Gary McGraw
Gary McGraw is the CTO of Cigital, Inc., a software security and quality consulting firm with headquarters in the Washington, D.C. area. He is a globally recognized authority on software security and the author of six best selling books on this topic. The latest, Exploiting Online Games was released in 2007. His other titles include Java Security, Building Secure Software, Exploiting Software, and Software Security; and he is editor of the Addison-Wesley Software Security series. Dr. McGraw has also written over 90 peer-reviewed scientific publications, authors a monthly security column for informIT, and is frequently quoted in the press. Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Fortify Software and Raven White. His dual PhD is in Cognitive Science and Computer Science from Indiana University where he serves on the Dean’s Advisory Council for the School of Informatics. Gary is an IEEE Computer Society Board of Governors member and produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine.
Pravir Chandra
Pravir Chandra is a Principal Consultant at Cigital. Pravir is widely recognized in the industry for his expertise in security-based code analysis, and also for his ability to apply this knowledge strategically from a business perspective. He was most recently affiliated with Secure Software, Inc., where he was Co-Founder and Chief Security Architect. Previously, he managed an Operations Security group at AOL Time Warner where he supervised the build-out and maintenance of critical security infrastructure for the company and spent time as a research associate at Cigital. Pravir’s book, Network Security with Open SSL is a popular reference on protecting software applications through cryptography and secure communications. His varied special project experience includes serving as Project Lead for the Comprehensive Lightweight Application Security Process (CLASP) project with the Open Web Application Security Project (OWASP) Foundation.
Scott Matsumoto
Scott Matsumoto is a Principal Consultant at Cigital. Most recently, Scott was the CTO of Spring Street Networks. Prior to that he was co-founder and CTO of Xtremesoft, which provided component-based application monitoring for Microsoft technology-based applications. Scott has held positions at other major software companies such as systems architect for Lotus Development, principal at Working Set, Inc. and he was also one of the original designers of Digital’s Relational Database system.
Craig Miller
Craig Miller is a Principal Consultant at Cigital. In this role he provides thought leadership in advancing areas of IT, with particular emphasis on architecture, governance, and information security. He supports selected major clients and engages with clients who have new and technically challenging problems. He holds a Ph.D. in Systems Engineering from the University of Virginia, and has extensive experience in large scale integration. He has been an IP professional since 1971, and has worked with the full range of systems deployed over that interval from large mainframe COBOL/file-based systems to the most avant-garde web services technology. He has taught IT management and the architectural process at the McIntyre School of Commerce (UVA) and the Darden Graduate School of Business. Prior to joining Cigital, he was Global Chief Architect and North American CTO of Dimension Data and a Chief Scientist of SAIC. In 1997 he won a gold medal from the Smithsonian Institution for “heroic achievement in the advancement of information technology.”
Sammy Migues
Sammy Migues is the Director of Knowledge Management and Training at Cigital. Sammy is an information security visionary with a proven record of entrepreneurial innovation, intellectual capital development, practical business solutions, and performance optimization. As a founding member of four security services organizations, Sammy was responsible for creating the practical knowledge leveraged for repeatability and growth. As an active creator and participant in activities ranging from early NSA “Rainbow Books,” NIST Common Criteria, and DoD DITSCAP initiatives to state-of-the-art compliance matrices and security risk models, he made critical observations on the evolving relationships between information security threat, vulnerability, risk, and business objectives. From this experience, he recently turned his attention to the knowledge management aspects of information security governance and compliance, providing direct guidance to Fortune 500 leaders on efficiently “building security in” to everyday business activities. He is actively taking his practical management, technical, and thought leadership experience and applying it to the emerging enterprise security risk management discipline in areas such as: governance, compliance, and internal control; quantitative and qualitative risk analysis and modeling; security architecture, testing, and evaluation; executive scorecard; training; and, applied research.
John Steven
John Steven is a Technical Director with Cigital and a founding member of the company’s Office of the CTO. He also holds the title of Principal for Cigital’s Software Security practice. John combines experience in Cigital’s Software Security, Quality Assurance, and Process Improvement practices to deliver clients innovative solutions. John designed and developed jRapture, a capture/replay tool with profiling support for the Java2 platform and has served on conference panels regarding software security, wireless security, and J2EE system development. In addition to his extensive Java software development and testing experience, he has served as a technical advisor on large financial securities trading systems, including a J2EE municipal bond trading system. He is a published author and a sought-after reviewer of journal and conference submissions and edits IEEE Security & Privacy’s “Building Security In” column.
