Security Influencers provides real-world insight and “in-the-trenches” experiences on topics ranging from software application security to DevOps and cloud security.


Jeff Williams, Co-Founder, Chief Technology Officer

Jeff brings more than 20 years of security leadership experience as co-founder and Chief Technology Officer of Contrast. Previously, Jeff was co-founder and CEO of Aspect Security, a successful and innovative application security consulting company acquired by Ernst & Young. Jeff is also a founder and major contributor to OWASP, where he served as the Chair of the OWASP Board for 8 years.

Connect With Us :  

Interview: Bruce Brody of Cubic Cyber Solutions

In this interview, Jeff Williams interviews Bruce Brody of Cubic Cyber Solutions, a leading provider of specialized systems and services in the rapidly changing world of technology. They examine the relationship between federal cybersecurity..

Continue Reading >>

Interview: Jonathan Chow & Neeta Maniar of Live Nation Entertainment

In this interview, Jeff Williams interviews Jonathan Chow and Neeta Maniar of Live Nation Entertainment: The world's leading producer and promoter of live entertainment, and the parent company of Ticket Master and The House of Blues. They discuss..

Continue Reading >>

Interactive Application Security: Frequently Asked Questions

Contrast doesn't neatly fall into either the static analysis (SAST) or dynamic analysis (DAST) categories most security experts ask about. Because of that, we often field questions about what exactly and Contrast does. This post will answer a few..

Continue Reading >>

We've Been Hacked. Our Data Was Breached. What Do I Do Now?

We're Sorry You Got Hacked.

First, if you just detected a data breach, you've been hacked, and you should probably stop reading this blog post and get to work fixing the problem. If you need a "What to do in the first 24 hours after a data..

Continue Reading >>

Why It's Time for Terms Like "Static" and "Dynamic" Analysis to Die

In John Godfrey Saxe's retelling of  The Blind Men and the Elephant, six blind men try to teach each other what an elephant is 'like'. They each take hold of a different part of the elephant and proclaim they know what an elephant is. In..

Continue Reading >>

Why Static Application Security Scanners Just Can't Cut It Anymore

Static Analysis and Dynamic Analysis Tools Have Their Place To be clear: I’ve been an advocate of both dynamic vulnerability scanning (DAST) and static analysis (SAST). These technologies can be helpful when used by experts as part of an..
Continue Reading >>

The 6 Pillars of Application Security

Once you discover a vulnerability, it instantly is super-critical information. How do you protect security vulnerabilities inside your organization? How are they stored? Who gets access? This What are people allowed to do with them? I've seen..

Continue Reading >>

Is Your AppSec Tool Truly Scalable?

Many businesses are trapped in a dilemma, a Morten's Fork – should we rely on automated tools to assure the application portfolio and overlook false positives and missed vulnerabilities? Or should we use expert consultants to get the level of..

Continue Reading >>

The OWASP Top Ten and Beyond

The past decade shows only trivial progress in improving web app security, according to new vulnerability guidelines in the OWASP Top Ten 2013.

Continue Reading >>

Went To AppSec California 2014. Tried Contrast. Here's My Story.

We receive "fan" mail from many of our clients, and lots of people who watch a demo are impressed. But when Steve Rosonina, CTO of Accumulus Labs, sent us a review with his story, we had to put it up for the world to see. Without further ado,..

Continue Reading >>