Each new generation of software is designed to be more interactive, more accessible and more flexible. As a result, effective security means finding the proper balance between the functionality you want and the control you need.

Achieving this balance depends on a full understanding of your business goals as well as the expertise and flexibility to tailor the best approach. Casaba is a tight-knit team of security pioneers with a reputation for relentlessly researching, developing and implementing innovative solutions to the most difficult security problems. At the same time, we are also committed to acting as a fully engaged partner, ready to address the needs of your team and company.

Several of us played key roles in the development of the software Security Development Lifecycle (SDL). We know how to find the security issues in your software and systems and how to translate them into prioritized action items. Also, we provide clear insight into the strengths and weaknesses resulting from your design choices and implementation.

On the surface, software security may be about protecting critical information, but at its core, it’s about protecting reputations. It’s not just about QA testing and bug fixes, but eliminating vulnerabilities at every stage in the design process.

Casaba works best embedded into the very culture of a client’s organization, building and reinforcing bridges between business strategy and technology. By doing so, we ensure systems are agile, functional and secure.

Our team brings together high caliber, real world expertise across the full spectrum of systems security. We’re also a nice bunch of people. Designers and developers like us because we’re relentless when it comes to making sure their technology is as secure as it can be, but also because we’re generous with our time and knowledge. Part of the reason we’re so effective is our ability to seamlessly integrate with client teams. The other part, of course, is each team member’s unique specialized experience, which you can read about here.

Our Team

Samuel Bucholtz

Co-founder, Managing Principal

Samuel began his career more than a decade ago as a Security Engineer building secure networks and web businesses. Since then, he has performed application reviews and network penetration testing for numerous Fortune 500 companies, with responsibility for organizing engagement teams and instructing classes on network and Web application security.

Samuel maintains proficiencies in advanced program analysis tools, threat modeling, code review, penetration testing and network security. He has performed deep reviews of crypto implementations for secure network protocols and custom authentication schemes, DRM protection systems and embedded hardware devices.

Ramsey Dow

Managing Principal

Ramsey has an extensive software development background. He helped develop the first commercial network vulnerability scanner for Internet Security Systems in 1995. As a member of the security team for Trustworthy Computing at Microsoft, he developed a network scanner (KB 824146) for unauthenticated detection of Windows hosts vulnerable to MSRC bulletins MS03-026 and MS03-039. He also participated in the Windows Server 2003 security push, focusing on kernel code review. After TwC, Ramsey held an SDE position in Microsoft’s Consumer Operating System Division.

After Microsoft, Ramsey joined MySpace as the Chief Information Security Officer (CISO) where he designed and implemented their security programs and practices. Most recently, as a partner at Casaba, Ramsey has worked on a diverse range of security projects, from risk assessment for an aerospace client, to security design and code review for embedded hardware systems. Ramsey continues to develop commercial security software.

Brandon Chalk

Senior Security Consultant

Brandon specializes in fraud analysis and detection with a primary focus on the detection and reverse engineering of bots and automated cheating tools. Brandon has experience with reverse engineering, web and application penetration testing, software development, and at Casaba has successfully guided projects through the requirements of the Microsoft Security Development Lifecycle. As a secondary focus Brandon also works to keep up with the trends in mobile and smartphone security to provide insight on the rapidly increasing number of threats to mobile operating systems. Brandon graduated from the University of Washington with a bachelor’s degree in Computer Software and Systems as well as Computer Engineering and is returning for a master’s degree in Electrical Engineering.


Jason Glassberg

Co-founder, Managing Principal

Jason has been providing security consulting, compliance and project management services for over a decade. Jason has scoped and managed a large number of diverse and complex engagements and security initiatives across all facets of the enterprise, including comprehensive reviews of Fortune 50 development environments. Jason’s work is primarily to develop business, assist groups with the SDL process and manage Casaba’s technical resources.

Robert Mooney

Principal Security Consultant

Robert is an application and security software architect with a wide range of experience in Internet security, enterprise software development, and application security auditing. Robert began his career maintaining the operational aspects of an ISP, growing an infrastructure supporting a small number of individual users to thousands of individual and corporation clients. He was a member of the Internet Security Systems X-Force (later acquired by IBM), where he contributed heavily to Internet Scanner, RealSecure IDS, and System Scanner; and was involved in the creation and development of the company’s enterprise security monitor. While at ISS, he also developed the first kernel-based stack-fingerprint masquerading module for BSD, and later worked directly with the founder and lead engineers on experimental security software. Robert was an early contributor at SPI Dynamics, Inc. (later acquired by HP), and later held a position at Microsoft as a software design engineer on the Forefront Security product suite.

Dan Smith

Senior Security Consultant

Dan came to Casaba after years of software development building connected devices, mobile applications and backend telecommunication services at Disney, Microsoft and T-Mobile. He holds a BS in Computer Science and holds the Data Scientist certification from the University of Washington. He focuses on offensive security techniques, application security, and penetration testing.


Brian Lewis

Co-founder, Managing Principal

Brian specializes in software development, system architecture and design, threat modeling and system analysis. After earning his BS in Computer Science from Polytechnic University in 1994, Brian gained early experience building auditing systems for Morgan Stanley to verify trades against stated positions and SEC rules. In 1997, he developed and presented an online Human Resources system at conferences in the US, France, Belgium and the UK. Brian has worked in pure play security since 1999, which included designing and building an attack scripting language (FASL), conducting security penetration testing and teaching classes in web security.

