Additional Info

Job title of nominated professional (or team name)Contrast Security Co-founder and CTO
Company (where nominated professional or team is working)Contrast Security, Inc.
Company size (employees)50 - 99
CountryUnited States


Jeff was the co-founder and major contributor to OWASP, creating the OWASP Top 10, OWASP Enterprise Security API, OWASP Application Security Verification Standard, and the XSS Prevention Cheat Sheet. These guidelines and tools are used by security professionals to this day, and will continue to prove effective in guiding application security.

Jeff is a co-founder and CTO of Contrast Security. He was instrumental in formulating and then building the application security product line, Contrast Enterprise, which employs patented “deep security instrumentation.” This revolutionary approach enables every enterprise application to automatically and accurately “self-protect” themselves in real time, and is the first and only product that unifies Interactive Application Security Testing with Runtime Application Self-Protection onto one common platform from one company.

As a result, Jeff has played a key role in moving many large enterprise clients away from legacy scanning to continuous analysis and self-protecting applications. Clients include a top 5 US bank with over 35,000 employees. The bank has deployed Contrast Enterprise across 125 internally facing and externally facing applications, representing approximately 50% of their entire software application portfolio.


1. Introduced revolutionary Contrast Enterprise, enabling - for the first time ever - all enterprise applications to automatically detect and fix vulnerabilities, identify attacks, and defend themselves.

2. Jeff's inspiration of continuous application security and self-protecting software created a highly accurate application security product (per the OWASP Benchmark Project standard), designed from the ground up for DevOps and agile development methodologies.

3. To this day, no other security professional or company has been able to architect and go-to-market with fully automated, scalable and highly accurate enterprise application security product.