After nearly 25 years of IT/ InfoSec work across a vast range of industries, experience has fueled my drive to deliver a better information security consulting practice. In 2007, I started VerSprite (aka VerSprite Security) with the idea of developing a team of ‘security hybrids’ - consummate security professionals that personify both technical mastery around emerging technologies and associated threats, as well as a foundation on business processes, acumen, and overall mindset. As such, the inception of ‘true spirited’ security consulting was developed.
Through years of both hands on network, system, and software engineering and a foundation around risk management principles, the reality set in that true security, although relative to each organization, is best managed via a risk based approach where both an understanding of data usage and functional use cases are known in the context of viable threats scenarios and supportive attack vectors.
This risk-based approach led to the mantra behind VerSprite Security as well as the PASTA threat modeling methodology (Process for Attack Simulation and Threat Analysis), a co-developed risk based threat modeling methodology that I co-authored along with accompanying book (Risk Centric Threat Modeling, Wiley 2015).
Leading VerSprite today requires constant innovation across both technical and non-technical areas. Changes to emerging technologies, regulations, and threat landscapes forces security strategy to be tailored, not pre-fabricated or imitated. As such, I focus on ensuring that VerSprite’s consulting practice develops authentic and custom solutions for our clients in consideration of their risk appetite, threat landscape, technology footprint and regulatory environment. Beyond VerSprite, I run the OWASP Atlanta, GA Chapter and have been heavily involved in the OWASP global initiatives since 2008.