Noah Glassberg

Senior Security Consultant

Working in software assurance within the credit card industry led Noah to a specialized security focus. His background includes reviewing software implementations and deployments to find security weaknesses and vulnerabilities. Noah specializes in SDL process management, working closely with Casaba’s clients to move them through the SDL process – setting goals, utilizing tools, meeting requirements and defining exceptions.

Josh Betts

Senior Security Consultant

Josh has spent years immersed the security community, engaged in research, penetration testing, and exploit development. Prior to joining Casaba, Josh was a senior security consultant for IOActive were he performed PCI audits and unique projects including the largest anti-piracy initiative in history. Josh has been a speaker at industry conferences and regularly speaks with the press on current security topics.


Blake Hutchinson

Senior Security Consultant

Blake specializes in penetration testing and software testing. Prior to Casaba, Blake held several engineering positions at Microsoft as SDET and Systems Engineer for the Azure Active Directory and Office 365 environments. Blake's work has been published in Technet Magazine, and he holds the CCNA and CCNP certifications.

Loc Nguyen

Security Consultant

Loc employs his multi-faceted background in exploit development, reverse engineering and program analysis to provide added subject matter depth to Casaba's security engagements. Prior to joining Casaba, Loc served for a number of years providing a diverse security expertise to US government entities ranging from internet investigations to offensive tool development. He regularly speaks at conferences ranging from Shmoocon to RightsCon and his spare time is dedicated to contributing open-source tools to the greater infosec community.

Cory Carson

Security Consultant

Cory performed application security work at Boeing for over 5 years before joining Casaba. Cory earned a Masters of Science in Software Engineering from Embry-Riddle Aeronautical University and maintains an ISC2 CSSLP certification. Cory's primary activities at Casaba include secure software design, manual and automated software security assessment, penetration testing, triaging security assessment results, and software development.


Aaron Clager

Senior Security Consultant

Aaron has over 15 years of software and IT infrastructure design and implementation with fortune 100 companies. He served as “security champion” on numerous world-class products and services for Microsoft before joining Casaba. Aaron has a proven track record of working with organizations to build and establish solid repeatable processes for Security Development Lifecycle and multi-regulatory compliance programs that align with individual business needs.

Carlos Lopez

Senior Security Consultant

Carlos is a security professional with over a decade of IT security experience. He has worked work with a wide range of enterprise technologies and focuses on systems & network architecture. Most recently, while at Microsoft Corporation, Carlos worked on the Online Services Security & Compliance team, as well as Trustworthy Computing's Network Security team. His responsibilities included performing vulnerability assessments, penetration tests, threat modeling, and security design reviews. Additionally, he assisted various teams at Microsoft to design and implement protective & detective security controls for purposes of assisting those organizations meet their business goals, as well as comply with their regulatory compliance obligations.

John Michener

Principal Security Consultant

John specializes in security architecture, threat modeling and assessment, risk assessment, ACL’s and permissions, cryptographic key management and design, and risk management and mitigation. John has a Ph.D. from the University of Rochester and has been working and publishing in the software and data security space for more than 25 years, publishing numerous articles in refereed journals. A former security architect and senior security program manager at Microsoft, John has done 3 computer security startups and has ~ 10 patents, many related to security issues. John was active in the foundation of the Seattle Chapter of the Cloud Security Alliance.


Daniel Bond

Security Consultant

Daniel specializes in web application software development and auditing of web application frameworks. With over ten years of experience in software engineering, Daniel has worked on both large and small scale web applications and has deployed and defended nearly all major application stacks found in production environments today. He has worked on the development, hardening, and administration of web infrastructure and applications for Fortune 100 corporations, transit agencies, governments, and venture-backed startups. Directly prior to Casaba, Daniel developed web application architecture for network security analytics tools used by the majority of ISPs in North America. He is a member of OWASP, loves studying bad cryptography, and plays any web application CTF he can find.

Marius Apreutesei

Senior Security Consultant

Marius has 20 years of IT infrastructure architecture, design and implementation. Before joining Casaba he spent 15 years at Microsoft focused on design engineering and enterprise deployment of the internal IPsec and Windows Firewall implementations, DirectAccess, Azure Multi-Factor Authentication, Active Directory, DNS and other core infrastructure technologies.Marius has a BS in Computer Systems and Engineering from the Technical University of Iasi, Romania

Richard Davis

Senior Security Consultant

Richard has over a decade of experience as a software engineer, technical writer, and project manager. At Casaba, he is primarily involved with secure web application development and testing, code review, and tool development. His work has included a mixture of first and third-party product design, development, testing and operational support using a wide variety of technologies - from Windows and Linux, C++ to C#, Java, JavaScript, HTML, ASP.NET, jQuery, AngularJS, web services, SQL, Azure, and more. Richard earned a BS in Computer Science with minor in mathematics from Washington State University, where he also studied computer graphics and assisted with astronomy research.


Chris Weber

Co-founder, Managing Principal

Chris leverages his security expertise to direct product strategies for Casaba, in addition to performing technical code reviews, penetration testing and project management. For more than a decade, Chris has been working at the forefront of the information security industry, carefully testing and reviewing the security of many of the global products we use every day.

Chris maintains a CSSLP from ISC2 and has authored several books including Privacy Defended and Windows XP Professional Security, and served as technical editor for Hunting Security Bugs, which was written by the MS Office Security Team. Chris has been invited to speak at industry conferences including Microsoft BlueHat, BlackHat, CanSecWest, OWASP, SOURCE and the Internationalization and Unicode Conference.