Promote this Nomination

Additional Info

Job title of nominated professional (or team name)CTO
Company (where nominated professional or team is working)ERPScan
Company size (employees)50

In 3 bullets, summarize why this professional or team deserves recognition:

- Published the world first SAP Cybersecurity training and educated 1000+ students online ( and offline including Fortune 2000 Employees.
- Published the series of educational articles “SAP Security for Beginners”, “Oil and Gas Cybersecurity 101” on InfosecInstitute. Has a column about the latest threats on ERP Security for C-level managers at, authored numerous blog posts and research papers.
- Presented 80+ SAP security talks all over the world in 28 countries (USA, China, Hungary, Cyprus, etc.)

Brief Overview

Alexander is the founder of ERPScan and president of the EAS-SEC project. He is recognized as an R&D professional and entrepreneur of the year. His expertise covers the security of enterprise business-critical software like ERP, CRM, SRM and industry specific solutions for Oil and Gas, Manufacturing, Retail and Banking developed by enterprise software companies such as SAP and Oracle. Alexander has also published books about SAP and Oracle Database security and numerous white papers.

– R&D Professional of the Year at Hot Companies and Best Products Awards
– Entrepreneur or Founder Of The Year (Bronze Winner) at 5th Annual 2013 Golden Bridge Business and Innovation Awards
– Gold Winner for whitepaper “SAP Security In Figures 2007-2011”
– Nominated for the best server-side vulnerability in BlackHat 2013
– His company, ERPScan, got 35+ Cybersecurity awards including Rookie Company of the year, CRN Emerging Vendor, and Red Herring Global awards.


– President of the non-profit EAS-SEC project, which is focused on enterprise application security research and awareness. EAS-SEC project published 3 exhaustive annual award-winning papers about SAP Security

– Helped software vendors (i.e. SAP, Oracle, Microsoft, IBM, VMware, HP) to close more than 200 vulnerabilities

– Speaker, presenter, and trainer at 80+ cybersecurity conferences in 28+ countries all over the world (e.g. BlackHat, RSA, HITB etc.)

– His research findings were featured in The Guardian, VICE, Business Insider, Reuters, The Register, PC World, etc.


• 2009 World first public presentation about SAP Frontend security
• 2010 World first public presentation including attacks on Oracle JDE
• 2011 World first public presentation about SAP J2EE security
• 2012 World first public presentation about Oracle PeopleSoft attacks
• 2013 Invention of a new type of attacks, SSRF
• 2014 World first training about Business Application Security at BlackHat
• 2015 Innovative presentation about Oil and Gas Cybersecurity