Brian Bertacini founded AppSec Consulting in 2005, since then the company has become a leading provider of IT security testing services, PCI assessment and validation, training and security technology integration for businesses of all sizes including starts-up and large global enterprise clients. Brian is a member of ISSA, ISACA, and OWASP. He has more than 20 years' experience in software development, systems engineering and information security, fulfilling various roles at IBM, Varian and Fujitsu. Brian is the founding member of the Silicon Valley OWASP chapter and he oversees the management of AppSec Consulting to ensure the company's valued clients receive the highest quality of service.
Brian Shura is the Vice President of AppSec Consulting. Brian's team of security professionals performs application and network penetration tests, mobile application security assessments, source code reviews, and a variety of other interesting security projects. Brian often teaches application security classes and has created world-class security training for developers, QA analysts, and information security analysts. Prior to his role in application security, Brian spent five years working as a developer on large Internet-facing websites. Brian is also the Project Leader for the Web Application Security Consortium's "Web Application Security Scanner Evaluation Criteria" project.
Ryan Hogan is the Director of AppSec Consulting’s Strategic Advisory Services team. Ryan is an ISO27001 Lead Implementer and risk management professional with more than 16 years of industry experience. Ryan has served in key information security roles at large enterprises within the finance, technology, manufacturing, and pharmaceutical markets. He has worked on all sides of the security equation. Ryan has worked as an auditor reviewing security controls for SOC reports, and as security manager at a service provider that is having its security controls audited, as well as a security manager at customers reviewing the results of a service provider’s security audit. He uses this perspective and experience to provide a balanced view and a risk based approach to information security that meets business objectives. In addition, his experience and expertise includes performing Enterprise IT Risk Assessments, preparing for ISO27K Implementation, Vulnerability Management, and Security Strategic Planning.
Ryan has a strong track record of interpreting and applying a variety of information security-related frameworks and standards to meet an organization’s business objective. His common sense approach, communication skills, and initiative elevate him amongst his peers in the industry.
Travis Lee is the Director of Penetration Testing at AppSec Consulting with over 11 years of experience in Information Security, Network and System Administration, and System Architecture. He has expertise in many areas including network and web application penetration testing, mobile and client application penetration testing, security management and operations, vulnerability research, cyber-physical systems, and conducting technical training. He has discovered and responsibly disclosed numerous vulnerabilities in commercial software, web applications, and cyber-physical control systems.
Travis is a Computer Science graduate of the University of Hawaii at Manoa and holds numerous professional certifications including the prestigious GSE, OSCE, OSCP, GXPN, GREM, GPEN, GCIA, GCIH, GCFA, GSNA, GSEC, CISSP, and MCSA. Additionally, he has achieved the distinctive title of SANS Cyber Guardian (Red Team). Travis is also a Cyber Warfare Officer for the Air National Guard and part of a leading, nationally recognized Cyber Operations unit that conducts worldwide, full spectrum network security operations to improve the DoD Global Information Grid and the Air Force's network security posture. Prior to joining AppSec, Travis worked in consulting, the utilities industry, and higher education.
Adam Caudill is the Director of Application Security Testing. He is an expert in application security, with a specialty in applied cryptography, speaking regularly at industry events on topics from data protection to attack techniques. Adam has more than 15 years of experience in information technology, with responsibilities including systems administration, full-stack software development, architecture & system design, security code review, development and implementation of secure development standards, and penetration testing. He utilizes a combination of manual and automated techniques; often building or extending custom automated tools when existing solutions fall short.
Adam is a frequent contributor to open source projects, and maintains a number of security-related projects; from a tool to aid PCI auditors, to cryptography-related tools and libraries. His writing and research have been cited by many media outlets and publications around the world, from CNN to Wired and countless others.