Brian Bertacini founded AppSec Consulting in 2005, since then the company has become a leading provider of IT security testing services, PCI assessment and validation, training and security technology integration for businesses of all sizes including starts-up and large global enterprise clients. Brian is a member of ISSA, ISACA, and OWASP. He has more than 20 years' experience in software development, systems engineering and information security, fulfilling various roles at IBM, Varian and Fujitsu. Brian is the founding member of the Silicon Valley OWASP chapter and he oversees the management of AppSec Consulting to ensure the company's valued clients receive the highest quality of service.
Brian Shura is the Vice President of AppSec Consulting. Brian's team of security professionals performs application and network penetration tests, mobile application security assessments, source code reviews, and a variety of other interesting security projects. Brian often teaches application security classes and has created world-class security training for developers, QA analysts, and information security analysts. Prior to his role in application security, Brian spent five years working as a developer on large Internet-facing websites. Brian is also the Project Leader for the Web Application Security Consortium's "Web Application Security Scanner Evaluation Criteria" project.
Tony Fulda has over twelve years information technology, information system security and technology training experience, performing technical and enterprise risk assessments and consulting for clients in the higher education, hospitality, healthcare, service provider, and retail industries. As AppSec Consulting’s Director of Strategic Advisory Services, Tony is responsible for driving the strategic direction of the assessment team and ensuring that AppSec Consulting’s clients receive exceptional service and maximum return on investment.
Tony has assisted hundreds of clients achieve their security and compliance goals through scope reduction, process improvement, and strategic technology integration. He has led or participated in a multitude of remediation projects and has performed US-based and International Level 1 Report on Compliance audits for some of the largest organizations in the world. Tony has a deep understanding of information security governance and compliance issues and excels at communicating this knowledge to all levels of an organization.
Ryan Hogan is the Director of AppSec Consulting’s Strategic Advisory Services team. Ryan is an ISO27001 Lead Implementer and risk management professional with more than 16 years of industry experience. Ryan has served in key information security roles at large enterprises within the finance, technology, manufacturing, and pharmaceutical markets. He has worked on all sides of the security equation. Ryan has worked as an auditor reviewing security controls for SOC reports, and as security manager at a service provider that is having its security controls audited, as well as a security manager at customers reviewing the results of a service provider’s security audit. He uses this perspective and experience to provide a balanced view and a risk based approach to information security that meets business objectives. In addition, his experience and expertise includes performing Enterprise IT Risk Assessments, preparing for ISO27K Implementation, Vulnerability Management, and Security Strategic Planning.
Ryan has a strong track record of interpreting and applying a variety of information security-related frameworks and standards to meet an organization’s business objective. His common sense approach, communication skills, and initiative elevate him amongst his peers in the industry.
Travis Lee is the Director of Penetration Testing at AppSec Consulting with over 11 years of experience in Information Security, Network and System Administration, and System Architecture. He has expertise in many areas including network and web application penetration testing, mobile and client application penetration testing, security management and operations, vulnerability research, cyber-physical systems, and conducting technical training. He has discovered and responsibly disclosed numerous vulnerabilities in commercial software, web applications, and cyber-physical control systems.
Travis is a Computer Science graduate of the University of Hawaii at Manoa and holds numerous professional certifications including the prestigious GSE, OSCE, OSCP, GXPN, GREM, GPEN, GCIA, GCIH, GCFA, GSNA, GSEC, CISSP, and MCSA. Additionally, he has achieved the distinctive title of SANS Cyber Guardian (Red Team). Travis is also a Cyber Warfare Officer for the Air National Guard and part of a leading, nationally recognized Cyber Operations unit that conducts worldwide, full spectrum network security operations to improve the DoD Global Information Grid and the Air Force's network security posture. Prior to joining AppSec, Travis worked in consulting, the utilities industry, and higher education.