Team Bios

Our team brings together high caliber, real world expertise across the full spectrum of systems security. We’re also a nice bunch of people. Designers and developers like us because we’re relentless when it comes to making sure their technology is as secure as it can be, but also because we’re generous with our time and knowledge. In part we are effective because we seamlessly integrate with client teams. The other part, of course, is each team member’s unique specialized experience, which you can read about here.

Samuel BuchholtzSamuel Bucholtz
Roles: Co-founder, Security Consulting, Architect

Background: Samuel began his career more than a decade ago as a Security Engineer building out secure networks and web businesses. Since then, he has performed application reviews and network penetration testing for numerous Fortune 500 companies, with responsibility for organizing engagement teams and instructing classes on network and Web application security.

Samuel has been immersed in Software Security Development Lifecycle (SDL) activities. He maintains proficiencies in advanced program analysis tools, threat modeling concepts, code review, penetration testing and network security. He has performed deep reviews of crypto implementations for secured network protocols and custom authentication schemes, DRM protection systems and hardware device testing of embedded devices. 
 

Ramsey DowRamsey Dow
Roles:  Development Manager, Software Architect, Security Consulting

Background: Ramsey has an extensive software development background. He helped develop the first commercial network vulnerability scanner for Internet Security Systems in 1995. As a member of the security team for Trustworthy Computing at Microsoft, he developed a network scanner (KB 824146) for unauthenticated detection of Windows hosts vulnerable to MSRC bulletins MS03-026 and MS03-039. He also participated in the Windows Server 2003 security push, focusing on kernel code review. After TwC, Ramsey held an SDE position in Microsoft’s Consumer Operating System Division. After Microsoft, Ramsey joined MySpace as their Information Security Officer (ISO) where he designed and implemented security programs and practices. Most recently, as a partner at Casaba, Ramsey has worked on a diverse range of security projects, from aerospace risk assessments to security design and code review for embedded hardware systems. Ramsey continues to develop commercial security software.

 

Jason GlassbergJason Glassberg
Roles: Co-founder, Business Development, Security Consulting

Background: Jason has been providing security consulting, compliance and project management services for over a decade. Jason has scoped and managed a large number of diverse and complex engagements and security initiatives spanning all facets of the enterprise, including comprehensive reviews of Fortune 50 development environments. Jason’s work is primarily to develop business, assist groups with the SDL process and manage Casaba’s technical resources. 

 

Noah GlassbergNoah Glassberg
Roles:   SDL Process Management, Security Consulting

Background: Working in software assurance within the credit card industry led Noah to a specialized security focus. His background includes reviewing software implementations and deployments to find security weaknesses and vulnerabilities. Noah specializes in SDL process management, working closely with Casaba’s clients to move them through the SDL process – setting goals, utilizing tools, meeting requirements and defining exceptions.
 

John HernandezJohn Hernandez
Roles:  Security Research, Consulting, Reverse Engineering

Background: In addition to application security testing using black, white and gray box techniques, John develops in-house tools for test automation and provides guidance concerning protection mechanisms such as anti-debugging, anti-tampering, code obfuscation, packers and other binary hardening techniques. John works on a range of topics including: malware analysis, reversing, rootkits, DRM, mobile, web and native applications. Working with industry leading experts, John has assisted industry leading experts  in reverse engineering malicious samples such as Nugache, Storm and downanup / conficker trojans. John received a Bachelor’s Degree in Computer Software and System Design from the University of Washington. 
 

Mary Jane Kelly Mary Jane Kelly
Roles:  Security Consulting, Project Management

Background: Mary Jane is responsible for data analytics, online gaming, and anti-fraud strategies. She has a background in programming, consulting and statistics with experience in the security space.  Mary Jane’s active role in the tech community includes founding the Seattle chapter of Girls In Tech, organizing the 2007 Northwest Security Symposium, volunteering for educational security events and participating in local security meet-ups such as the UW Agora.
 

Brian LewisBrian Lewis
Roles:  Co-founder, Software Development, Security Consulting

Background: Brian specializes in software development, system architecture and design, threat modeling and system analysis. After earning his BS in Computer Science from Polytechnic University in 1994, Brian gained early experience building auditing systems for Morgan Stanley to verify trades against stated positions and SEC rules. In 1997, he developed and presented an online Human Resources system at conferences in the US, France, Belgium and the UK. Brian has worked in pure play security since 1999, which included designing and building an automated attack scripting language for Foundstone's flagship vulnerability scanning product, and also conducting security penetration testing and class training in Web security.
 

Rob MooneyRob Mooney
Roles:  Software Development, Security Consulting

Background: Robert is an application and security software architect with a wide range of experience in information infrastructure and management, Internet security management, enterprise software development, and application security auditing. Robert began his career maintaining the operational aspects of a grassroots ISP, growing an infrastructure supporting a small number of individual users to thousands of individual and corporation clients. He was a member of the Internet Security Systems X-Force (later acquired by IBM), where he contributed heavily to Internet Scanner, RealSecure IDS, and System Scanner; and was involved in the creation and development of the company’s enterprise security monitor. While at ISS, he also developed the first kernel-based stack-fingerprint masquerading module for BSD, and later worked directly with the founder and lead engineers on experimental security software. Robert was an early contributor at SPI Dynamics, Inc. (later acquired by HP), and later held a position at Microsoft as a software design engineer on the Forefront Security product suite. As a consultant, Robert has led many successful projects for companies and agencies including Syracuse University, eBay, Tickets.com, Computer Sciences Corporation, and the US Government.
 

Chris WeberChris Weber
Roles: Co-founder, Managing Partner, Research and Product Strategies

Background: Chris leverages his security expertise to direct product strategies for Casaba, in addition to performing technical code reviews, penetration testing and project management. For more than a decade, Chris has been working at the forefront of the Internet security industry, carefully testing and reviewing the security of many widely used infrastructure protocols and products. Chris has authored several books including Windows XP Professional Security and served as technical editor for Hunting Security Bugs, which was written by the MS Office Security Team. Chris has been invited to speak at industry conferences including Microsoft BlueHat, BlackHat, CanSecWest, OWASP, SOURCE and the Internationalization and Unicode Conference.