Meet the Bloggers

Jacob West

Director, Security Research

Jacob West is Director, Software Security Research for the Enterprise Security Products division of Hewlett-Packard. West is a world-recognized expert on software security and brings a technical understanding of the languages and frameworks used to build software together with extensive knowledge about how real-world systems fail. In 2007, he co-authored the book "Secure Programming with Static Analysis" with colleague and Fortify founder Brian Chess. Today, the book remains the only comprehensive guide to static analysis and how developers can use it to avoid the most prevalent and dangerous vulnerabilities in code. West is a frequent speaker at industry events, including RSA Conference, Black Hat, Defcon, OWASP, and many others. A graduate of the University of California, Berkeley, West holds dual-degrees in Computer Science and French and resides in San Francisco, California.
Blog posts:

Joy Forsythe

Manager, Security Research Group

Joy Forsythe spent three years writing rules for the Fortify products before stepping up to run the Security Research Group, where she maintains order by compulsively baking. She is interested in not only helping customers identify vulnerabilities in their software, but helping them learn more about the issues and security in general. Prior to joining Fortify, Ms. Forsythe worked for Oracle where she designed and implemented the encryption and storage optimization features for SecureFiles. She has a M.E. And S.B. From MIT in Computer Science, where she completed her thesis on voting and cryptography.
Blog posts:

Yekaterina Tsipenyuk O’Neil

Principal Security Researcher

Yekaterina Tsipenyuk O'Neil is the founding member of the Security Research Group at Fortify Software, where she is responsible for performing code audits, identifying and analyzing insecure coding patterns, providing security content for Fortify's software security products, and researching ways to improve the quality of the tools. Outside of the office, Yekaterina spends time working with customers and speaking at conferences. Yekaterina has a B.S. and an M.S. in computer science from the University of California, San Diego. Her thesis work focused on mobile agent security.
Blog posts:

Matias Madou

Principal Security Researcher

Matias Madou is Principal Security Researcher at Fortify/HP's Security Research Group where he’s working on mainly technical projects, ranging from kicking off the insider threat rulepack in the static analyzer, to spearheading anomaly detection in the runtime tool. Matias headed the initial rules for Hybrid 2.0, where SAST-DAST issue correlation is performed based on monitoring the application under attack. He also crafted the initial runtime rules to let HP WebInspect collaborate with Fortify SecurityScope. And when he’s away from his desk, he’s instructing the training course "SCA custom rules training" or helping out the field at short notice or presenting at DefCon, RSA, BruCon, Owasp, ... He holds a Ph.D. in computer engineering from Ghent University, where he studied application security through program obfuscation to hide the inner workings of an application. During his Ph.D., he collaborated with top research and industry players in the field of program obfuscation.
Blog posts:

Abraham Kang

Principal Security Researcher

Abraham Kang is fascinated with the nuanced details associated with programming APIs and how they affect security. Abraham has a Bachelor of Science from Cornell University. Abraham also uses the analysis techniques and out-of-the-box thinking skills gained after obtaining his JD from Lincoln Law School of San Jose to find vulnerabilities in software. Prior to joining Fortify, Abraham worked with application security for over 10 years with the most recent 4 years being a security code reviewer at Wells Fargo. Abraham is passionate about security and happiest when locked in a room with security books, his multi-boot laptop, and cheese burger happy meals.
Blog posts:

Sejal Kamani

Security Researcher

Sejal is part of the Fortify Security Research Group where she spends her time identifying new vulnerabilities and developing security content for the Fortify suite of products. Prior to joining Fortify she was part of the R&D team at Nortel Networks working on voice and data networks. She holds a M.S.in Computer Science from Stanford University and a B.S. in Computer Engineering from Cal Poly, San Luis Obispo.
Blog posts:

Sarah Cheng

Security Researcher

As a child, Sarah was nitpicky, she could not be pried off the computer, and she derived immense amounts of glee from playing with her toys in every way except for the way they were intended. She first joined Fortify as an intern for the Security Research Group, figuring that software security would be a good way to channel these parental headaches into something useful. She came back to join the group full-time after finally completing her S.B. and M.Eng. in computer science from MIT.
Blog posts:

Sam Ng

Security Researcher

Sam began his career in security after one of his corporate servers was hacked 14 years ago. He joined Fortify as a consultant in 2006 and gained even more valuable real world and first hand experiences by working with many large enterprises to improve their internal secure software development processes. Currently, he is working in Fortify Security Research Group and usually spends his time on finding new vulnerabilities by doing dynamic analysis.
Blog posts:

Alexander Hoole

Principal Security Researcher

Alexander Hoole joined the Fortify/HP security research group to continue his pursuits in security research. Hoole has a passion for understanding software architecture and how security dependencies permeate systems. He holds a B.Sc in Computer Science and a MA.Sc. in Engineering from the University of Victoria where he is also nearing completion of his Ph.D. in Software Engineering with a focus on runtime verification of security vulnerability exploitation. Before joining Fortify/HP, he spent more than a decade dividing his time between academic security research, industry teaching, and development spanning a wide range of topics including operating system internals, device driver implementation and application development.
Blog posts:

Jack Herrington

Principal Member of Technical Staff

Jack Herrington is an engineer working on the Fortify 360 Server. His mission is to expose his fellow engineers to new technologies. That covers a broad spectrum, from demonstrating programs that write other programs in the book Code Generation in Action. Providing techniques for building customer centered web sites in PHP Hacks and Getting Started With Flex 3. All the way writing a how-to on audio blogging called Podcasting Hacks. Jack also writes articles for O¹Reilly, DevX and IBM Developerworks.
Blog posts: 		Jack Herrington