CfT/CfP Reviewers



Abhinav Khanna
Abhinav is an Information Security professional, having 3+ years of experience in Application Security. He is currently working as a Senior Security Consultant at NotSoSecure.

Social Links:

Allison Shubert
Allison Shubert has over 22 years of experience in information technology. The last fifteen years of which she has focused on information security. Allison has extensive experience in application security, security architecture, and risk management. She holds a Master of Science degree in Information Assurance and serves as a subject matter expert (SME) for the International Information Systems Security Certification Consortium (ISC2) on the certified Information Systems Security Professional (CISSP) and the Certified Secure Software Lifecycle Professional (CSSLP) exams. She is active in her local OWASP chapter and serves on the paper selection committee for OWASP global conferences. In her spare time, she is a mother who shuttles her son to sports practices and games. She enjoys baking and has recently taken up making homemade sourdough bread.

Social Links:

Andrew van der Stock
Andrew van der Stock is the Executive Director for the OWASP Foundation where he oversees the administration, programs and strategic plan of the organization.

Social Links:

Aram Hovsepyan
Aram is the founder, CEO of Codific and a security and privacy expert. He has over 15 years of professional experience in designing and building complex software systems by explicitly focusing on security. He believes application security is a holistic discipline. Aram has a PhD in cybersecurity from DistriNet, KULeuven which provides him with a broad knowledge of the security landscape. Throughout his academic years he has mainly focused on privacy threat modelling and streamlining the LINDDUN methodology (which is one of the most systematic privacy engineering methodologies and part of the ISO 27550 standard). Aram is now part of the OWASP SAMM core team.

Social Links:

Elastos Chimwanda
Elastos Chimwanda is an audit, cyber security & cloud security expert,consultant, thought leader and published author. He serves as a subject matter expert with various institutions including the Institute of Internal Auditors, the Information Systems Audit and Control Association, the International Information Systems Security Certification Consortium, the Cloud Security Alliance, the Open Web Application Security Project & the Center for Internet Security. He holds the CIA, CISA, CISSP, CCSP, ISO/IEC 27001 Lead Auditor designations. He has extensively worked with and has expertise in a wide range of frameworks including NIST CSF, ISO/IEC 27001, PCI DSS and CCM.

Social Links:

Erez Yalon
Erez Yalon is the VP of Security Research at Checkmarx. Erez oversees Checkmarx's research team comprising analysts, pen testers, security engineers, and bug bounty hunters. He brings vast experience to his position and his efforts to empower today's developers and organizations to deliver more secure applications.Erez is also the Founder of the AppSec Village and the API Security Top 10 project.

Social Links:

Harold Blankenship
Harold Blankenship, Director of Projects and Technology at the OWASP Foundation, nurtures, manages, facilitates,the volunteer open source programs of the Foundation.

Social Links:

Izar Tarandach
Izar is now doing the security thing at Datadog. Prior, he was (Interim) Head of Security and Principal Security Architect at Squarespace, and done security stuff at Bridgewater Associates, Autodesk, DellEMC, RSA and a bunch of other places. He was a core contributor to SAFECode and a founding contributor to the IEEE Center for Security Design. He likes big threat models and long walks on the beach, preferably without walking, sand or sea water.

Social Links:

John Menerick
John Menerick works at a leading financial institution. John breaks software and infrastructures for fun, keep busy with research, mentor, and build massive planetary distributed self-healing clouds. John cherishes enterprise risk management, privacy, security leadership, application security, information security, penetration testing, privacy, anonymity, operational security, agile system administration, DevOps, and outdoor activities. John is inspired by those who blend academic and blackhat hacks. I'm disappointed by those who call a 20-year-old RFC over HTTP innovative.

Social Links:

Josh Grossman
Josh has worked as a consultant in IT/Application Security and Risk for 15 years now as well as a Software Developer. In that time he has seen the good, the bad and the stuff which is sadly/luckily still covered by an NDA. He is currently Chief Technology Officer for Bounce Security where he spends his time helping organisations improve and get better value from their Application Security processes and providing specialist Application Security advice. In his spare time he co-leads the OWASP Application Security Verification Standard project and is on the OWASP Israel chapter board.

Social Links:

Karl Ots
Karl Ots is a cybersecurity expert specializing in cloud application security. Karl is a frequent presenter at events such BSides, ISC2 Congress, InfoSec World and meetups around the world. Karl holds such acronyms as CISSP, MVP and RD. He is the author of Azure Security Handbook.

Social Links:

Martin Knobloch
Martin Knobloch, Global AppSec Strategist with Fortify, part of Open Text, is a long-time security leader with more than 25 years in the field of IT and 15 years of experience in cyber security. With a background in software development and architecture, his focus is on software security. Martin is actively involved in OWASP where he is a frequent contributor to various projects and initiatives. Martin is taking part in the organizating of local and global OWASP conferences and has served more than 5 years as a member of the Board of Directors, 2 of them as Chairman of the board. During his career, Martin has been a recognized teacher, guest lecturer at various universities and invited speaker and trainer at local and international software development, testing and security conferences throughout the world.

Social Links:

Meghan Jacquot
Meghan Jacquot is a Security Engineer with Inspectiv and a curious lifelong learner with a commitment to sharing what she has learned. She is passionate about helping others, speaking at conferences to increase cyber awareness, and is particularly interested in cloud security, threat intelligence, investigating vulnerabilities, and the ethical use of data. She is President of WiCyS Mid-Atlantic Affiliate, a DEF CON SOC Goon, Staff at The Diana Initiative, a Board Member for Whole Cyber Human Initiative, and a CFP Reviewer and CTF creator for SANS. To relax you also might see her visiting national parks, gardening, or hanging with her chinchilla. She’s happy to connect with others on LinkedIn, Twitter, and on her CarpeDiemT3ch YouTube channel.

Social Links:

Shlomo Heigh
Shlomo is a senior software engineer at CyberArk. He's a maintainer of the Conjur open source project, a DevSecOps secrets manager that aims to solve the problem of secret leakage in production applications and workloads running on-prem or in the cloud. He's also a member of the CNCF's TAG Security and a contributor to multiple OWASP projects, as well as the leader of the Cincinnati OWASP Chapter. In his spare time he hangs out with his wife and 4-year-old daughter, tinkers with 3D printing, and engages in gardening and woodworking projects.

Social Links:

Shruti Kulkarni
Shruti is a cyber security / enterprise security architect with experience in ISO27001, PCI-DSS, policies, standards, security tools, threat modeling, risk assessments. Shruti works on security strategies and collaborates with cross-functional groups to implement information security controls in software development life-cycle, service operations, service delivery such that security controls support business requirements

Social Links:

Sven Schleier
Sven is one of the core project leaders and authors of the OWASP Mobile Application Security Testing Guide (MASTG) and OWASP Mobile Application Security Verification Standard (MASVS) and has created the OWASP Mobile Hacking Playground. Sven is giving talks and workshops about Mobile Security worldwide to different audiences, ranging from developers to students and penetration testers.

Social Links: