John Steven, Senior Director, Advanced Technology Consulting
cigital.com
John brings to this newly-created division of the company both depth and breadth in software security. His experience includes research in static code analysis and hands-on architecture and implementation of high-performance, scalable Java EE systems. John has provided security consulting services to a broad variety of commercial clients including two of the largest trading platforms in the world and has advised America's largest internet provider in the Midwest on security and forensics. John led the development of Cigital's architectural analysis methodology and its approach to deploying enterprise software security frameworks. He has demonstrated success in building Cigital's intellectual property for providing cutting-edge security. He brings this experience and a track record of effective strategic innovation to clients seeking to change, whether to adopt more cutting-edge approaches, or to solidify ROI. John currently chairs the SD Best Practices security track and co-edits the building security in department of IEEE's Security and Privacy magazine. John has served on numerous conference panels regarding software security, wireless security and Java EE system development. He holds a B.S. in Computer Engineering and an M.S. in Computer Science from Case Western Reserve University.
John in the Press
| 10/22/09 | Do The Right Thing, Off by One. |
| 05/11/09 | The Cost Of Fixing An Application Vulnerability, Dark Reading. |
| 03/04/09 | Cleaning Out the Closet: What to Do With Those Worn-Out Legacy Systems, Linux Insider. |
| 11/28/08 | TOP PC, Internet, Information Security & Identity Management Blogs!, CEOWORLD Magazine. |
| 09/25/08 | Practical Advanced Threat Modeling - OWASP AppSec NYC 2008, Web Admin Blog. |
John's Latest Posts on the Justice League Blog
- Wait, my mom’s driving innovation–not me? (23 November 2009)
- Machinations Over O2 (17 November 2009)
- Vendors in an Open-Source Security Community (12 November 2009)
- AppSec DC ‘09 (9 November 2009)
- Security and ‘time’ (20 May 2009)
- Follow-up: Integrating Assessment Tools (31 March 2009)
- Maturity Models vs. Top 10 Lists (30 March 2009)
- Security folk often carry Macs, is that an endorsement? (16 March 2009)
- Improving Software Security (Maturity Models and Their Ilk?) (9 March 2009)
- Gartner and Static Analysis (19 February 2009)
Build Security In article series
These articles were all originally published in IEEE Security & Privacy. For more of John's publications, see our full listing of his available published articles.
- State of Application Assessment (November/December 2008)
- Defining Misuse Within the Development Process (November/December 2006)
- Essential Factors for Successful Software Security Awareness Training (September/October 2006)
- Introduction to Identity Management Risk Metrics (July/August 2006)
- Putting the Tools to Work: How to Succeed with Source Code Analysis (May/June 2006)
- Adopting an Enterprise Software Security Framework (March/April 2006)
Events
| Nov 10, 2009 - Nov 13, 2009 |
John Steven at OWASP AppSec 2009, talk: "Threat Modeling." Washington, DC. |
| May 11, 2009 - May 14, 2009 |
John Steven at OWASP AppSec Europe 2009, Talk: Threat Modeling." Kraków, Poland. |
| Sep 22, 2008 - Sep 25, 2008 |
John Steven and Jason Rouse presenting at OWASP NYC AppSec 2008 Conference. Cigital is Gold Sponsor of Event. |
| Jul 21, 2008 - Jul 24, 2008 |
John Steven presenting tutorial at Dr. Dobb's Architecture & Design World 2008 , Title: Practical Threat Modeling Techniques." July 21, Chicago, IL. |
| Mar 03, 2008 - Mar 07, 2008 |
Jim DelGrosso, Scott Matsumoto and John Steven at SD West, Santa Clara, CA |
| Nov 07, 2007 | John Steven at QCon, San Francisco 2007; "Making Threat Modeling Useful to Software Development"; San Francisco, CA. |
| Apr 17, 2007 | John Steven at the Software Security Summit, tutorial: Creating Enterprise Software Security Standards; San Mateo, CA. |
| Apr 16, 2007 | John Steven at the Software Security Summit, Scaling Application of Security Standards by Customizing a Code Analysis Tool; San Mateo, CA. |
| Feb 08, 2006 | John Steven at the Software Security Summit, "Build Your Own Software Security Capability Internally." San Diego, CA. |
| Feb 07, 2006 | John Steven at the Software Security Summit, "Practical Advice for Improving Enterprise Software Security." San Diego, CA. |
| Apr 13, 2005 | John Steven at Software Security Summit, talk: "Practical Security Touchpoints to Augment Your In-Place Development Process." La Jolla, CA. |
| Apr 06, 2005 | John Steven at SEI Software Architecture Technology User Network, talk: "Are All Quality Goals Created Equal?" Pittsburgh, PA. |