For over 25 years, my passion has been improving the security of the world's software. I've founded three very different but highly successful organizations to help solve the problem.

At Contrast, we invented a revolutionary technique that turns ordinary applications into "self protecting software." Contrast infuses new security capabilities into applications at runtime using dynamic binary instrumentation. Contrast installs in seconds, and from that point forward, applications continuously detect their own vulnerabilities *and* protect themselves against attacks. In practice, it works like an AppDynamics or New Relic, but for security not performance.

I've spent my career working security from a variety of angles. In the early 1990's, I built high assurance systems for the Navy and taught the INFOSEC curriculum at the NSA during the Orange Book days. Later I Chaired the Author Group for the SSE-CMM (now ISO 21827). I wrote a high assurance guard in Java on Trusted Solaris. I've done pentesting, manual code review on thousands of critical applications and have uncovered thousands of zero day vulnerabilities. I helped to start OWASP and was Global Chair for 8 years, where I started and led many popular open-source projects, including writing the OWASP Top Ten, WebGoat, ESAPI, ASVS, and XSS Prevention Cheat Sheet. I also helped start Rugged Software movement. I founded Aspect Security in 2002 and Contrast Security in 2014.