- Phoenix, Arizona Area
- Information Technology and Services
Dennis Groves's Overview
- Application Security Architect at ServiceNow
- Information Security Consultant at Computer Network Defence Ltd
- Architect at Microsoft
- Security and Privacy Consultant at IBM Security and Privacy Services at IBM
- Director of Information Security at UAT
- Senior Information Security Engineer at WhiteHat Security
- Co-Founder at OWASP
- Security Support Specialist at Sanctum
- Security Architect at Platinum Technology
- Network Security Administrator at Pacific Coast Feather Company
- Sr. Consultant II at Claremont Technology Group
Dennis Groves' Summary
Dennis Groves's work focuses on a multidisciplinary approach to risk management. He is particularly interested in risk, randomness, and uncertainty. He holds an MSc in Information Security from the University of Royal Holloway where his thesis received a distinction.
Dennis Groves has been an Security Architect, Ethical Hacker, Web Application Security Consultant, IT Security Consultant, System Administrator, Network Administrator, and a Software Engineer. He has taught various courses on information security and is best known for his ability to bring fresh insight to difficult security problems.
Specialties: Risk Management, Threat Modeling, Security Architecture, Application Security, and "the big picture".
Dennis Groves' Experience
Application Security Architect
Public Company; 1001-5000 employees; Computer Software industry
February 2012 – July 2012 (6 months) Richmond, UK
Information Security Consultant
Privately Held; 11-50 employees; Computer & Network Security industry
December 2009 – October 2011 (1 year 11 months)
Public Company; 10,001+ employees; MSFT; Computer Software industry
January 2008 – September 2009 (1 year 9 months)
Security and Privacy Consultant at IBM Security and Privacy Services
Public Company; 10,001+ employees; IBM; Information Technology and Services industry
January 2006 – February 2008 (2 years 2 months)
Created the Installation documentation and Analytics Tuning Guide for new Smart Surveillance Solution. Additionally, developed Fiber Optic Cabling Services & Rewrote Fiber Transport System educational materials for IBM educational services.
PCI re-mediation for Safeway included mitigating the risk for the 111 of 112 failed callouts. I Created "the firewall best practices" document. I analyzed the callouts. Designed mitigation strategies for the callouts and suggested solutions.
Design and implement a Federated Identity Management solution for 34 Wachovia Web Applications. The design included capability of providing authentication and coarse grained authorization and providing a single SAML token design to the applications. The project included the development of macro and micro design for these services.
Director of Information Security
Educational Institution; 51-200 employees; Higher Education industry
September 2005 – January 2006 (5 months)
Responsible for developing and maintaining security policies, procedures and practices for the university. This included Federal, State and Internal Also designed a openly secure environment via a defense in depth methodology involving modification to the network architecture and instituting a system and network monitoring framework, patch management and intrusion detection systems (IDS) systems. I rebuilt the domain name servers (DNS) systems so that they would have fail over in the event of emergency. Performed product analysis, made product recommendation for spam management. I Purchased and deployed that spam management solution. Built a captive wireless portal for the open student network. I was the unofficial system administrator for the UNIX boxes in the university. Additionally, I designed and instructed a one hour class on choosing secure passwords.
Senior Information Security Engineer
Privately Held; 201-500 employees; Computer Software industry
October 2001 – December 2004 (3 years 3 months)
Performed web application security audits using second generation of web application security scanner, for a all of company security clients both on-site and remotely. Performed gap analysis between scanner results and actual findings to eliminate false positives. Overall involvement included performing tests on over one thousand Web Applications. These tests included SQL injection, cross-site scripting, user input manipulation, forced browsing, directory traversal and several other types of tests. Developed and presented security reports for the customer audits. Findings were used to improve scanner technology. Develop training materials for company security products and present to their clients and partners. Evaluated technical features and usability of WhiteHat Security products in beta stage of development. Provided technical and business recommendations to improve WhiteHat Security products and services as they are introduced to the market.
September 2001 – September 2003 (2 years 1 month) Scottsdale, Arizona
Very active “part-time” participation as the Co-Chair/Co-Founder of OWASP.
Develop and present web application security methodologies and thought leadership. Leading the development of a Web Application Security Testing frameworks that instructs the IT security and development community in methods and issues related to web applications security.
My most famous contribution to OWASP was the ‘OWASP Guide’ downloaded over 2 million times; now a reference document in the PCI DSS standard, and the de-facto standard for securing web
I started the first OWASP chapters back in 2001, and subsequently have been involved with 5 others. Additionally, I have given talks about application security around the globe.
Security Support Specialist
Privately Held; 51-200 employees; Computer Software industry
2000 – 2001 (1 year)
Public Company; 1001-5000 employees; PLAT; Computer Software industry
October 1998 – December 1999 (1 year 3 months)
Support both the company sales organization in a pre-sales nature and the customer base in a post sales capacity. Consult and train employees and customers on the following security products: Computer Associates (CA) Unicenter The Next Generation (TNG) Network Security Option (NSO) & Unicenter TNG Single Sign On (SSO), ESA, Platinum Technologies Single Sign On (SSO), Platinum Technologies Auto Secure (ACX), Platinum Technologies Policy Compliance Manager (PCM), and Memco's SessionWall3. Continue to study the evolving field of security, and stay current in my knowledge by following several different news groups and mailing lists online and relay information to those whom it affects. Trained in public speaking at Toastmasters. Clients include Disney, Firestone, Catholic Health Care, General Telephone & Electric, Motorola, Intel and Airtouch Cellular.
Network Security Administrator
Privately Held; 1001-5000 employees; Consumer Goods industry
January 1997 – June 1998 (1 year 6 months)
Support the growth of multi-site Unix systems. Systems include: 19 Sun UltraSparc, Sparc, and Compaq servers running Solaris and SCO Unix; Ethernet, ISDN, and frame relay networks; including Cisco, Bay Networks, and Ascend routers, switches and hubs; with Shiva and Computones for remote access dial ups connecting 200 Macintosh workstations at 12 sites located throughout the United States and Canada; Internet and web site interfaces including company firewalls and planning, migration and deployment of company wide email clients and servers; Oracle database; electronic commerce and Electronic Data Interchange (EDI); and SAP R/3 business applications. Design, developed and deployed network security infrastructure. Heavily involved with debugging Perl scripts for company.com affiliate linking program, currently the highest paying Affiliate Marketing Program on the Internet.
Sr. Consultant II
Privately Held; 11-50 employees; Staffing and Recruiting industry
April 1995 – November 1995 (8 months)
Provided in-home technical assistance for installation (distributed and stand alone) of Netscape products. Review technical documentation; developed for certification training courses of Netscape products. Wrote programs to automate installation of Netscape products using Expect, Perl, and Shell. Architecture is LAN of Sun-Sparc five's running Sun-OS and Solaris. Designed, created and implemented Claremont's webpage. Clients include Netscape and Silicon Graphics.
Dennis Groves' Skills & Expertise
- Application Security
- Risk Management
- Information Security Management
- ISO 27001
- Threat Modeling
- Security Development Lifecycle
- NIST 800-53
- Secure SDLC
- Web Application Security Assessment
- Application Security Architecture
- Application Security Assessments
- IT Security Assessments
- IT Security Best Practices
- Information Security Standards
- ISO 27005
- ISO 17799
- Information Risk
- Threat & Vulnerability Management
- Information Security Awareness
- Security Training
- Network Security
- Computer Security
- Security Architecture Design
- PCI DSS
- Information Security
Dennis Groves' Education
Dennis Groves' Additional Information