Tony UcedaVelez

Tony UcedaVelez President, OWASP CEO / Founder, VerSprite Tony has more than 18 years of hands-on information security and technology expertise across technical and operational areas. He has worked and consulted for numerous firms within the global Fortune 500, as well as U.S. federal agencies on the subjects of security risk management, application security, threat modeling, and security architecture. He is the founder of VerSprite and consults across several different industries on a myriad of security topics using a risk centric approach that is strategic, efficient, and measurable. Coming from a diverse IT background in software development, security architecture, and network security, combined with years of enterprise work in process engineering and security risk management, Tony has become a recognized leader in developing strategic security solutions that are multi-faceted in their approach in addressing the multiple facets of enterprise risk. From both the commercial and government sectors, Tony has applied his expertise across multiple control frameworks (ITIL, NIST, ISO, CoBIT, ITIL, etc.) in order to help mature security programs built around both automated and process based controls. In the realm of application security, Tony is a threat modeling evangelist and has provided numerous talks domestically and across four continents on its many benefits and application. He’s co-patented PASTA, Process for Attack Simulation and Threat Assessment and in 2015 authored ‘Risk Centric Threat Modeling’ (Wiley Life Sciences). He has served as guest speaker for several groups such as ISACA, IIA, ISSA, ISC2 and OWASP on the topic of application threat modeling across four different continents and has delivered numerous training sessions on how PASTA can make for a more realistic approach to identifying threat agents and their most likely attack vectors against company infrastructure. Tony has integrated threat modeling with several maturity models such as SAMM, BSIMM, and CMMI as well as risk and control frameworks that include OCTAVE, FAIR, NIST 800- 53, ISO, and CoBIT. His expertise has focused on bridging technical security risks with operational financial risks in order that companies can understand the impact of poor security practices on business. Tony’s focused on risk, hybrid centric approaches to application security has allowed him to be a spokesperson for greater security information integration. Tony’s work in consulting revolves around hybrid security practices aimed at greater efficiency and streamlined security program management functions. Prior to VerSprite, Tony served as Sr. Director of Security Risk Management to a Fortune 50 organization where he led security assessments against global application environments. His work encompassed web application security testing, security architecture reviews, and technical security risk analysis against business objectives. He applied effective ways to introduce the subject of application risk to information owners by effectively mapping them to operational business components. Previous to this role, he spent more than 10 years in the field of application security across other Fortune 500 organizations within the banking, telecom, and information service industry segments. Tony currently leads the OWASP Atlanta Chapter, where he manages monthly workshops and events for the Atlanta web application security community. He is also very active across multiple OWASP projects at a global level and is a known as a vocal leader in the global OWASP community. Beyond OWASP, Tony has helped to launch BSides Atlanta for the past four years in order to create a grassroots security event aimed at providing a more hands on approach to local area IT groups in Atlanta.