Speaking Engagements

Further info on Gary McGraw's Talks

Sample footage

• Exploiting Online Games from Usenix Security 2007
  
• BSIMM from Purdue University May 2010
  
• Smart Grid Equals Dumb Security from NRECA March 2010

High resolution photo

Book websites

• Software Security
  
• Exploiting Online Games
  
• Exploiting Software
  
• Building Secure Software
  
• Addison-Wesley Software Security Series

Press coverage

Other resources

• Short bio
  
• Personal website

Gary McGraw, Ph.D.
Chief Technology Officer, Cigital
Best selling author of Software Security and 11 other books

• Biography
• Topics
• Testimonials
• Fees and travel arrangements

Biography

^ back to top

Gary McGraw is the CTO of Cigital, Inc., a software security consulting firm providing services to some of the world’s best-known companies. Dr. McGraw is a globally-recognized authority on software security­—featured frequently as a keynote speaker at events throughout the world. His strategic advice counsels business executives and top management, technology developers, IT, and operations staff in industries such as finance, software, and energy. He is on the Board of Directors of Cigital and serves as a Technical Advisor to Dasient, Invincea, and Ravenwhite Security. Gary also speaks at academic conferences and participates in academia by advising the Computer Science department of the University of Virginia and the Dean's Advisory Council of the School of Informatics at Indiana University. Among his federal government credentials is serving as a prime contributor on the National Cyber Security Summit Alliance study Security Across the Software Development Lifecycle.

Dr. McGraw has, quite literally, written the book on software security; six of them best-selling in their field. He co-authored the groundbreaking Building Secure Software with John Viega in 2001, introducing ideas that are expanded and made actionable in his 2006 book, Sofware Security: Building Security In. His most recent book Exploiting Online Games was published in July 2008. His other titles include Java Security, Securing Java, Software Fault Injection, and Exploiting Software; he is also editor of the Addison-Wesley Software Security series. He has authored over one hundred peer-reviewed scientific publications, writes a monthly security column for informIT, and is often quoted in the press. He co-authored the BSIMM project and is still actively involved in its development. He holds a dual PhD in Cognitive Science and Computer Science from Indiana University and a BA in Philosophy from the University of Virginia. He has served as a member of the IEEE Security and Privacy Task Force and IEEE Computer Society Board of Governors. He produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine.

When not performing as a technologist, scientist, author and speaker, Gary is an active musician, playing the violin since the age of three. He has been doing improvisation since college, his other instruments including mandolin and guitar. He plays occasional gigs and records original music with the band “Where’s Aubrey,” the band’s repertoire ranging from old time folk music to modern jazz. Gary and his wife Amy Barley live with their two sons and an assorted menagerie including chickens, pigs, and goats on a farm on the banks of the Shenandoah River with vistas of the Blue Ridge Mountains.

Topics

^ back to top

Dr. McGraw is passionate about software security and technology transfer. He delivers talks spiked with both humor and insight to audiences ranging from big commercial trade shows to academic lecture halls. You will most certainly laugh and will probably learn something as an accidental side effect. Abstracts for these current titles are available on request:

• Bug Parades, Zombies, and the BSIMM: A Decade of Software Security
• Attack Trends 2011 -or- Why Software Security
• Software Security State of the Practice
• Software Security and the BSIMM
• Startup Lessons

Some Sample Keynote Talks from 2010-2011

How do I Secure my Software?

• Hotel Technology Next Generation, San Diego, CA, February 2011.

Architectural Risk Analysis

• Innovation Sandbox, RSA, San Francisco, CA, February 2011.

Attack Trends 2010 –or- Why Software Security

• ACS, Control Systems Security, Washington, DC, September 2011.
• SNI Security Conference, Knoxville, TN, September 2011.
• CERN Computing Seminars, Geneva, Switzerland, March 2011.
• Bank of America Security Summit, Charlotte, NC, May 2010.

Smart Grid Equals Dumb Security?

• NRECA, Atlanta, GA, February 2010.

Software Security and the BSIMM

• AERES, Vienna, Austria, August 2011.
• Software Experts Summit, Mountain View, CA, May 2011.
• Fannie Mae, CSO Security Summit, Washington, DC, January 2011.
• SE OOP, Munich, Germany, January 2010.
• Distinguished Lecture, University of Leuven, Leuven, Belgium, February 2010.

The Building Security In Maturity Model (BSIMM)

• NESSOS, Internet Days EU, Poznan, Poland, October 2011.
• NLgovCERT, Rotterdam, the Netherlands, November 2010.
• ELSAG datamat, Pescara, Italy, October 2010.
• SANS Software Security Summit, San Francisco, CA, February 2010.
• Siemens Software Security Day, Munich, Germany, January 2010.

Software Security: State of the Practice

• SAP Quality Day, Heidelberg, Germany, March 2011.

Testimonials

^ back to top

"Gary did a wonderful job in educating our software developers on state of the art secure software development practices while at the same time being entertaining and motivating. This was the first technical security presentation seen at SAP which kept the audience excited to the last slide and beyond."

- Gunter Bitz, Ph.D.
Product Security and Governance
SAP

"Gary McGraw is the kind of speaker that gets and holds your attention. He talks about software security and cyber security more broadly, and there is no question that he's an expert, but what makes him special is the way to make these very hard, very technical topics understandable. In the same talk he manages to deliver value to experts while not losing executives, regulators, press and others who don't live in the trenches. He is quick, witty, and fun and he speaks English, not geek."

- Craig Miller, CTO MAPA Group

"Gary came, spoke, and convinced everyone of our 500 guests of the importance of software security - a topic at the very heart of cyber security.

Gary doesn't just 'speak to' the audience. Instead, he seems to be having a personal conversation with everyone in the audience individually. Delivered with ease and garnished with examples and anecdotes in a style that proves years of experience.

Here is a man who grew up in software security, who lives it and who breathes it. Here is a man that people won't forget."

- Elly van den Heuvel, General Manager GOVCERT.NL

Fees and Travel Arrangements

^ back to top

Dr. McGraw travels from Dulles airport near Washington, DC. His speaking fee varies based on the location of the speech and will be provided upon inquiry. Please e-mail further details on your proposed event, including event URLs, location and dates.

Thank you for your interest in Dr. McGraw's talks. We look forward to hearing from you.