Dennis Groves

Dennis Groves

Phoenix, Arizona Area
Information Technology and Services

As a LinkedIn member, you'll join 300 million other professionals who are sharing connections, ideas, and opportunities.

  • See who you and Dennis Groves know in common
  • Get introduced to Dennis Groves
  • Contact Dennis Groves directly

View Dennis's full profile

Dennis Groves's Overview


452 connections


Dennis Groves' Summary

Dennis Groves's work focuses on a multidisciplinary approach to risk management. He is particularly interested in risk, randomness, and uncertainty. He holds an MSc in Information Security from the University of Royal Holloway where his thesis received a distinction.

Dennis Groves has been an Security Architect, Ethical Hacker, Web Application Security Consultant, IT Security Consultant, System Administrator, Network Administrator, and a Software Engineer. He has taught various courses on information security and is best known for his ability to bring fresh insight to difficult security problems.

Specialties: Risk Management, Threat Modeling, Security Architecture, Application Security, and "the big picture".

Dennis Groves' Experience

Application Security Architect


Public Company; 1001-5000 employees; Computer Software industry

February 2012July 2012 (6 months) Richmond, UK

Information Security Consultant

Computer Network Defence Ltd

Privately Held; 11-50 employees; Computer & Network Security industry

December 2009October 2011 (1 year 11 months)



Public Company; 10,001+ employees; MSFT; Computer Software industry

January 2008September 2009 (1 year 9 months)

Security and Privacy Consultant at IBM Security and Privacy Services


Public Company; 10,001+ employees; IBM; Information Technology and Services industry

January 2006February 2008 (2 years 2 months)

Created the Installation documentation and Analytics Tuning Guide for new Smart Surveillance Solution. Additionally, developed Fiber Optic Cabling Services & Rewrote Fiber Transport System educational materials for IBM educational services.

PCI re-mediation for Safeway included mitigating the risk for the 111 of 112 failed callouts. I Created "the firewall best practices" document. I analyzed the callouts. Designed mitigation strategies for the callouts and suggested solutions.

Design and implement a Federated Identity Management solution for 34 Wachovia Web Applications. The design included capability of providing authentication and coarse grained authorization and providing a single SAML token design to the applications. The project included the development of macro and micro design for these services.

Director of Information Security


Educational Institution; 51-200 employees; Higher Education industry

September 2005January 2006 (5 months)

Responsible for developing and maintaining security policies, procedures and practices for the university. This included Federal, State and Internal Also designed a openly secure environment via a defense in depth methodology involving modification to the network architecture and instituting a system and network monitoring framework, patch management and intrusion detection systems (IDS) systems. I rebuilt the domain name servers (DNS) systems so that they would have fail over in the event of emergency. Performed product analysis, made product recommendation for spam management. I Purchased and deployed that spam management solution. Built a captive wireless portal for the open student network. I was the unofficial system administrator for the UNIX boxes in the university. Additionally, I designed and instructed a one hour class on choosing secure passwords.

Senior Information Security Engineer

WhiteHat Security

Privately Held; 201-500 employees; Computer Software industry

October 2001December 2004 (3 years 3 months)

Performed web application security audits using second generation of web application security scanner, for a all of company security clients both on-site and remotely. Performed gap analysis between scanner results and actual findings to eliminate false positives. Overall involvement included performing tests on over one thousand Web Applications. These tests included SQL injection, cross-site scripting, user input manipulation, forced browsing, directory traversal and several other types of tests. Developed and presented security reports for the customer audits. Findings were used to improve scanner technology. Develop training materials for company security products and present to their clients and partners. Evaluated technical features and usability of WhiteHat Security products in beta stage of development. Provided technical and business recommendations to improve WhiteHat Security products and services as they are introduced to the market.



September 2001September 2003 (2 years 1 month) Scottsdale, Arizona

Very active “part-time” participation as the Co-Chair/Co-Founder of OWASP.

Develop and present web application security methodologies and thought leadership. Leading the development of a Web Application Security Testing frameworks that instructs the IT security and development community in methods and issues related to web applications security.

