Additional Info

Job title of nominated professional (or team name)Co-Founder and CTO
Company (where nominated professional or team is working)Contrast Security
Websitehttps://www.contrastsecurity.com
Company size (employees)100 to 499
CountryUnited States
Headquarters RegionNorth America

Overview

A pioneer in application security, Jeff Williams has more than 25 years of experience in software development and security. He is the co-founder and CTO of Contrast Security, a revolutionary application security product that enhances software with the power to defend itself, check itself for vulnerabilities, and join a security command and control infrastructure. Contrast’s patented deep security instrumentation is the breakthrough technology that enables highly accurate assessment and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has sensors that work actively inside applications to uncover vulnerabilities, prevent data breaches and secure the entire enterprise throughout the entire software lifecycle.

In 2002, Jeff co-founded and became CEO of Aspect Security, a successful and innovative consulting company focused on application security. Aspect started in his basement with a 56K modem connection to the Internet. As Aspect grew, he adopted a risky marketing strategy: donating free projects to open source communities instead of spending money on advertisements and conferences which was extremely successful and as a result, Aspect secured premiere clients from Wall Street, Fortune 500 and international finance.

Jeff is also a founder of OWASP, where he set up the organization as a 501c3 charity and served as a volunteer Chairman of the Board for 8 years, as well as invested thousands of hours and personal financial investment into creating The OWASP Foundation. As Chair, he created the Chapters program that has grown to 200 groups around the world and the Conferences program. He set up the OWASP wiki which is an authoritative source for application security everywhere. And he personally led dozens of open source projects, creating the OWASP Top 10, OWASP Enterprise Security API, OWASP Application Security Verification Standard, XSS Prevention Cheat Sheet, and many other widely adopted free and open.

Accomplishments

Over a period of 25 years, he founded three very different but highly successful organizations (Contrast Security, OWASP and Aspect Security) to help improve the security of the world's software.


While running Aspect, Jeff created OWASP, a 501c3 dedicated to securing the world’s software. He created dozens of open source projects, and a few of these have been wildly successful, such as the OWASP Top Ten, WebGoat, ESAPI and OWASP Cheat Sheets which have influenced millions.


Contrast Security is quite different than legacy approaches and has required extensive evangelizing. Getting the market to understand that IAST/RASP/SCA is a replacement for SAST/DAST/WAF has been challenging. Its competitors are huge companies like HP, IBM, CA, Imperva and F5. Fortunately, software continues to increase in complexity and speed of development, so Contrast is rapidly becoming the only way to secure many applications and APIs.


Jeff champions Contrast Security’s efforts to give back to the security community. Contrast sponsors almost two dozen open source projects, including integrations and free security tools. Recently, Jeff created a novel tool to perform a compiler-version agnostic comparison of binary files, to enable researchers to discover trojaned binaries in open-source repositories. Jeff has continued these efforts in 2018 with a project to bring high-quality free application security assessment and protection capability to every developer in the world with Contrast Security Community Edition.


Jeff travels the world, spreading the word about the importance of application security. Jeff speaks at small user groups, including OWASP and software development meetups, introducing folks to new technologies and approaches to application security. He also participates in large software development and security conferences, speaking to executives and practitioners about managing security effectively. Jeff always emphasizes a combination of theory and practical knowledge.