Chief Security Evangelist at Veracode
0
Talks Delivered
0
Events Spoken At
0
Countries Visited
10
Years Speaking
0
Total Talks Given
A pioneering figure in the cybersecurity realm, Chris began his illustrious career as an original vulnerability researcher at the renowned hacker think tank, L0pht. From 1992 to 2000, he was an integral member of this group, contributing to its groundbreaking research. One of his earliest notable disclosures was a vulnerability he identified in the Windows NT networking stack. This discovery revealed that regular users could intercept packets before they reached host firewalls or system processes. Chris's research skills led him to this finding using a tool he developed, named Netcat for NT.
Chris was instrumental in the development of L0phtCrack, the pioneering Windows password cracking tool. Recognizing the need for a more collaborative approach to cybersecurity, Chris was a driving force in transitioning the security community from an anarchistic full disclosure model to a more coordinated disclosure approach. This involved forging partnerships between the L0pht and major software vendors, including Microsoft, in the late 1990s.
His unwavering commitment to elevating security standards and his impactful vulnerability research did not go unnoticed. In 1998, Chris, alongside 6 of his L0pht colleagues, testified before the U.S. Senate on matters of U.S. govt cybersecurity. His expertise was again sought in 2003 when he testified to the U.S. House, elucidating the intricacies of software vulnerability discovery during a period when internet worms were a significant threat to businesses and government entities.
A staunch proponent of the "secure by design" philosophy, Chris took on the role of VP of Research at the security consultancy, @stake, in the early 2000s. Here, he collaborated closely with Microsoft, integrating robust security processes into their Software Development Life Cycle (SDLC). This included the introduction of threat modeling, code review, fuzzing, and application penetration testing. Drawing from his extensive experience consulting with software vendors, Chris authored "The Art of Software Security Testing", published by Addison-Wesley in 2006.
In 2006, with a vision to revolutionize software security, Chris founded Veracode. Under his leadership as CTO, Veracode offers a SaaS solution that automates the "secure by design" approach, leveraging a myriad of appsec testing techniques. Today, Veracode serves 1000s of customers worldwide. For 18 years Chris was at the helm of its security research, product security, info security, & compliance teams. Today he speaks to the public and to customers as Chief Security Evangelist.
