[OWASP-LEADERS] Re-introductions and a few things......

David Endler DEndler at iDefense.com
Wed Jan 15 01:24:54 EST 2003


Hi all,

David Endler here. I had fully planned on writing as wild a profile as
Steve, but it's getting rather late and my humor I fear would be quite
feeble.  Before anyone else says "what Mark and Dave have built," let me set
the record straight and say that Mark alone has been the constant and most
giving leader/member of this group, and I really don't feel comfortable
being grouped in the same level of contributorship.  While many past and
current people have dropped off or been AWOL for various personal or work
reasons (me included), I feel as I'm sure we all do that this group wouldn't
be anything today without Mark's vision and drinking. . i mean driving. . .
force.  ok, enough of the curphey fan club for now.  :-)

I'm currently the technical director at iDEFENSE, a security intelligence
company.  We are a direct competitor to companies like Vigilinx and
Securityfocus and are based right outside of DC.  I lead a group of
engineers and researchers who are charged with verifying many of the
vulnerabilities/malwares/exploits that come across the Internet or are
collected by various individuals.  It's important that our clients receive
security information as soon as possible, so in addition to performing
original research, we also pay people to submit things to us.  Eventually,
we would like to share the web application types of vuln information to
distribute on the OWASP portal.

I got my BS and MS in computer science at Tulane University in New Orleans,
Louisiana.  I will be happy to share my 5 years collection of mardi gras
pictures at some point once my coffee table book comes out.  After college,
I spent some time as a spook in the NSA, as a researcher at MIT, an
intrusion detection designer at Xerox, a security architect at Deloitte and
Touche, and finally my current job.  I have always had a love of information
security in college, and I think the book The Cuckoo's Egg glamorized the
field for me very early on.

I was attracted to OWASP almost a year ago and initially helped out on the
ASAC project.  I then contributed some sections to the Requirements Guide,
and through a matter of cajolery and bribery, agreed to take on the Testing
Methodology project.  I see my current and emerging role at OWASP in
addition to project contribution really providing thought leadership and
guidance to the eventual integration and portal presentation of the
Documentation projects (Guide, Testing, ASAC) and their interaction with the
other projects(webgoat, etc.).  I would also like to see us author books in
the public domain and really gain the prestige and credibility in industry
as the best source for web application security period.

It feels good and exciting to be a part of something which has the potential
to shape a lot of the thinking and standards in the web application security
community.  That, coupled with the feeling of truly helping out and making
great contacts and friends is why I love being a part of this group.  I
think our success and membership will only snowball as our accolades start
to accumulate, as Mark will attest to, we can start to see this happen
already. 

The only change/suggestion I feel strongly about to promote a more cohesive
structure would be to plan monthly phone conferences (i know this is a pain
with time zones, etc.).   I really feel though that it's rare for all to
really know what's going on with the entirety of OWASP at any one time
without periodic status reports.  Having a group time might help us focus a
bit more on our individual/group goals and how we can work together better.

-dave

I like this picture of myself to share, just because one of my favorite
drinks is the Mojito and I was really enjoying myself at the time.
http://securitypimps.com/amsterdam/dave_and_his_mojito.jpg







More information about the OWASP-Leaders mailing list