Company Is to Do Illegal Things With Permissions
Guests: John Strand
Date: February 20, 2021
Hosts: David Quisenberry, John L. Whiteman
Description:
John Strand is our special guest today. He is the owner of Black Hills Information Security - a company that specializes in penetration testing and security architecture services. He is also cofounder of Active Countermeasures. He created the popular Backdoors and Breaches incident response card game. He wrote a book called Offensive Countermeasures (The Art of Active Defense). He can watch him along with other great guests on the Black Hills Information Security Podcast on YouTube.
Title: Lewis Ardern and PwnFunction - Discovering Clever Ways to Exploit the Vue.js JavaScript Framework
Guests: Lewis Ardern, PwnFunction
Date: February 12, 2021
Hosts: David Quisenberry, John L. Whiteman
Description:
Our special guests today are Lewis Ardern and PwnFunction. Lewis is an Associate Principal Consultant at Synopsys where he focuses on web application security. He is also an organizer for the OWASP Bay Area Chapter. Check out his new SecuriTEA and Crumpets videos on YouTube. PwnFunction is an independent security consultant. He makes popular hacking videos on YouTube. He also created a popular online cross-site scripting (XSS) game where you can learn offensive techniques from basic to advance skill sets.
Title: Volko Ruhnke, Adam Shostack and Hadas Cassorla - Building Games to Teach Real-World Security
Guests: Adam Shostack, Hadas Cassorla, Volko Ruhnke
Date: January 23, 2021
Hosts: David Quisenberry, John L. Whiteman
Description:
We have three very special guests today. All come from different backgrounds but share a common interest in gaming - the kind that can be used to teach you things, like how to become better at handling security incidents or winning a historical insurrection.
Title: Caroline Wong - What a Top Chief Strategy Officer Has to Say About Security These Days
Guests: Caroline Wong
Date: October 17, 2020
Hosts: Kendra Ash, John L. Whiteman
Description:
Our very special guest today is Caroline Wong. She is the Chief Strategy Officer at Cobalt. As CSO, Caroline leads the Security, Community, and People teams at Cobalt. She brings a proven background in communications, cybersecurity, and experience delivering global programs to the role.
Title: Jim Manico - 'Kūlia I Ka Nu'u' to Be Your Best in Security
Guests: Jim Manico
Date: October 09, 2020
Hosts: David Quisenberry, John L. Whiteman
Description:
Our special guest today is Jim Manico. He is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also the co-founder of the LocoMoco Security Conference in Hawaii as well as an investor and advisor for BitDiscovery and Signal Sciences. Jim is a frequent speaker on secure software practices and is a member of the JavaOne rockstar speaker community. He is the author of Iron-Clad Java: Building Secure Web Applications from McGraw-Hill.
Title: Bruce Schneier - We Live in a Security and Privacy World That Science Fiction Didn't Predict
Guests: Bruce Schneier
Date: October 03, 2020
Hosts: David Quisenberry, John L. Whiteman
Description:
Our distinguished guest today is Bruce Schneier. Bruce is a public-interest security and privacy technologist, cryptographer, an author of over one dozen books, including the famous blue and red versions of Applied Cryptography. His most recent book is Click Here to Kill Everybody. He is a fellow and lecturer at Harvard's Kennedy School and a board member of the Electronic Frontier Foundation. Bruce's blog, Schneier on Security, is read by over a quarter of a million people. You can find it at schneier.com. He has testified before Congress, is a frequent guest on television and radio, served on several government technical committees, and is regularly quoted in the press. Bruce's symmetric key block cipher, called Twofish, was a top five finalist for the Advanced Encryption Standard Selection Process organized by the U.S. National Institute of Standards and Technology.
Title: STÖK - What It Takes to Be a Good Hacker
Guests: STÖK
Date: September 10, 2020
Hosts: John L. Whiteman
Description:
Our guest today is Fredrik Alexandersson. You probably know him better as STÖK. He is a highly regarded Swedish hacker and cyber-security advisor with passions in technology and sustainable fashion. Our conversation today is about hacking and bug bounties. STÖK brings to the table many years of experience with a refreshingly positive perspective in our never-ending quest to find that next security bug in a dark world we call software.
