Resource Center > Upcoming Events > Global Application Security Panel
CEO & Founder
We Hack Purple
Tanya Janca, also known as SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Application Security’. She is the Director of Developer Relations and Community at Bright Security, as well as the founder of We Hack Purple, an online learning academy, community and podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty five years, won countless awards, and has been everywhere from public service to tech giants, writing software, leading communities, founding companies and ‘securing all the things’. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks on 6 continents. She values diversity, inclusion, and kindness, which shines through in her countless initiatives.
Chris Romeo is a leading voice and thinker in application security, threat modeling, and security champions. He serves as CEO of Kerr Ventures, an early-stage cybersecurity investment and incubation firm. Chris hosts the award-winning “Application Security Podcast,” “The Security Table,” and “The Threat Modeling Podcast” and is a highly-rated industry speaker and trainer. Chris founded Security Journey, leading to an exit in 2022, and was the Chief Security Advocate at Cisco, spreading security knowledge through education and champion programs. Chris has twenty-five years of security experience, holding positions across the gamut, including application security, security engineering, incident response, and various Executive roles.
Application Security Team Lead
Žygimantas Kaupas is currently working as Application Security Team Lead at Nord Security, where he focuses on keeping multiple security-oriented software products as safe as possible. Before Nord Security, he worked as a Penetration tester, Malware analyst, and Blue team member in different industries. Žygimantas has an M.Sc. degree in Information and Information Technology Security from Kaunas University of Technology. He has done a number of technical Cyber Security training sessions and talks for various audiences. Currently, he focuses on Secure Software Development Life Cycle implementations and Vulnerability Management process improvements.
Zaid Bhat is Cyber Security Lead from Accenture with years of experience accumulated in AppSec, SOC, and Security Compliance. Skilled in implementing information infrastructure and balancing security initiatives to external risks and business operation, Zaid is also an expert in developing solutions protecting network systems and information systems, and has conducted numerous complex security risk assessments which included architecture reviews, code reviews, penetration testing and threat modeling.
Manager, Application Security
Igor Gvero arrives from R1 RCM with an extensive background in application security and secure development practices including SAST, DAST and SCA/OSS vulnerability assessments. He held various technical and management roles over the last 13 years including security engineering, sales engineering, solutions architecture, professional services, product ownership and technical enablement in companies such as Klocwork, Checkmarx, Veracode, EY, Wells Fargo and GitHub. Igor has experience implementing complementary Security as Code based libraries and leading security testing practices. He holds a Masters of Applied Computer Science degree and is located in the Southern California, married, with four children.
Head of AppSec Research
Vitaly has been doing cyber since before it was called Cyber, with 15 years of experience in AppSec. He leads security research at Bright Security, and is passionate about IT Security and other vegetables. He's consulted to companies and startups, managed Red Teams, established various security groups in global companies, and loves creating in every possible form.
|Testing variance||Using Legacy Dast||Using Dev-Centric Dast|
|% of orgs knowingly pushing vulnerable apps & APIs to prod||86%||50%|
|Time to remediate >Med vulns in prod||280 days||<150 days|
|% of > Med vulns detected in CI, or earlier||<5%||~55%|
|Dev time spent remediating vulns||-||Up to 60x faster|
|Happiness level of Engineering & AppSec teams||-||Significantly improved|
|Average cost of Data Breach (US)||$7.86M||$7.86M|