Additional Info

Job title of nominated professional (or team name)Frank Catucci, Chief Technology Officer and Head of Security Research, Invicti
Company (where nominated professional or team is working)Invicti
Company size (employees)100 to 499
CountryUnited States
Headquarters RegionNorth America


Frank Catucci is a highly respected technical leader who specializes in designing scalable application security-specific architectures, with a reputation for collaborative cross-functional partnerships involving engineering and product teams. Frank serves as Chief Technology Officer and Head of Security Research and leverages more than 20 years of experience in global application security to drastically scale and advance Invicti’s AppSec effectiveness for its 4,000+ customers. Frank is helping transform the broader AppSec and DevSecOps fields with groundbreaking security research, advanced techniques, and a completeness of vision that makes him a pioneering leader in his industry.

Frank previously served as an analyst on Gartner’s Technical Professionals Security and Risk Management Strategies team. While at Gartner, he covered Software/Application Security Practices, DevSecOps, Mobile Application Security, API security, SCA, SAST, DAST, IAST, RASP, and WAF. He also oversaw the Application & Product Security division at Data Robot and served as Director of Application Security for Qualys. Frank and his wife maintain a family farm. He is an avid outdoors fan and loves all types of fishing, boating, watersports, hiking, camping, and especially dirt bikes and motorcycles.



-Frank is considered a trusted thought leader by his Invicti colleagues, and he is a global speaker and evangelist for the InfoSec and AppSec industries. As a well-regarded security professional, he wears many hats – from consultant and pentester to advisor and subject matter expert. He is a master at security research and penetration testing, often sharing his insights and findings at high-profile information security conferences and events worldwide.

-Frank dedicates significant time to public-interest cybersecurity research and bug bounty initiatives. He has served as a Chapter President for the Open Web Application Security Project (OWASP), an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security. He’s an active part of the OWASP bug bounty initiative and frequently collaborates with other OWASP wiki and cheatsheet security projects.

-Frank stands out for his expertise across a tremendous range of subdisciplines. These include DevSecOps, including developing and maturing practices; application security and testing, including program development and testing methodologies such as SAST, DAST, and IAST; and web application firewalls, including deployments, configurations, and implementations. This broad expertise gives Frank a uniquely powerful view of AppSec environments and the critical role AppSec plays in the larger cybersecurity picture.