whoisjoe.com

My name is Joe Basirico, I help people build secure software. Learn more »

About Me

Who is joe? Find out here.

My name is Joe Basirico. I'm the VP of Services at Security Innovation where I lead a team of amazing security engineers to help our customers build and release secure software and protect the privacy of their users. I've been in the security industry for more than ten years now and have helped dozens of companies and individuals learn more about software security.

I started a non-profit called Technically Learning that recently merged with code.org. Technically Learning was very successful in helping to get girls and minorities excited about the STEM fields. Between 2006 and 2013, Technically Learning had reached approximately 4,500 students across 25 schools and community organizations in the Puget Sound area.

code.org differs slightly from TL's original mission, but is an incredible organization nonetheless. code.org's mission is to bring Computer Science, as a core requirement, to every public school in the US. They will make sure the students of tomorrow are equipped to use the computers that will be infused into their every action to their fullest potential.

When not working on software security problems or trying to inspire kids to learn to program I find myself programming frequently. You can see the projects that I've built on my projects pages. I write code, but I also write a blog, you can see my thoughts on all things (security, privacy, philosophy, management, productivity, etc.) on the blog

Below you'll find my "official bio" written by Security Innovation

Joe is responsible for managing the professional services business at Security Innovation. He leverages his unique experience as a development lead, trainer, researcher, and test engineer to direct the security consulting team in the delivery of high-quality, impactful risk assessment and remediation solutions to the company’s customers. His ability to blend deep technical skills with risk-based business and compliance analysis are a powerful combination; and, his unwavering commitment to customer satisfaction makes him an invaluable asset for each Security Innovation client with whom he works.

Joe has spent most the majority of his professional career analyzing application behavior with respect to security. He has researched how software development organizations mature over time from a security perspective. Through this research, he has developed an understanding of application threats, tools, and methodologies that assist in the discovery and removal of security problems both software- and process-related. To keep his technical skills honed, Joe participates in SDLC process assessments and security engineering activities such as security design and code reviews, threat modeling, and application penetration testing on a regular basis. He also is an active trainer and mentor for select client accounts.

Joe has evolved a keen understanding of software security root cause analysis in his 9+ years with Security Innovation. His application risk acumen, coupled with his hands-on experience analyzing a plethora of commercial software, makes him a trusted advisor and is a “go to” resource for specialized training and critical consulting services. He has worked on projects directly for Microsoft, Amazon.com, Symantec, OWASP, HP, US Courts, Sears, and others during his tenure with the company.

Joe is an active member in the security community, having contributed methodologies, technology, and training. He manages the company’s engineering blog and has written several publications that focus on source code level vulnerabilities. Joe holds a B.S in Computer Science from Montana State University.

Areas of Expertise

  • Business and Process Secure SDLC; Application Risk; Security Testing methodologies; Attacker Techniques
  • Technical ASP.Net, J2EE, Windows, Azure, C/C++, SQL server, Amazon Web Services
  • Web and Mobile Application Security Code review, Web services, Cloud, SaaS, Firewalls

Software & Tools Development

  • TeamMentor - led initial development for the company’s secure development guidance system
  • YASAT – static analysis tool that uses regular expression based rules on a code base to quickly find potential security vulnerabilities
  • WhatTheFuzz – an open-source, easy to use and operate fuzzer for Web sites
  • Transform – an open-source, easy to use encoder/decoder
  • RegexMatcher – a simple regular expression matcher and tester

Training & Thought Leadership

  • For Security Innovation Customers
    • Microsoft, Tyco, Harris, Liberty Mutual, HP, Amazon.com, Symantec, Credit Suisse, Adobe, ING, Sony
  • Industry Events
    • EMC World, Microsoft PDC, Compuware OJ.X, Amazon.com ZonCon, Nationwide Testing Symposium, OWASP USA, OWASP Europe, ISSA, Software Security Summit, Secure World
  • Media
    • CSO Magazine, SC Magazine, Dr. Dobbs, ComputerWorld, CIO Update, Software Test & Performance, DM Review, SearchSoftwareQuality.com