This International Women’s Day, we want to draw your attention to a special cadre of women AppSec superstars.
Each of the women listed here plays an integral role in the development and progress of application security in their respective organizations. With a wide variety of backgrounds, specialties, and roles, these women are used to pushing boundaries to achieve more.
Check out these 16 inspiring women paving the way in AppSec, and follow them on Twitter to stay on top of their news and events.
Tanya is a powerhouse in the world of AppSec. Specializing in software and cloud security, she recently launched SheHacksPurple, an educational platform that provides subscription-based blog posts, research papers, checklists, and videos on AppSec, DevSecOps, and cloud security. In addition to running SheHacksPurple, Tanya works part-time as a faculty member for IANS. She is an advocate for diversity and inclusion, co-founding the international women’s organization WoSEC and personally mentoring numerous women in the field of AppSec.
Zoe Braiterman puts her combined expertise in business, technology, data science, and cybersecurity to work as a research associate for PurePoint International and a consultant for GYMedical Device Consulting, LLC. To best describe her approach to work, she calls herself “Innovation Intelligence Strategist (Machine and Human). On top of her current roles, Zoe serves as the New York City Chapter Leader and the Women in AppSec Committee Chair for the OWASP Foundation.
Caroline is a strategic leader, author, and public speaker on cybersecurity and delivering global programs. Prior to joining Cobalt.io, Caroline held leadership roles with eBay, Zynga, Symantec, and Cigital. She has been featured as an influencer in the Women in IT Security issue of SC Magazine, named as one of the Top 10 Women in Cloud by CloudNOW, and received a Women of Influence Award in the One to Watch category from the Executive Women's Forum. Caroline wrote the popular textbook Security Metrics, a Beginner’s Guide, and co-hosts the Humans of InfoSec podcast.
Vandana is an information security professional with more than 14 years of experience in AppSec, cloud security, vulnerability assessment, secure code review, threat profiling, and remediation support. In addition to her role at IBM, she works with multiple community organizations, including InfosecGirls, WoSec, and OWASP, where she serves on the global board of directors. Vandana speaks and trains at premier InfoSec conferences around the world, including BlackHat USA, DefCon, AppSec Europe/USA, and more. She is passionate about increasing women’s participation in the field of InfoSec.
Aa a security engineer for Lyft, Dhivya provides proactive security guidance to key product teams, develops security automation tools, and reviews the security of new technologies. Previously, she served as a security researcher at Adobe and a research assistant at Carnegie Mellon University. Her primary interests include AppSec, secure software development, network security, and IoT security.
Lakshmi serves as senior security partner to Netflix, where she reviews architectures and provides security guidelines to various product teams. Her prior roles include security researcher at Adobe and application security engineer at Zenefits. Lakshmi speaks about security topics such as authentication, as well as her open source projects at security conferences, such as BSides LV, RSA, AppSec USA, and AppSec Cali.
As the leader of Netflix’s application security team, Astha is responsible for securing all of the applications in the company’s cloud infrastructure. She is passionate about AppSec and is an advocate for proactive security, self-service, and stakeholder enablement. Prior to joining Netflix, Astha spent more than five years at Salesforce, where she served as senior manager of product security. She’s an active voice in the security community as a speaker, event organizer, and program reviewer.
With more than seven years of experience in cybersecurity and application security architecture, Adi is the VP of Cybersecurity for JPMorgan Chase. Previously, she held leadership roles with CyberInt, ironSource, EY, and the Israel Ministry of Defense. Adi lends her expertise in AppSec conferences around the world, such as Global AppSec, where she discussed the importance of QA to the security testing process and the SDLC in general.
Divya leads the application security team at Snapchat, which is responsible for building product security platform tools, monitoring/analysis in the SDLC, and red teaming. She leads the development of frameworks and tools to prevent vulnerabilities, assesses the security of products and educates developers. Before joining Snapchat, Divya worked as a security consultant and software engineer for iSEC Partners and Intuit. She also participates in AppSec conferences as a speaker, such as AppSec California and DefendCon.
Tash launched her tech career with Apple in 2008. Since then, she’s held a variety of information security roles within Capital One, Photobox, and now Moonpig. In her current role, she works on all things CloudSec and AppSec related, with a focus on threat modeling. She is a frequent speaker on blue teaming, threat modeling, and women in AppSec. Tash is on the board of the annual DevSecCon conference and is an active member of the AppSec community. She co-leads OWASP Women in AppSec London and is an OWASP project contributor.
Sasha has served as product manager for GitHub since January. Previously, she spent over four years at Microsoft, where she held roles as a cloud solution architect, Azure DevOps, and program management. Outside of her current role, she is a co-organizer of the DevOpsDays in Chicago and the DeliveryConf events. Sasha recently published a book called Serverless Computing in Azure With .NET: Build, Test, and Automate Deployment.
As a product security engineer for Slack, Kelly Ann works on vulnerability assessments of Slack web applications, mobile clients, internal services, and partner applications, and provides education for developers on security best practices. Before joining Slack she was a penetration tester and security consultant for NCC Group. Prior to that she worked in Intelligence and Investigations for nearly 15 years, working undercover and coordinating covert operations to enforce environmental and animal welfare legislation.
Colleen has 14 years of experience in security, 11 of which she spent in leadership roles. Prior to joining Segment in 2017, she led the security teams of Twilio. and CoreLogic. Colleen’s approach to security is a holistic one, where she focuses on coordinating diverse components, such as application security, security monitoring and response, vendor security, compliance, and more. Colleen shares her idea as a public speaker at conferences and on leadership panels.
Kelley is part of the account security team at Twilio, where she helps developers manage and secure customer identity in their software applications. She launched her career as a developer in 2013 for Versal, and later held roles with Runscope and Sharethrough. As a public speaker, Kelley focuses on making technical concepts, especially security, more accessible to new audiences.
With a background in network and infrastructure engineering, Sarah lends deep technical knowledge to her work at Microsoft. She specializes in the cloud, Kubernetes, and container security, and speaks about cloud-native security and other IT security topics at industry events around the world, such as BSides Las Vegas, The Diana Initiative, Kiwicon, Pycon AU, DevSecCon, and more. She is an active supporter of the local security community in Melbourne, Australia, and is a co-organizer of the city’s All Sec meetup.
Nicole has more than 10 years of experience in the cybersecurity space, working primarily in offensive security capacities. Her work centers on penetration testing, leading red teams, forensics, and incident responders. She’s also worked on the cyber/regulatory policy for the New York State Department of Financial Services, where she helped draft the first in-nation regulatory framework for assessing the cybersecurity of large financial institutions and draft the first-in-nation regulatory and licensing framework for bitcoin and virtual currency companies. Additionally, she serves as an adjunct instructor at New York University where she teaches offensive and defensive computer security, network security, web app security, and computer forensics. Nicole provides talks and training at national conferences.