CISO training – Managing Web & Application Security – OWASP for senior managers

Tobias Gondrom

August, 21st (1 day)

Trainer_Tobias_GondromCISO training: Managing Web & Application Security – OWASP for senior managers Setting up, managing and improving your global information security organisation using mature OWASP projects and tools. Achieving cost-effective application security and bringing it all together on the management level. How to use and leverage OWASP and other common best practices to improve your security programs and organization. The workshop will also discuss a number of quick wins and how to effectively manage global security initiatives and use OWASP tools inside your organisation. The author has extensive experience of managing his own secure development organization as well as advising to improve a number of global secure development organisations and processes.


  • OWASP Top-10 and OWASP projects – how to use within your organisation
  • Risk management and threat modeling methods (OWASP risk analysis, ISO-27005,…)
  • Benchmarking & Maturity Models
  • Organisational Design and managing change for global information security programs
  • SDLC
  • Training: OWASP Secure Coding Practices – Quick Reference Guide, Development Guide, Training tools for developers
  • Measuring & Verification: ASVS (Application Security Verification Standard) Project, Code Review Guide, Testing Guide
  • Development & Operation: Libraries and Frameworks (ESAPI (Enterprise Security API), AppSensor, …)

All discussion and issues raised by participants at the workshop will be under the confidentiality under the Chatham House Rule.

About the trainer

Tobias Gondrom is Managing Director of Thames Stanley, a Information Security & Risk Management Advisory based in Hong Kong, United Kingdom and Germany.

He has 15 yrs of experience in software development, application security, cryptography, electronic signatures and global standardization organizations working for independent software vendors and  large global corporations in the financial, technology and government sector.

Over the years, he has trained and advised dozens of CISOs and senior information security leaders around the globe. Since 2003 he is the chair of working groups of the IETF (, a member of the IETF security directorate, and since 2010 chair of the web security WG at the IETF. He has been in a number of project and chapter leadership roles for OWASP since 2007. Currently, he leads the OWASP CISO Report and Survey project. Tobias has authored the standards RFC 4998 and RFC 6283, also co-authored he book „Secure Electronic Archiving“ and is a frequent presenter at conferences and publication of articles (e.g. AppSec, IETF, ISSE, Moderner Staat, VOI-booklet “Electronic Signature“, iX).

For further information and questions, please contact Tobias directly at tobias _at_