Jeff Williams, Co-Founder, Chief Technology Officer
Jeff brings more than 20 years of security leadership experience as co-founder and Chief Technology Officer of Contrast Security. He recently authored the DZone DevSecOps, IAST, and RASP refcards and speaks frequently at conferences including JavaOne (Java Rockstar), BlackHat, QCon, RSA, OWASP, Velocity, and PivotalOne. Jeff is also a founder and major contributor to OWASP, where he served as Global Chairman for 9 years, and created the OWASP Top 10, OWASP Enterprise Security API, OWASP Application Security Verification Standard, XSS Prevention Cheat Sheet, and many more popular open source projects. Jeff has a BA from Virginia, an MA from George Mason, and a JD from Georgetown.
Subscribe Now- Thought Leaders
- Application Security
- Contrast News
- DevOps
- AppSec
- vulnerabilities
- Hacked
- Threat
- Runtime Security
- DevSecOps
- API security
- Product
- cyberattacks
- Contrast Protect
- RASP
- ADR
- Contrast Assess
- AI
- CodeSec
- Security
- APIs
- MFA
- Metrics
- cybersecurity
- cybersecurity awareness month
- CVE
- OSS
- 2FA
- CISA
- IAST
- incident response
- SCA
- data breach
- passwords
- runtime protection
- application attacks
- ransomware
- regulation
- AWS
- CISOs
- Contrast Scan
- JavaScript
- Log4j
- MTTR
- SAST
- backlog
- threat detection
- threat modeling
- CISO
- GitHub
- OpenSource
- SOC
- Security Observability
- Vulnerability Management:
- WAF
- attack
- breach
- critical infrastructure
- cyberespionage
- observability
- path traversal
- scan
- software development
- transparency
- .Net
- AST
- Awards
- ChatGPT
- Community Edition
- Contrast SCA
- DBIR
- DHS
- Gen AI
- KVE
- Log4Shell
- NIST CVE Backlog
- OpenAI
- RSA
- React
- SIEM
- SQL injection
- XSS
- application layer
- artificial intelligence
- awareness
- chat apps
- cybercrime
- data privacy week
- detection
- financial sector
- jQuery
- malware
- okta
- python
- remediation
- secure by design
- security culture
- security monitoring
- shift smart
- supply chain
- vulnerability disclosure
- workplace
- zero-day
- .Net
- AI Act
- Angular
- Article 25
- Attack Detection and Response (ADR)
- Below the Waterline
- CISA Vulnrichment
- CISO Insights
- CSRF
- CVE Enrichment
- CVE-2021-44228
- CVSS Scores
- Chris Hughes
- Cloud Native Security
- Console
- Cyber Bank Heists
- Cybersecurity Collaboration
- Cybersecurity Funding
- DAST
- DORA
- Dependabot
- Developers
- Digital Operational Resilience Act
- Drupal
- EDR
- EL injection
- European Union
- Gartner Peer Insights
- Genie
- Git
- GitHub Action
- GitLab
- Go
- Incident Response challenges with CVE backlog
- IoT
- Known Exploited Vulnerabilities
- LLMs
- Log4Shell attacks
- Log4Shell exploit
- Log4Shell vulnerability
- Log4j remediation
- Log4j vulnerability
- MLflow
- MOVEit
- Managed Security Services
- Microsoft
- Namasday
- Netflix
- Node.js
- OpenSourceSoftware
- PATs
- Protect data
- RCA
- RCE
- Regulation (EU) 2022/2554
- Ruby
- Runtime Application Security
- SEC
- SOAR
- SOC (Security Operations Center)
- SecOps
- Secure from within
- Security Vulnerability Management
- Splunk
- Threat Detection and Response
- Threat Intelligence
- TypeScript
- Zero-Day Exploits
- agents
- attack data
- authentication security
- automatic updates
- benefits
- best practices
- brute force attack
- burnout
- certificates
- compliance
- corporate culture
- crime
- data privacy
- deep fakes
- digital resilience
- directory traversal
- dwell time
- false positive
- financial
- financial institutions
- github application security
- github secure code
- github security scanning
- hackers
- happiness
- hiring
- insecure deserialization
- insider threat
- instrumentation
- java
- labor shortage
- languages
- legislation
- liability
- machine learning
- malicious actors
- method tampering
- nation states
- open-source software
- organized crime
- passkeys
- password managers
- pen test
- pen testing
- penetration testing
- perks
- personal access tokens
- phishing
- policies
- proactive security
- quantum encryption
- regulatory
- resilience
- retention
- risk management
- risk ranking
- root account
- sbom
- scams
- security blueprint
- security debt
- security posture
- social engineering
- telemetry
- tracking
- training
- unsafe deserialization
- verizon
- video
- voice cloning
- voice of the customer
- vue.js
- vulnerability
- vulnerability scanning
- work-life balance
- zero days
Loving our content? Subscribe now!
Get the latest application security news, trends, tips and insights content from Contrast directly to your inbox. By subscribing, you will stay up to date with all the latest and greatest from Contrast Security.