Title: Terry Dunlap - IoT Security Starts with Getting Rid of Your IoT Devices
Guests: Terry Dunlap
Date: September 05, 2020
Hosts: John L. Whiteman, Shayne Morgan
Description:
Our guest today is Terry Dunlap. Arrested at 17 while hacking with a Commodore 64, Terry went on to work for the US National Security Agency to help track terrorists. He left the NSA in 2007 to bootstrap Tactical Network Solutions, an offensive-focused cyber company catering to the world's friendly foreign governments and militaries. Today he's a co-founder of ReFirm Labs, an IoT-focused cybersecurity company.
Title: Dr. Linus Karlsson - The Art of Managing Open Source Vulnerabilities is Good Science Too
Guests: Dr. Linus Karlsson
Date: August 28, 2020
Hosts: John L. Whiteman
Description:
Our guest today is Dr. Linus Karlsson who is a security specialist for Debricked - a company that was founded in 2018 as a spin-off from a research project at Lund University in Sweden. Dr. Karlsson has done some fascinating security research work in the areas of trusted computing, cryptography, software-defined networking and interconnectivity of embedded systems. I encourage you to read his work on Google scholar. Today our discussion focuses on the detection and handling of vulnerabilities in open source software.
Title: Terry Tower - Drones Be Hacked
Guests: Terry Tower
Date: August 21, 2020
Hosts: John L. Whiteman, Shayne Morgan
Description:
Our guest today is our very own Terry Tower. Terry was in the Army for almost 11 years with two deployments in Iraq. He currently works for EZDrone in Portland, Oregon and for VanderHouwen at the Nike Campus doing devops with security in mind. He has a Masters in Computer Science and a Bachelors in Business. Terry's drone experience started out when he was a real estate agent which eventually evolved to a point where drones and security became an integral part of his life. He was a speaker at BSidesPDX talking about none other than drone security. Terry also heads the mentorship program for our OWASP, Portland chapter. If you are interested in becoming a mentor or mentee or both, please talk to Terry. Links are provided in this podcast's RSS feed.
Title: Andrew van der Stock - OWASP Executive Director - Our Software is the Firewall
Guests: Andrew van der Stock
Date: August 08, 2020
Hosts: David Quisenberry, John L. Whiteman
Description:
Our special guest today is Andrew van der Stock. He is our new Executive Director at OWASP, taking the Foundation through organizational change and taking our mission to the next level. Andrew is a seasoned web application security specialist and enterprise security architect. He has worked in the IT industry for over 25 years. He has researched and developed the web application security and architecture fields since 1998. He is a lifetime member of OWASP, a former director, and co-leads the OWASP Application Security Verification Standard (ASVS) and is actively involved in OWASP Top 10 projects too. Andrew is an Australian expat of Melbourne and Sydney. He currently lives in the USA with his family.
Title: Simon Bennetts and Rick Mitchell - The Great Proxy Wars - ZAP vs. Burp Suite
Guests: Simon Bennetts, Rick Mitchell
Date: July 27, 2020
Hosts: John L. Whiteman, Shayne Morgan
Description:
Our special guests today are Simon Bennetts and Rick Mitchell. Simon co-leads the OWASP Zed Attack Proxy (ZAP) project, which he started in 2009 and is a Distinguished Engineer at StackHawk, a SaaS company that uses ZAP to help users fix application security bugs before they hit production. He has talked about and demonstrated ZAP at conferences all over the world, including Blackhat, JavaOne, FOSDEM and OWASP AppSec EU, USA & AsiaPac. Prior to making the move into security he was a developer for 25 years and strongly believes that you cannot build secure web applications without knowing how to attack them. Rick is an IT Security professional from Canada. With over 20 years of experience in the IT industry focused on security for the majority of that time, he really believes in OWASP's mission and the importance of Application Security in the industry. He's co-led a number of community projects including ZAP, The Web Security Testing Guide, and the Vulnerable Web Apps Directory. He's a strong believer in learning by doing and that all community efforts are valuable and make us all strong.
Title: Eva Galperin - Director of Cybersecurity at the Electronic Frontier Foundation (EFF) - Go Look Where No One Else is Looking
Guests: Eva Galperin
Date: July 22, 2020
Hosts: Kendra Ash, John L. Whiteman
Description:
Our special guest today is Eva Galperin who is the Director of Cybersecurity at the Electronic Frontier Foundation (EFF). Prior to 2007, when she came to work for EFF, Eva worked in security and IT in Silicon Valley and earned degrees in Political Science and International Relations from San Francisco State University (SFSU). Her work is primarily focused on providing privacy and security for vulnerable populations around the world. To that end, she has applied the combination of her political science and technical background to everything from organizing EFF's Tor Relay Challenge, to writing privacy and security training materials (including Surveillance Self Defense and the Digital First Aid Kit), and publishing research on malware in Syria, Vietnam, Kazakhstan. When she is not collecting new and exotic malware, she practices aerial circus arts and learning new languages.
