Then in a bold move, Roger Thorton (CTO of Fortify) and director Fredric Golding (with the 3 other panelists), opened things up to the audience to comment and ask questions. Right when they did that I was thinking to myself, OMG, these guys are crazy asking an infosec what they thought! To their credit they were very patient and professional in dealing with the many inane “constructive” criticisms voiced.
The stand out of the panelists was Grant Bourzikas, CISO of Scottrade, who was able to answer pointed question masterfully from “business” interest perspective. Clearly he has been around the block once or twice when it comes to web application security in the real world.
I was thrilled that Jeremiah pointed Grant out. See, G. was one of my biggest enterprise customers at Crossbeam and I can tell you that he and the rest of the Scottrade security team know their stuff. They have an incredible service architecture with one of the most robust security strategies you've seen in a business that lives and dies by the uptime SLAs they keep; availability is a function of security and Grant and his team do a phenomenal job maintaining both.
I can personally attest to the fact that he's been around the block more than a couple of times ;) It's very, very cool to see someone like Jeremiah recognize someone like Grant -- since I know both of them it's a double-whammy for me because of how much respect I have for each of them.
Wow. This got a little mushy, huh? I guess I just miss him and his bobble-head doll (inside joke, sorry Evan.)
My only question is how did Grant manage to escape St. Louis?