Gary McGraw, Ph.D., Chief Technology Officer
Gary is a globally recognized authority on software security, is the author of eight best-selling books on the topic, and more than 100 peer-reviewed scientific publications. In addition to his work as an advisor and strategic counselor for top business and IT executives, Gary produces the monthly Silver Bullet Security Podcast. You can find more on Gary on his website.
John Steven, Internal CTO
John’s expertise runs the gamut of software security from threat modeling and architectural risk analysis, through static analysis (with an emphasis on automation), to security testing. As a consultant, John has provided strategic direction to many multi-national corporations, and his keen interest in automation keeps Cigital technology at the cutting edge. He has served as co-editor of the Building Security In department of IEEE Security & Privacy magazine, speaks with regularly at conferences and trade shows, and is the leader of the Northern Virginia OWASP chapter.
Joel Scambray, Managing Principal
Joel has over 15 years of experience assisting companies ranging from newly minted startups to members of the Fortune 500 address information security challenges and opportunities. Joel leads Cigital’s northwest regional practice and focuses on developing and sustaining successful client relationships through oversight of delivery, sales, recruiting, and business activities at the regional level. You can find more on Joel and his books here.
Paco Hope, Principal Consultant
Paco is a Principal Consultant with Cigital, Inc. and has 12 years of experience in the security of gaming systems (lottery systems, online gaming, casino gaming devices), web applications, operating systems, and embedded devices (e.g., mobile phones, smart cards). As a consultant, his customers include MasterCard International, WMS Gaming, GTECH, FINRA (the US securities exchange regulator) and Sterling Commerce (an AT&T Company). Paco leads Cigital’s efforts in online gaming security, including random number generator (RNG) certification and the SafeBetTM online gaming security certification. He co-authored the Web Security Testing Cookbook and Mastering FreeBSD and OpenBSD Security, both published by O’Reilly and Associates.
Scott Matsumoto, Principal Consultant
Scott is a Principal Consultant at Cigital bringing over 20 years of commercial software product development experience to the company. At Cigital, Scott is responsible for the mobile security practice within the company. He consults for many of Cigital’s clients on security architecture topics such as Cloud Computing Security, SOA Security, fine-grained entitlements systems and SOA Governance. His prior experience encompasses development of component-based middleware, performance management systems, graphical UIs, language compilers, database management systems and operating system kernels. Scott is a founding member of the Cloud Security Alliance (CSA) and is actively involved in its Trusted Computing Initiative.
Sammy Migues, Principal – Technology
Sammy is an information security visionary with a proven record of entrepreneurial innovation, intellectual capital development, practical business solutions, and performance optimization. He has extensive day-to-day experience in chief technologies, applied R&D, and evangelist roles, working directly with customers, product management and product development. At Cigital, Sammy works daily with customers and Cigital’s best and brightest to keep corporate knowledge and people on the cutting edge of software security and quality, while also working on product innovation, software security course creation, and risk modeling and management. In previous positions, Sammy was VP, Knowledge Management at Cybertrust (formerly TruSecure) and Chief Scientist at iDEFENSE. Sammy is frequently sought out for press relations, TV, conference speaking, classroom instruction, executive briefings, and related knowledge transfer.
Jim DelGrosso, Principal Consultant
Jim is a Principal Consultant at Cigital with over 30 years of experience working for software development and consulting organizations. At Cigital, Jim heads up the Architecture Analysis practice with the mission to analyze the architecture and design of systems to identify flaws and provide our customers contextual guidance to remediate or mitigate those flaws. His previous experience includes development of compilers, real-time embedded software, satellite communication software, thick-client applications, and n-tier client-server systems.