My most famous contribution to OWASP was the ‘OWASP Guide’ downloaded over 2 million times; now a reference document in the PCI DSS standard, and the de-facto standard for securing web

I started the first OWASP chapters back in 2001, and subsequently have been involved with 5 others. Additionally, I have given talks about application security around the globe.

Security Support Specialist


Privately Held; 51-200 employees; Computer Software industry

20002001 (1 year)

Security Architect

Platinum Technology

Public Company; 1001-5000 employees; PLAT; Computer Software industry

October 1998December 1999 (1 year 3 months)

Support both the company sales organization in a pre-sales nature and the customer base in a post sales capacity. Consult and train employees and customers on the following security products: Computer Associates (CA) Unicenter The Next Generation (TNG) Network Security Option (NSO) & Unicenter TNG Single Sign On (SSO), ESA, Platinum Technologies Single Sign On (SSO), Platinum Technologies Auto Secure (ACX), Platinum Technologies Policy Compliance Manager (PCM), and Memco's SessionWall3. Continue to study the evolving field of security, and stay current in my knowledge by following several different news groups and mailing lists online and relay information to those whom it affects. Trained in public speaking at Toastmasters. Clients include Disney, Firestone, Catholic Health Care, General Telephone & Electric, Motorola, Intel and Airtouch Cellular.

Network Security Administrator

Pacific Coast Feather Company

Privately Held; 1001-5000 employees; Consumer Goods industry

January 1997June 1998 (1 year 6 months)

Support the growth of multi-site Unix systems. Systems include: 19 Sun UltraSparc, Sparc, and Compaq servers running Solaris and SCO Unix; Ethernet, ISDN, and frame relay networks; including Cisco, Bay Networks, and Ascend routers, switches and hubs; with Shiva and Computones for remote access dial ups connecting 200 Macintosh workstations at 12 sites located throughout the United States and Canada; Internet and web site interfaces including company firewalls and planning, migration and deployment of company wide email clients and servers; Oracle database; electronic commerce and Electronic Data Interchange (EDI); and SAP R/3 business applications. Design, developed and deployed network security infrastructure. Heavily involved with debugging Perl scripts for affiliate linking program, currently the highest paying Affiliate Marketing Program on the Internet.

Sr. Consultant II

Claremont Technology Group

Privately Held; 11-50 employees; Staffing and Recruiting industry

April 1995November 1995 (8 months)

Provided in-home technical assistance for installation (distributed and stand alone) of Netscape products. Review technical documentation; developed for certification training courses of Netscape products. Wrote programs to automate installation of Netscape products using Expect, Perl, and Shell. Architecture is LAN of Sun-Sparc five's running Sun-OS and Solaris. Designed, created and implemented Claremont's webpage. Clients include Netscape and Silicon Graphics.

Dennis Groves' Skills & Expertise

  1. Application Security
  2. Risk Management
  3. Information Security Management
  4. Security
  5. ISO 27001
  6. OWASP
  7. Threat Modeling
  8. Security Development Lifecycle
  9. NIST 800-53
  10. Secure SDLC
  11. Web Application Security Assessment
  12. Application Security Architecture
  13. Application Security Assessments
  14. IT Security Assessments
  15. IT Security Best Practices
  16. Information Security Standards
  17. ISO 27005
  18. ISO 17799
  19. BS7799
  20. Information Risk
  21. Threat & Vulnerability Management
  22. NSA-IAM
  23. Information Security Awareness
  24. Security Training
  25. Network Security
  26. Computer Security
  27. Security Architecture Design
  28. PCI DSS
  29. Information Security

View All (29) Skills View Fewer Skills

Dennis Groves' Education

Royal Holloway, University of London

MSc, Information Security


Dennis Groves' Additional Information


View Dennis Groves’ full profile to...

  • See who you and Dennis Groves know in common
  • Get introduced to Dennis Groves
  • Contact Dennis Groves directly

View Dennis's full profile

Not the Dennis Groves you were looking for? View more »

Viewers of this profile also viewed...