Title: Glenn Bravy and Merritt Wilson - Secure Code Warrior - Are Some Languages More Dangerous Than Others?
Guests: Glenn Bravy, Merritt Wilson
Date: July 14, 2020
Hosts: John L. Whiteman
Description:
Our guests today are Glenn Bravy and Merritt Wilson. Glenn works at Secure Code Warrior, partnering with people who believe that secure code training can be both hands-on and enjoyable. When it comes to getting upskilling, active learning and consistent practice outperform talent over time. When not working, Glenn is trying to hack and grow veggies at home. Merritt Wilson also works at Secure Code Warrior. He helps customers prudently solve real world cyber security and compliance problems. He enjoys working with those who truly understand their business objectives and challenges. During his off time, Merritt's passions include anything automobile-related and woodworking.
Title: Jake King - Linux Cloud and Endpoint Security - Do It Wisely. Make it Easy.
Guests: Jake King
Date: July 08, 2020
Hosts: Kendra Ash, John L. Whiteman
Description:
Our guest today is Jake King, who is the CEO & Co-Founder of Cmd. He's a long-time security practitioner specializing in infrastructure security, primarily in cloud environments. Prior to starting Cmd, Jake managed the security program at social media giant Hootsuite where he experienced first-hand the risks pertaining to Linux systems at scale. Cmd was born out of these, and many other frustrations, quickly becoming one of the hottest startups in the cybersecurity space. Jake is a frequent speaker on the topic of Linux Security at BSides, MITRE, and other conferences, as well as an active member of the Vancouver cybersecurity community. An Australian native, Jake studied cyber forensics and information security management before relocating to Vancouver, Canada in 2013.
Title: Eric Higgins - Security From Zero: Practical Security for Busy People
Guests: Eric Higgins
Date: June 25, 2020
Hosts: John L. Whiteman, Shayne Morgan
Description:
Our guest today is Eric Higgins. He has been in the technology industry for over 20 years. He spent a decade in Silicon Valley, where he worked at Google and then led the security team at Optimizely. Now he runs a consulting firm that helps business leaders understand how to start a security program at their company - and how to help it be successful. Based on this work, he just wrote a book called Security From Zero.
Title: Mike Goodwin and Jon Gadsden - Threat Dragon is for Threat Modeling. Come Help Build It!
Guests: Mike Goodwin, Jon Gadsden
Date: June 06, 2020
Hosts: John L. Whiteman, Shayne Morgan
Description:
Today we are going to be talking about - OWASP Threat Dragon - and our guests are Mike Goodwin, the founder, and Jon Gadsden, a major contributor to the project. Threat Dragon is a popular, free tool used for threat modeling, including diagramming, threat identification, mitigation and report generation. Mike is the VP of Product Security and Architecture and Technical Fellow at Sage Software - a FTSE100 company providing accounting, payroll and HR software to businesses in 23 countries worldwide. After short careers as an academic and then as a nuclear engineer, Mike settled into software development about 20 years ago working for a startup, a government corporation and now the UKs largest tech company. After developing an interest in security during a large cloud migration project, Mike moved to a full-time security role six years ago to help build Sage's AppSec program. Jon is a software engineer with ForgeRock in Bristol, a company that provides Identity and Access Management services. Jon splits his time between security engineering and embedded C/C++ development - he says that he likes it this way because it reminds him that developers are under time pressure and that security engineers require a whole load of tact. Jon has been involved with the open source software community since Linux 2.0.28, and his latest project is helping with Cupcake's OWASP Threat Modeling project.
Title: Ashish Patel - Best Practices for Proactive Cloud Security
Guests: Ashish Patel
Date: June 02, 2020
Hosts: John L. Whiteman
Description:
We're super delighted to have today, Ashish Patel. He's a security engineer on the Box Infrastructure Security team. He usually lives in the realm of cloud security and automating security related tasks that scale across multiple clouds & attack surfaces.
