Jeff Williams — CEO

For over 25 years, my passion has been improving the security of the world's software. I founded three very different but highly successful organizations to help solve the problem. * Contrast Security (2014) is focused on fully automated application security at the speed and scale of DevOps. We invented a revolutionary technique leveraging dynamic binary instrumentation to assess applications for vulnerabilities *and* prevent vulnerabilities from being exploited. If you called it AppDynamics for security, you wouldn't be too far off. * Aspect Security (2002) was one of the first consulting firms to focus exclusively on application security. We supported very high profile financials, utilities, government agencies, entertainment, airline, and other industries with manual security code review and penetration testing, hands-on training and eLearning, architecture review and threat modeling, and other services. Aspect was acquired by EY in 2017. * OWASP (2001) is a worldwide open source application security organization with hundreds of chapters and 50,000 members worldwide. I created the Foundation, set up the Board, started chapters and conferences, and volunteered as Global Chair for 9 years. I also started and led many open-source projects used by millions, including the OWASP Top Ten, WebGoat, ESAPI, ASVS, and XSS Prevention Cheat Sheet. In the early 1990's, I built high assurance systems for the Navy and taught the INFOSEC curriculum at the NSA during the Orange Book days. Later, I Chaired the Author Group for the SSE-CMM (now ISO 21827). I designed and built a high assurance guard in Java on Trusted Solaris. Articles: Forbes - https://www.forbes.com/sites/forbestechcouncil/people/jeffwilliams1 DZone - https://dzone.com/users/1382547/planetlevel.html DarkReading - https://www.darkreading.com/author-bio.asp?author_id=954& Contrast Blog - https://www.contrastsecurity.com/security-influencers/author/jeff-williams-co-founder-chief-technology-officer

Stackforce AI infers this person is a SaaS and Application Security expert with extensive leadership experience.

Location: Washington, DC, United States

Experience: 36 yrs 2 mos

Skills

Application Security
Software Development Life Cycle (sdlc)
Penetration Testing
Open Source
Security Management
Network Security
Human Factors Engineering

Career Highlights

Founded three successful organizations in application security.
Pioneered innovative security techniques using dynamic binary instrumentation.
Led OWASP to become a global leader in application security.

Work Experience

Contrast Security

Founder and CTO (11 yrs 11 mos)

Aspect Security

Founder and CEO (12 yrs 5 mos)

OWASP

Global OWASP Chair (Volunteer) (10 yrs 1 mo)

Exodus Communications

Director, Global Security Practice (2 yrs 4 mos)

Arca Systems

Principal Security Engineer (6 yrs 4 mos)

TRW Defense & Space Systems Group

Human Factors Engineer (3 yrs)

MITRE

Human Factors Engineer (4 mos)

Education

JD cum laude at Georgetown Law

MA at George Mason University

BA at University of Virginia

Jeff Williams

CEO

Washington, DC, United States36 yrs 2 mos experience

Most Likely To SwitchHighly Stable

Key Highlights

Founded three successful organizations in application security.
Pioneered innovative security techniques using dynamic binary instrumentation.
Led OWASP to become a global leader in application security.

Stackforce AI infers this person is a SaaS and Application Security expert with extensive leadership experience.

Contact

Skills

Core Skills

Application SecuritySoftware Development Life Cycle (sdlc)Penetration TestingOpen SourceSecurity ManagementNetwork SecurityHuman Factors Engineering

Other Skills

Contrast Application Detection & Response (ADR)Vulnerability AssessmentSecurity AuditsSecurity Architecture DesignIASTSCASASTServerlessRASPCode ReviewMobile SecurityeLearningOWASP Top TenWebGoatESAPI

About

Experience

36 yrs 2 mos

Total Experience

6 yrs 7 mos

Average Tenure

11 yrs 11 mos

Current Experience

Contrast security

Founder and CTO

Jun 2014 – Present · 11 yrs 11 mos · Columbia, Maryland

Founded Contrast to to help developers accelerate software delivery *and* increase security. The Contrast Security Code Platform provides a full suite of modern application security products that developers love and security experts trust, including IAST, SCA, SAST, Serverless, and RASP. Invented and patented numerous technologies for using instrumentation of running software for security analysis and protection.
Website: https://www.contrastsecurity.com
Twitter: @contrastsec

Contrast Application Detection & Response (ADR)Application SecuritySoftware Development Life Cycle (SDLC)Vulnerability AssessmentSecurity AuditsSecurity Architecture Design

Aspect security

Founder and CEO

Jan 2002 – Jun 2014 · 12 yrs 5 mos · United States

Founded Aspect Security to focus exclusively on the very new area of application security. Aspect's team consisted of highly skilled consultants providing training, penetration testing, code review, mobile security, and eLearning services to major financial, government, utility, retail, airline, and even video game companies. Aspect was sold to E&Y in 2018.
Aspect's core businesses include...
Assurance - code review, penetration testing, architecture review
Training - both instructor led and eLearning
Programs - helping organizations become capable of reliably producing secure apps

Application SecurityPenetration TestingCode ReviewMobile SecurityeLearning

Owasp

Global OWASP Chair (Volunteer)

Aug 2001 – Sep 2011 · 10 yrs 1 mo · Everywhere

For over 10 years I volunteered my time to help OWASP grow from a mailing list to a worldwide charitable organization with thousands of members, hundreds of corporate sponsors, dozens of annual events worldwide, over 200 chapters around the world, and hundreds of free and open projects. I created the OWASP Foundation 501c3, established the OWASP Board, created the OWASP Chapters Program, and contributed some of OWASP's most successful projects, including the OWASP Top Ten, WebGoat, ESAPI, ASVS, and the XSS Prevention Cheat Sheet. If you are planning a career in application security, then joining the OWASP community, pitching in on projects, attending conferences, and helping us achieve our mission is absolutely the best thing you can do.

OWASP Top TenWebGoatESAPIASVSXSS Prevention Cheat SheetApplication Security+1

Exodus communications

Director, Global Security Practice

Nov 1999 – Mar 2002 · 2 yrs 4 mos

Managed regionalized teams of security consultants to provide a full suite of professional security services. Taught security bootcamps around the country. Started the application security practice and developed static analysis tools.

Security ConsultingStatic Analysis ToolsSecurity BootcampsSecurity ManagementApplication Security

Arca systems

Principal Security Engineer

Nov 1992 – Mar 1999 · 6 yrs 4 mos · Columbia, Maryland

Network and application security consulting and R&D. Designed and built bidirectional MLS Guard in Java on Trusted Solaris, chaired the group that authored the SSE-CMM (ISO/IEC 21827), and taught at the NSA's Cryptologic School.

Network SecurityApplication SecurityR&D

Trw defense & space systems group

Human Factors Engineer

Jan 1989 – Jan 1992 · 3 yrs · Merrifield, Virginia

User interface design and implementation for the OSIS Baseline Upgrade (OBU), an Orange Book B2 level Navy platform tracking system. Responsible for over 600 interface screens. Wrote tools in Pascal on VAX/VMS to allow WYSIWYG interface maintenance and QA. Worked on several IR&D efforts to bring OBU to Compartmented Mode Workstation (CMW) operating systems like Trusted Solaris.

User Interface DesignOrange Book ComplianceHuman Factors Engineering

Mitre

Human Factors Engineer

May 1988 – Sep 1988 · 4 mos · Tysons Corner, Virginia

Worked on the human factors team for the new air traffic control system AERA2. Wrote tools for modeling fly-by-wire traffic and conflict analysis in PL/1.

Human Factors EngineeringModeling Tools