[Owasp-leaders] OWASP Podcast Series

Andre Gironda andreg at gmail.com
Fri Dec 12 14:53:56 EST 2008

On Fri, Dec 12, 2008 at 10:27 AM, Jeff Williams <jeff.williams at owasp.org> wrote:
> Andre's sense of humor probably didn't translate well to everyone. Jeremiah
> is one of the leading experts in application security and has worked with
> OWASP on numerous projects. He's also a great guy and extremely savvy.  The
> leaders list probably isn't such a good forum for cracking tongue-in-cheek
> jokes about people.

I'll try and keep it off the list then.  Hopefully everyone will check
out Jeremiah's blunders in the Podcast!  They might be difficult to
miss, but they are there.

Jeremiah is a great guy, and he is very savvy.  He does a lot
offensive webappsec research and promotes the use of his company, a
SaaS-based web application penetration-testing service (along with
remediation services, security-regression testing services, compliance
reporting, etc) that can also output rulesets to commercial and
open-source web application firewalls for monitoring and blocking
purposes.  He has probably helped thousands of clients improve their
webapp security postures, and has changed the industry in major ways
through awareness and other motivational exercises.

Does any of what Jeremiah does help operational security and to what
degree, and would other things improve it better for the
cost/time-involved?  Said differently, does anything hurt operational
security from Jeremiah's viewpoint and what are those costs?

I always find it interesting to try and figure out what it means to be
an expert.  I'm not claiming to be one, but do you simply become an
expert in a field when a majority of other self-proclaimed experts all
agree that one individual is a "leading" expert?  Should we base this
on monetary success?  The most vocal?  The highest-ranked guild
member?  What's the criteria?

Also see: [SCADASEC] Certification of Security Professionals / Tools


More information about the OWASP-Leaders mailing list