Title: Theresa Masse - Department of Homeland Security - Tips,Tricks and Free AppSec Services from the DHS - Stay Protected from the New Bad COVID-19 Actors
Guests: Theresa Masse
Date: April 13, 2020
Hosts: John L. Whiteman, Shayne Morgan
Description:
Our honored guest today is Theresa Masse. She is the U.S. Department of Homeland Security's Cyber Security Advisor for Region X, including Oregon, Washington, Idaho and Alaska. Ms. Masse was the first Chief Information Security Officer (CISO) for the State of Oregon as well as the CISO for the Port of Portland for almost 15 years combined. We'll talk about some of the new bad actors and security threats that have emerged during the COVID-19 pandemic and what precautions you should take. Also, did you know that DHS offers remote pentesting, web and database vulnerability scanning and other comprehensive security assessments that your organization may be eligible for free? Please listen to this podcast for additional details and contact information.
Title: John Andersen - The Easiest Way to Use Machine Learning for AppSec (DFFML)
Guests: John Andersen
Date: April 04, 2020
Hosts: John L. Whiteman
Description:
John Andersen is our distinguished guest today. He is a software security engineer with a passion for open source. He works for a really big Fortune 500 company here in Oregon doing product security and runs an open source project called Data Flow Facilitator for Machine Learning or DFFML. He's also done product level pentesting, secure design lifecycle consulting, and is currently trying his hand at Linux kernel hardening. John is a native Portlander, does Brazilian Jiu-Jitsu and loves spending time in the great outdoors when there isn't a pandemic.
Title: Tanya Janca - SheHacksPurple - Some of the Best AppSec Advice You'll Ever Hear Here!
Guests: Tanya Janca
Date: March 28, 2020
Hosts: Kendra Ash, John L. Whiteman
Description:
Our special guest today is Tanya Janca, also known as 'SheHacksPurple'. She is the founder, security trainer and coach of SheHacksPurple.dev, specializing in software and cloud security. Her obsession with securing software runs deep, from starting her company, to running her own OWASP chapter for 4 years in Ottawa, co-founding a new OWASP chapter in Victoria, and co-founding the OWASP DevSlop open-source and education project. With her countless blog articles, workshops and talks, her focus is clear. Tanya is also an advocate for diversity and inclusion, co-founding the international women’s organization WoSEC, starting the online #CyberMentoringMonday initiative, and personally mentoring, advocating for and enabling countless other women in her field. As a professional computer geek of 20+ years, she is a person who is truly fascinated by the 'science' of computer science.
Title: Laura Chappell - Inspiring the Next Generation of Security People to Do Wireshark Packet Analysis on the Interplanetary Internet
Guests: Laura Chappell
Date: March 19, 2020
Hosts: John L. Whiteman
Description:
Our special guest today is Laura Chappell. She's a leading expert in network packet analysis, a public speaker, educator and author, including several best selling books on Wireshark and TCP/IP. She's the founder of Chappell University that helps students to prepare for the WCNA certification exam. Her work doesn't stop here on Earth's Terrestrial Internet. She also researches the Interplanetary Internet (IPN) where round-trip times (RTT) across the vastness of space are measured in minutes, not milliseconds. Her passion is to motivate young people to embrace a career in network communications and to solve the challenges associated with the IPN. Laura invites you to the CORE-IT virtual conference coming up on March 24-30, 2020. The event brings together existing and next-generation industry talent to train, speak and mentor. It's free and virtual.
Title: Kaliya Young - How We See Identity for Authentication Needs to Change
Guests: Kaliya Young
Date: March 15, 2020
Hosts: John L. Whiteman
Description:
Our special guest today is Kaliya Young. She is an expert when it comes to self-sovereign identity on the Internet. For many of us who build and integrate authentication systems into our web apps, an identifier is usually nothing more than an e-mail address or an account number that we define and not the individual. Kaliya and other industry leaders are looking at changing this by creating an open standard based on existing Internet protocols that give individuals the sovereignty to control their own identifiers. Twice a year since 2005, people come to meet at the Internet Identity Workshop (IIW) to discuss these matters. Kaliya is the co-founder of the workshop that also brought other technologies to the forefront, such as OAuth, OpenID and FIDO.
