Why nominated: A 20-year veteran, Andrew van der Stock is a senior principal consultant at Synopsys, providing technical leadership in security architecture, threat modeling, secure coding guidelines and reviews, assurance and penetration tests, risk assessments, and developer training. Additionally, he leads the OWASP Top 10 and Application Security Verification Standard projects. He previously led the OWASP Developer Guide, OWASP Top 10 2007, and ESAPI for PHP projects. Andrew is a lifetime member of OWASP, and has served as a director and treasurer of the global OWASP Foundation Board. In addition, he has previously held executive director and global chapters committee positions within OWASP.
Profile: Not every educator works on a campus with ivy-covered buildings. Some are like Andrew van der Stock, who creates a classroom wherever he happens to be. This came to the forefront in the last year when he took on the new role of working with Synopsys’ internal practices and operations team. Van der Stock rolled out internal training and brown bag meetings across the organization which resulted in Synopsys’ assessors finding more critical and high-risk findings in the last three months than they had in several previous years, placing the company’s metrics to be ahead of the OWASP Top 10 data set.
Other initiatives include providing new types of training that includes hands on labs, pathway training for each type of assessor and their specific career path, and improving Synopsys’ pod lead mentoring model for the practices, his staff, and the operations team.
What colleagues say: “Currently leading up the OWASP Top 10 and Application Security Verification Standard projects, Andrew is at the forefront of establishing best practices in an ever-changing threat landscape. He has led a variety of OWASP initiatives and other thought leading projects over the years. Andrew also has held multiple leadership positions within OWASP. He is a recognized leader within a globally recognized entity leading the way for software and application security practitioners. Who better to educate the industry!” – Mark Zurich, Senior Director of Technology at Synopsys