Arian Evans

Current

• Director of Operations at WhiteHat Security

Past

• Application Security Practice Lead at FishNet Security
• CSO (operating) & Senior Security Engineer at US Central
• Security &Thin Client Engineer at Computer Source, Inc.

see less...

Recommended

1 person has recommended Arian

Connections

400 connections

Industry

Computer & Network Security

Websites

• My Blog

Arian Evans’s Summary

=======================================
Service Delivery Executive with:
=======================================

--Operational measurement, cost, and performance analysis of quantitative, qualitative, and non-parametric data.

--Experience leading successful managed service teams since 1997.

--Proven ability to hire, select, and build high-performance teams.

--Ability to leverage and enable cross-disciplinary & cross-functional teams.

--Accurate vision of security & software development industry evolution & trends.


=======================================
Information Security Professional with:
=======================================

--Specialized focus on Application, Code, Software Security

--Strong CISSP-type knowledge and skills in network security and security policies; for example worked on NCUA Part 748 (Credit Union GLBA-specific guidelines).

--Bootstrapped the application security practice at FishNet Security including:
----testing methodology app sec, web apps, databases
----consulting practices & deliverable standards
----training courses
----marketing and sales collatoral for app sec

--Internationally published & recognized for research in the field of software security

-Presented at International conferences including OWASP London & DC, BlackHat Amsterdam & Vegas, and NIST

-Breadth and depth of experience with analysis and tools:

----Threat Modeling software security issues & implications
----Architectural Analysis of networks and applications
----Software fault-injection testing tools (many)
----Software manual fault-injection and analysis
----Firewalls (Checkpoint, Pix, WG, Netscreen, etc.)
----IDS (ISS, Snort/Sourcefire, NFR, Dragon, many others)
----IPS (Tipping Point, Intrushield, Forescout, others)
----NBADs (Lancope Stealthwatch, Securify, Mazu, Arbor)

-Initial Project Leader of OWASP Testing Taxonomy & Testing Tools projects (http://www.owasp.org)

Arian Evans’s Specialties:

software security, application architecture, software design analysis, threat modeling, software security assurance, OWASP Testing & Tools Taxonomy--Project Leader and KC Chapter Head, SANS Top 20 author, charter member Center for Internet Security.

Arian Evans’s Experience

• Director of Operations

  WhiteHat Security

  (Privately Held; 11-50 employees; Computer & Network Security industry)

  November 2006 — Present (3 years 1 month)

  Director of Operations
  Business Owner of the Sentinel Platform Console

• Application Security Practice Lead

  FishNet Security

  (Privately Held; Computer & Network Security industry)

  2003 — November 2006 (3 years )

  Took initiative creating and driving a specialized practice focused on application security within FishNet Security including:
  --Creating an application security practice from scratch
  --application testing methodology
  --consulting practices guidelines, strategies, quality
  --training courses
  --marketing and sales collatoral
  --client end-deliverables/documentation
  --leading key client meetings; pre-sales, project, and post-project wrapup meetings
  --building and maintaining relationships with new and key clients around the globe
  
  Role varied over the years from practice leadership functions (write methodology, create reporting standards, knowledge transfer for new folks), to team leadership and management functions, to focus on individual billable projects. Your standard consulting fare.

• CSO (operating) & Senior Security Engineer

  US Central

  (Non-Profit; Financial Services industry)

  2000 — 2003 (3 years )

  CSO (Information Protection Officer):
  
  Filled the role of CSO (called IPO) after the IPO left. Wrote policy and procedure and dealt with operational challenges common to information security ranging from intrusion detection to incident response to event management. Operated providing CSO level policy and strategic capacity for two years in addition to fulfilling technical responsibilities.
  
  Senior Security Engineer:
  
  Responsible for all things security-technical including design, deployment, and operational security centered around the wealth of security-challenged applications USC owned at this time, many of which were unfortunately web-enabled and exposed to the Internet. Also addressed architectural constraints for dealing with fundamentally flawed COTS software purchased and deployed on aggressive timelines.

• Security &Thin Client Engineer

  Computer Source, Inc.

  (Computer & Network Security industry)

  1998 — 1999 (1 year )

Additional Information

Arian Evans’s Websites:

• My Blog

Arian Evans’s Groups:

ex-stake peoples, jeremiah grossman, HOBY

•    CSORoundtable
•    RSA Conference
•    Open Web Application Security Project (OWASP)
•    Black Hat
•    Information Security Community
•    Salesforce.com Professional Network
•    SecPoint
•    DEFCON
•    Redteam: Association of Penetration Testers
•    Cellular Authentication Token (CAT)
•    The Web Application Security Consortium
•    WebAppSec Roadmap

Arian Evans’s Contact Settings

Interested In:

• career opportunities
• consulting offers
• new ventures
• job inquiries
• expertise requests
• business deals
• reference requests
• getting back in touch