Title: U.S. Senator Ron Wyden (OR) - Election Security, Mind Your Own Business Act, Encryption Weakening, NSA Surveillance, FISA, SIM Swapping and STEM Initiatives
Guests: U.S. Senator Ron Wyden
Date: February 29, 2020
Hosts: David Quisenberry, John L. Whiteman
Description:
Today we have a very distinguished guest, senior United States Senator for Oregon, Ron Wyden. He's been a senator for our beautiful state since 1996. He's a member of the Democratic Party and has previously served in the U.S. House of Representatives from 1981 until 1996. He is the current dean of Oregon's congressional delegation. He's been a senator for our beautiful state since 1996. He's a member of the Democratic Party and has previously served in the U.S. House of Representatives from 1981 until 1996. He is the current dean of Oregon's congressional delegation. We want to give a special thanks to the Senator's staff, Hank and Grace, for helping us arrange this interview. We also want to thank Warner Pacific University and its president, Dr. Andrea Cook, for the hospitality and generosity to use their facilities to conduct our interview last week (Saturday, February 22, 2020).
Title: Ian Melven - Playing the Long Game in Infosec
Guests: Ian Melven
Date: February 21, 2020
Hosts: John L. Whiteman
Description:
Welcome to another edition of the Portland, Oregon OWASP podcast. Today we'll be talking with, Ian Melven. Bio: Ian Melven currently leads security at an Los Angeles based startup. Previously, he built and led the Product Security team at New Relic. Ian has worked in security related roles for over 15 years, including at Mozilla, Adobe, McAfee and @stake. Ian has been involved in the Portland chapter of OWASP since moving to the area in 2013 and was chapter chair for 2019. He supports West Ham United.
Title: Mark Curphey - Founder of OWASP - Security. Don't Be Shy. Just Ask!
Guests: Mark Curphey
Date: February 14, 2020
Hosts: John L. Whiteman
Description:
Welcome back to the OWASP PDX Podcast. Today, we're talking with none other than Mark Curphey, the founder of OWASP. Mark is also founder and CEO of SourceClear. And, as we just learned this week, cofounder of his new venture Open Raven. Mark moved to the U.S. in 2000 to join Internet Security Systems (now a part of IBM), and later held roles. including director of application security at Charles Schwab, VP of Professional Services at Foundstone McAfee and lead the security tools team at Microsoft. Mark holds a Masters of Information Security at Royal Holloway University. He's an avid cyclist and currently resides with his family in the San Francisco Bay Area.
Title: Chad Holmes - CMD+CTRL Web Application Cyber Range
Guests: Chad Holmes
Date: February 07, 2020
Hosts: John L. Whiteman
Description:
Today we'll be talking with Chad Holmes. Chad is a Product Marketing Manager for Security Innovation with a focus on educating customers on emerging Cyber Range technologies and how they can improve security education within organizations. Prior to joining Security Innovation, Chad was a Penetration Tester, Product Manager, Security Program Manager and Team Lead at Cigital, Veracode and Red Hat.
Title: Aaron and Ray - Application Security. It's Really About the Code!
Guests: Aaron and Ray
Date: February 01, 2020
Hosts: John L. Whiteman
Description:
Today we'll be talking with Aaron and Ray. Aaron is an Application Security Engineer with almost 10 years of experience. His unorthodox career path has led to many unique insights in the security industry. Ray is a life coach and conspiracy theorist. He does AppSec in his non-spare time for money. Both are insightful and brutally honest appsec bloggers for their website: hella-secure.com. We're going to be talking about Application Security. It's Really About the Code!
Title: Ryan Krause - Some Good Advice for Those Who Want to Become Pen Testers
Guests: Ryan Krause
Date: January 10, 2020
Hosts: John L. Whiteman
Description:
Today we'll be talking with Ryan Krause.Ryan is a penetration tester based Portland, Oregon. He's worked in various security areas for the past 11 years, including companies such as HP, eEye Digital Security, which is now BeyondTrust, and Comcast with a primary focus on app security and development. He's currently a consultant at NetSPI, where he performs web and network pen tests and assists clients with reducing their overall security exposure. Ryan will be presenting an introduction to Burp Suite at our next chapter meeting. Go to meetup.com and look up the OWASP Portland Chapter Group for more details. Today Ryan will talk about his experiences in pen testing along with great advice for those who want to break into this exciting field.
