Cássio Goldschmidt is senior manager of the product security team at Symantec. He leads efforts across the company to ensure and enable the development of secure software products. His responsibilities include managing Symantec’s internal SDL, training, threat modeling, pen testing, and vulnerability management. Cássio has 14 years of professional software industry experience, including eight years at Symantec. He’s an active OWASP member and represents Symantec on the SAFECode technical committee.

Tom Lawton is Head of Information Security at the Markets Division of Thomson Reuters. The function of the Information Security group is “to translate the risk appetite of the business into cost effective controls”. Tom’s function provides advice, consultancy and tools to Architects and Technologists at Thomson Reuters as well as organizational security communication programs. Previously Tom led the Internal Audit function at Reuters Group, and was an Information Systems Auditor at the Bank of England and programmer at the Lloyds TSB Group.

Antti Vähä-Sipilä is a product security specialist/manager at Nokia. He has years of experience with security of mobile devices, software security and connectivity technologies. Holding an alphabet soup of certifications, Antti specializes in privacy, product security and SDLs and working with non-profits focused on human rights.

Janne Uusilehto is head of Nokia product security. He has worked at Nokia since 1998. His team is the owner of the Product Security Laboratory and product security related education, awareness and process improvement. Janne is a board member of ICASI, vice chair of SAFEcode and chair of mobile security for DIGITALEUROPE.

Bob Briggs is a director of IT security and compliance for the Hartford. His responsibilities include security strategy development, SOX and PCI program management, and security project execution. He has implemented a secure system development and maintenance framework designed to ensure delivery of secure and compliant applications from his organization’s development lifecycle. Prior to his work in security, Bob was a developer and an architect, he supported field office automation and he supported technology liaison between the business and IT communities.

Jerry Archer is VP of information security and CISO of Intuit. His responsibilities include securing and protecting customer privacy for all of Intuit’s products, services, and internal systems and infosec initiatives across the company. Prior to his work with Intuit, Jerry was a managing director at Global Competitive Strategies, senior VP at Visa International, and senior VP at Fidelity. In his early career in the intelligence community, Jerry was awarded a Distinguished Service Award from the CIA and a Meritorious Unit Citation from the NSA.

Andy Steingruebl is a manager on the information risk management team at PayPal. He manages the secure development program for all PayPal applications including the Web sites supporting PayPal’s 73 million active registered accounts. In addition, he also works with the information risk management team on issues of Internet governance, Internet policy, security protocols, and Internet infrastructure. Andy has been with PayPal since 2006.

David Hahn is Senior Vice President and Group Information Security Officer for Internet Services at Wells Fargo Bank. David manages all areas of Information Security for wellsfargo.com which has 11 million active customers and is the dominant channel for financial transactions for Wells Fargo. David has been with Wells Fargo for 22 years. David participated in the BSIMM study and plans and executes the software security initiative at Wells Fargo.

Brad Arkin is Director of Product Security and Privacy at Adobe Systems, where he has been tasked with reorganizing and accelerating product security. He comes to Adobe with plenty of real world experience in software security. He began his career at Cigital where he helped Gary form the software security group in 1997. He also served as a Technical Director at @Stake and a Senior Manager at Symantec (after the acquisition). He was also Vice President of Product Management at StepNexus. Brad’s years of experience in software security operations and execution give him a unique perspective.

Eric Baize is Senior Director in the Product Security Office at EMC. Eric has company-wide responsibility for product assurance. He also drives the integration between RSA and EMC products and solutions. Eric pioneered EMC’s push towards security. He was a founding member of the executive team who defined EMC’s information-centric security vision (including the acquisition of RSA in 2006). Eric is a regular speaker at security conferences, is on the Board of Safecode, holds a US patent, and has written international security standards.

Jim Routh is the CISO of the Depository Trust and Clearing Corporation (DTCC). Jim is a veteran technology and security executive, having held positions at American Express and American Express Financial Advisors before joining DTCC. At DTCC, Jim designed and implemented an enterprise wide information security program based on risk management best practice, COBIT, and ISO 27001. He is a member of the Board of Directors for FS-ISAC and the Wall Street Technology Association.

Steve Lipner is the senior director of security engineering strategy in Microsoft’s trustworthy computing group. Steve runs the Security Development Lifecycle team focused on product security and privacy. Steve has been active in computer security for thirty-five years. He holds a B.S. and an M.S. from MIT. His book The Security Development Lifecycle co-authored with Mike Howard is required reading in the field.

Reality Check targets experienced leaders working to solve software security problems in large organizations every day. We use a standard script to guide each conversation with questions about history, methodology, best practice, and measurement. We plan to interview leaders of mature software security programs and leaders of programs just getting started.

Your feedback is absolutely welcome. Please subscribe to the series through or RSS feed or through iTunes.