Badges

70 Points
3 Years

User Activity

Almost 3 years ago
Everything in technology focuses on People, Process & Technology. What binds these together is business requirements and understanding the needs of each Line Of Business. Often each Line of Business requires completely different requirements, but what tools help you meet…
Almost 3 years ago
The first thing you'd want to do is 1. Look at your application inventory to determine the language and framework coverage. 2. The following would be what has the developer integrations with my current and future state CI/CD toolset, Developer IDE's 3. Do I have the…
About 3 years ago
The easiest way to remember the role of each: SCA & SAST = Am I Vulnerable DAST & IAST = Am I Exploitable (In some cases together, they complement SAST) RASP & WAF = Can I Protect Myself  (Fixing the code is the primary option)
About 3 years ago
Choosing the right static analysis software requires multiple components:1. What are my business requirements and do I have champion BUs  2. What does your application portfolio look like (Lang. developed, Line of Code, etc.) and do we have a complete application inventory…
About 3 years ago
Rendra,  You need to ask yourself a few questions: 1. Do I know is the technology stack (languages) that needs to be supported? 2. Do I have access to the Source Code, just Binaries OR Both? 3. Do I need to support SCA(FOSS) 4. Do I need a unified Dashboard for reporting for…
About 3 years ago
@Oscar Van Der Meer Fortify SCA (Static Code Analyzer) was around way before SCA (Software Composition Analysis). There are various integrations with Software Composition Analysis (SonaType, BlackDuck, Snyk, WhiteSource, and OWASP Dependency Checker & Track. The reason…

Projects

About 3 years ago
Turning a major financial customer from a non
Turning a major financial customer from a non believer to the most robust customer. That customer is now a referenceable customer.

Answers

Almost 3 years ago
Application Security Testing (AST)
Almost 3 years ago
Application Security Testing (AST)
About 3 years ago
Application Security Tools
About 3 years ago
Software Composition Analysis (SCA)

About me

Thomas Ryan is an established expert on cyber & physical security specializing in red team operations, application and supply chain security, information operations & personal protection. His precision focus during his career has been on offensive and defensive security operations and their application within both public and private organizations.

Thomas serves as Board Advisor for numerous companies while functioning as the Founder of Asymmetric Response, a boutique security firm.

In 2010 Thomas gained global notoriety for his research known as “The Robin Sage Experiment”. His research focused on the dangers and threats around social media. To this day the impact of this research is still relevant as well as 10x greater. Currently, Robin Sage Experiment's concepts are being taught in 28 universities in their cybersecurity and homeland security courses. It’s also be referenced in 100’s of security research papers and is currently used in many red teams and intelligence collection operations. Additionally, Thomas has been assigned several CVEs for exploits discovered and referenced 3 different times in the MITRE ATT&CK Framework.

Interesting Projects and Accomplishments