Title: Tim Morgan - Breaking New Ground in Predictive Risk-Based Vulnerability Management
Guests: Tim Morgan
Date: December 29, 2019
Hosts: John L. Whiteman
Description:
Today we will be talking to one of our own, Tim Morgan. Tim has had a fascinating journey in the world of security. He started in his teens as an old school hacker. And now owns his own security consulting and research company headquartered right here in Portlandia. For the past three years, Tim has been working on a new, innovated, risk-based vulnerability management system called DeepSurface. It's built on both hard science and hard lessons that he learned from his customers over the years. For more information about DeepSurface and Tim go to kanchil.com. After earning his computer science degrees (B.S., Harvey Mudd College and M.S., Northeastern University) and spending a short time as a software developer, Tim began his career in application security and vulnerability research. In his work as a consultant over the past 14 years, Tim has led projects as varied as application pentests, incident response, digital forensics, secure software development training, phishing exercises, and breach simulations. Tim has also presented his independent research on Windows registry forensics, XML external entities attacks, web application timing attacks, and practical application cryptanalysis at conferences such as DFRWS, OWASP's AppSec USA, BSidesPDX, and BlackHat USA. For the past three years Tim has been building an innovative new risk-based vulnerability management product (DeepSurface) that helps his customers gain a much deeper understanding of the complex relationships present in their digital infrastructures. Visit kanchil.com to learn more about Tim's latest R&D effort.
Title: Patterson Cake - Overcoming Your Greatest InfoSec Adversary: You!
Guests: Patterson Cake
Date: December 19, 2019
Hosts: John L. Whiteman
Description:
Tips on formulating complete sentences without acronyms, learning to pretend you aren't the smartest person in the room, choosing the right animations for your PowerPoint presentations, and more! Lets be honest, you probably didn't get into info-sec because of your love for public speaking, your mastery of written and verbal communication, or your highly-tuned social skills! Regardless, these things are key to your success or failure in info-sec. Dare to join me for a frank if somewhat tongue-in-cheek conversation regarding strategies for simplifying complex conversations, recognizing and overcoming common communication obstacles, translating leet-speak to business language and creating effective visual presentations. Patterson has been in information technology for over 20 years, focusing on security for the past several years in offensive, defensive and leadership roles. He is the founder of Haven Information Security, an instructor for SANS, and the Principal Cybersecurity Engineer for PeaceHealth.
Title: Adam Shostack - Threat Modeling
Guests: Adam Shostack
Date: December 19, 2019
Hosts: Ben Pirkl, David Quisenberry, John L. Whiteman
Description:
Adam Shostack is a leading expert on threat modeling, and a consultant, entrepreneur, technologist, author and game designer. He's a member of the BlackHat Review Board, and helped create the CVE and many other things. He currently helps many organizations improve their security via Shostack & Associates, and advises startups, including as a Mach37 Star Mentor. While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the 'Elevation of Privilege' game. Adam is the author of Threat Modeling: Designing for Security, and the co-author of The New School of Information Security.
Title: David Quisenberry & Ben Pirkl - OWASP Top 10 / Juice Shop Hack Session
Guests: Ben Pirkl, David Quisenberry
Date: December 19, 2019
Hosts: John L. Whiteman
Description:
OWASP Portland 2019 Training Day. This session is meant for those new to OWASP Top Ten. We will go over the OWASP Top Ten - where it came from, what it’s good for, what are the top ten, etc. And illustrate the concepts in the OWASP Top Ten through another OWASP Flagship Project - The OWASP Juice Shop. This will be a hands on class so everyone can follow along in the Juice Shop to explore the concepts. There will be time at the end for everyone to continue on their vulnerability hunting and a friendly Juice Shop CTF.
Title: Alex Ivkin - Container Security
Guests: Alex Ivkin
Date: December 19, 2019
Hosts: John L. Whiteman
Description:
OWASP Portland 2019 Training Day. When it comes to container security there are two prevailing schools of thought - either containers are secure by default, so you should not care much, or containers can not be secure in principle, so you should avoid them at all costs. In this training you will go through the real world examples of configuring and running containers in a secure manner. You will get insights into the security of both Windows and Linux containers, container infrastructure, such as container registries and orchestration platforms - docker swarm and kubernetes. We will examine real world vulnerabilities unique to different architectures of containers and how to address them.
Title: Justin Angra - Intro to Chrome Exploitation
Guests: Justin Angra
Date: December 19, 2019
Hosts: John L. Whiteman
Description:
OWASP Portland 2019 Training Day.Over 3 billion browser devices are actively loading arbitrary data served by someone else. What happens if one of those pages contains maliciously crafted JavaScript? Could they capture your passwords, perform UXSS, or worse - execute local code on your machine? In this session, you will get the opportunity to explore the anatomy and play with common vulnerability patterns in the renderer process of Chrome. This will be an interactive class; please bring a laptop with Docker installed.