Steve educates teams on the strategy and specifics of developing secure software.

He practices security at every stage of the development lifecycle by leading sessions on threat modeling, secure architecture and design, static/dynamic/component analysis, offensive research, and defensive programming techniques.

Steve's passionate about helping organizations identify and reduce risk from the software supply chain. He is an open source advocate and leads the OWASP Dependency-Track project, OWASP Software Component Verification Standard (SCVS), and Chairs the OWASP CycloneDX Core Working Group and Ecma International TC54.

Steve serves on the Board of Directors of the OWASP Foundation where he helps drive the continued growth of the foundation and the pursuit of its mission to make secure software a reality through open collaboration, education, and innovation.