Software Lifecycle Security Experts from ArcelorMittal, OWASP, Express Certifications and MITRE Join (ISC)²®’s Application Security Advisory Board

Share Article

Global Advisory Board Helping (ISC)² Close the Skills Gap in the Secure Software Development Lifecycle

(ISC)²® (“ISC-squared”), the world’s largest information security professional body and administrators of the CISSP®, today announced five new additions to its Application Security Advisory Board (“ASAB”): Diana-Lynn Contesti, Edmund J. Jones, Robert A. Martin, Manoranjan Paul and Keith Turpin.

In 2010, (ISC)² formed the ASAB to create awareness about the problem of insecure software and to help (ISC)² develop tools to help organizations infuse security into the software development lifecycle. With these additions, the advisory board now consists of 19 senior-level software security professionals from the ranks of leading business, public, and non-government organizations around the world. ASAB members participate in and lead working groups, as well as speak, write and teach on issues related to secure software.

“We are honored these software security luminaries will join this distinguished group of experts on the ASAB,” said W. Hord Tipton, CISSP-ISSEP, CAP, CISA, executive director of (ISC)². “Software vulnerabilities continue to top the list of the most critical security threats year after year. We are confident that the collective expertise of the ASAB will continue to foster new ideas that address the skills gap that exists and help to improve the overall security of the software industry.”

The new advisory board members are:

  •     Diana-Lynn Contesti, CISSP-ISSAP, ISSMP, CSSLP, SSCP – Diana is information security officer for ArcelorMittal, a Canadian integrated steel manufacturer, where she has developed an information security model, developer’s guidelines, and various policies and procedures for the organization. Diana has played crucial roles on many (ISC)2 committees over the past twenty years, including: current Board of Directors chair and former Board treasurer; former co-chair and current member of the North American Advisory Board and has been recognized by (ISC)2 with a Significant Test Development Contributor Award and Unsung Heroine Award.
  •     Edmund J. (“E.J.”) Jones, CISSP, CSSLP, GIAC-Java, is information security officer at a Fortune 50 company. A technical fellow in information security, he is recognized industry-wide as an expert in software engineering. With over 20 years of experience in software development, he has developed large scale systems on many diverse platforms and languages. He has created application security teams and has hands-on experience in every phase of the software security lifecycle and has created comprehensive security programs for software development. E.J. has also been leading technical teams in evaluating cloud hosting and mobility security controls for applications. He teaches all aspects of software development and is a Certified Secure Software Lifecycle Professional (CSSLP®) instructor. He was one of the first developers in the U.S. to receive the GIAC Secure Software Programming certification in Java.
  •     Manoranjan (Mano) Paul, CISSP, CSSLP, MCAD, MCSD, CompTIA Network+, ECSA, AMBCI - Mano is a founder and president of Express Certifications, a professional training and certification company. In 2007, he and (ISC)² integrated his company's product, studISCope, as (ISC)2’s official self assessment offering for the Certified Information Systems Security Professional (CISSP®), Systems Security Certified Practitioner (SSCP®), Certified Authorization Professional (CAP®) and CSSLP certifications. He also founded and serves as the CEO of SecuRisk Solutions, a company that specializes in security product development, consulting, and information security education. Before Express Certifications and SecuRisk Solutions, Mano worked for Dell, Inc., where he played several roles such as software developer, tester, logistics manager, technical architect, IT strategist and security engineer/program manager/strategist. Mano has been instrumental in the development of the CSSLP certification from the very beginning and is the author of The Official (ISC)2 Guide to the CSSLP. He received the first (ISC)2 Americas Information Security Leadership Award in the Information Security Practitioner Category in September 2011.
  •     Keith Turpin, CISSP, CSSLP, CRISC, Keith is the application security assessments team leader at a Fortune 50 company and previously served as the lead IT security advisor for all international operations. Keith is the project leader for the Open Web Application Security Project (OWASP) Secure Coding Practices Quick Reference Guide and is a member of the OWASP Global Projects Committee. Keith has also served on the International Committee for Information Technology Standard's cyber security technical committee and as a U.S. delegate to the International Standards Organization's (ISO) sub-committee on cyber security. Earlier in his career, Keith spent four years as the director of communication for the Seattle chapter of the Information Systems Security Association (ISSA).
  •     Robert (Bob) A. Martin, CSSLP, Bob is a principal engineer at MITRE. For the past 20 years, Bob’s efforts have focused on the interplay of risk management, cyber security, and quality assessment. The majority of this time has been spent working on cyber security standards initiatives in addition to working to make software security a key component of basic software quality measurement and management. He is a member of the ACM, AFCEA, NDIA, and the IEEE.

The advisory board held its annual meeting on October 14-15, where they discussed the state of secure software and made recommendations on, among other topics, how to gain support for and overcome the problems caused by the proliferation of insecure software. The ASAB also sponsored an invitation-only Secure Software Forum, aimed at gathering information from stakeholders and influencers in the SDLC to understand what developers and their managers are doing on a daily basis with regard to security, what issues they are facing and prioritizing, especially those presented by mobility, and what tools they have in their toolbox to address them.

(ISC)² created the CSSLP to stem the proliferation of software vulnerabilities by establishing best practices and validating an individual’s competency in addressing security issues throughout the software lifecycle. The CSSLP recently reached an important milestone, with more than 1,000 CSSLPs in 44 countries now holding the certification.
About (ISC)2

© 2011, (ISC)² Inc. (ISC)², CISSP, ISSAP, ISSMP, ISSEP, and CSSLP, CAP, SSCP and CBK are registered marks of (ISC)², Inc.


Share article on social media or email:

View article via:

Pdf Print

Contact Author

Michelle Schafer
Email >
Visit website