Security Influencers provides real-world insight and “in-the-trenches” experiences on topics ranging from software application security to DevOps and cloud security.

Jeff Williams, Co-Founder, Chief Technology Officer

Jeff brings more than 20 years of security leadership experience as co-founder and Chief Technology Officer of Contrast. Previously, Jeff was co-founder and CEO of Aspect Security, a successful and innovative application security consulting company acquired by Ernst & Young. Jeff is also a founder and major contributor to OWASP, where he served as the Chair of the OWASP Board for 8 years.

Connect With Us :  

Automating Application Security in Modern Software Projects

Today, it seems like every organization has become a software company.

The increasing dependence on automation demands that software survive and thrive despite an increasingly hostile environment.

Insecure code has become the leading security..

Continue Reading >>

Obama Orders Review of Election Hacking

BACKROUND - President Obama recently ordered a “deep dive” into the cyberattacks of this year’s election and he wants the report before he leaves office on January 20. This request comes as President-elect Trump has again dismissed the intelligence..

Continue Reading >>

Is There a 3rd Category of Application Security Tools Beyond Static & Dynamic?

Recently, Clark Coleman asked a very logical question about application security tools:

Can you explain the difference between DAST (Dynamic Application Security Testing) and IAST (Interactive Application Security Testing)? To a novice like me,..
Continue Reading >>

Application Security: Changes to Microsoft Patch Tuesday

Everyone should be patching like Microsoft.

You can argue with some of the tiny details about how Microsoft schedules patches, but the elephant in the room is that nobody has thought through continuous patching better or for longer than Microsoft.

Continue Reading >>

So, Now We Have a Federal CISO...

So, now we have a federal CISO, Brigadier General [Retired] Gregory J. Touhill, as part of the Office of Management and Budget (OMB.) But, what does that really mean?

Continue Reading >>

60 Minutes & the "Signaling System Seven (SS7) Vulnerability"

Over the weekend, 60 Minutes featured a segment on how cellphones and mobile phone networks are vulnerable to hacking, exploiting a security flaw discovered in Signaling System Seven – or SS7. According to security researcher Karsten Nohl, “the..

Continue Reading >>

The Four Dimensions of Application Security "Coverage"

For many application security vendors, "coverage" is the third rail — but it's a critical part of your application security strategy... maybe the most critical.

If you're a CISO, appsec program manager, or anyone else charged with application..

Continue Reading >>

Can Openness in the US Government Lead to Better Application Security?

On Tuesday morning, ZDNet reported that U.S. government has published a new federal policy that aims to encourage more agencies to open-source custom code they’ve developed.

Continue Reading >>

Peiter Zatko's (Mudge) Cyber Independent Testing Lab methods.... just another flash in the pan?

Last week, The Intercept published an article (A Famed Hacker is Grading Thousands of Programs – and May Revolutionize Software in the Process) discussing a new method for testing and scoring the security of software. This new method – called the..

Continue Reading >>

"The DCCC Hacked:  SQL Injection?  Come on."

Jeff's comments here are a follow-up to his blog post "International hacks, politics and knee-jerk cybersecurity... never a good mix - Russia & the DNC Hack." You may want to read that post too!

Some software is more important than other..

Continue Reading >>


Learn how to unify security strategy across & development operations. See how to set up a CAS program with only eight activities!

Download the Handbook