Each new generation of software is designed to be more interactive, more accessible and more flexible. As a result, effective security means finding the proper balance between the functionality you want and the control you need.

Achieving this balance depends on a full understanding of your business goals as well as the expertise and flexibility to tailor the best approach. Casaba is a tight-knit team of security pioneers with a reputation for relentlessly researching, developing and implementing innovative solutions to the most difficult security problems. At the same time, we are also committed to acting as a fully engaged partner, ready to address the needs of your team and company.

Several of us played key roles in the development of the software Security Development Lifecycle (SDL). We know how to find the security issues in your software and systems and how to translate them into prioritized action items. Also, we provide clear insight into the strengths and weaknesses resulting from your design choices and implementation.

On the surface, software security may be about protecting critical information, but at its core, it’s about protecting reputations. It’s not just about QA testing and bug fixes, but eliminating vulnerabilities at every stage in the design process.

Casaba works best embedded into the very culture of a client’s organization, building and reinforcing bridges between business strategy and technology. By doing so, we ensure systems are agile, functional and secure.

Our team brings together high caliber, real world expertise across the full spectrum of systems security. We’re also a nice bunch of people. Designers and developers like us because we’re relentless when it comes to making sure their technology is as secure as it can be, but also because we’re generous with our time and knowledge. Part of the reason we’re so effective is our ability to seamlessly integrate with client teams. The other part, of course, is each team member’s unique specialized experience, which you can read about here.


Samuel Bucholtz

Co-founder, Managing Principal

Samuel began his career more than a decade ago as a Security Engineer building secure networks and web businesses. Since then, he has performed application reviews and network penetration testing for numerous Fortune 500 companies, with responsibility for organizing engagement teams and instructing classes on network and Web application security.

Samuel maintains proficiencies in advanced program analysis tools, threat modeling, code review, penetration testing and network security. He has performed deep reviews of crypto implementations for secure network protocols and custom authentication schemes, DRM protection systems and embedded hardware devices.

Jason Glassberg

Co-founder, Managing Principal

Jason has been providing security consulting, compliance and project management services for over a decade. Jason has scoped and managed a large number of diverse and complex engagements and security initiatives across all facets of the enterprise, including comprehensive reviews of Fortune 50 development environments. Jason’s work is primarily to develop business, assist groups with the SDL process and manage Casaba’s technical resources.

Brian Lewis

Co-founder, Managing Principal

Brian specializes in software development, system architecture and design, threat modeling and system analysis. After earning his BS in Computer Science from Polytechnic University in 1994, Brian gained early experience building auditing systems for Morgan Stanley to verify trades against stated positions and SEC rules. In 1997, he developed and presented an online Human Resources system at conferences in the US, France, Belgium and the UK. Brian has worked in pure play security since 1999, which included designing and building an attack scripting language (FASL), conducting security penetration testing and teaching classes in web security.

Chris Weber

Co-founder, Managing Principal

Chris leverages his security expertise to direct product strategies for Casaba, in addition to performing technical code reviews, penetration testing and project management. For more than a decade, Chris has been working at the forefront of the information security industry, carefully testing and reviewing the security of many of the global products we use every day.

Chris maintains a CSSLP from ISC2 and has authored several books including Privacy Defended and Windows XP Professional Security, and served as technical editor for Hunting Security Bugs, which was written by the MS Office Security Team. Chris has been invited to speak at industry conferences including Microsoft BlueHat, BlackHat, CanSecWest, OWASP, SOURCE and the Internationalization and Unicode Conference.

Our Team

Ramsey Dow

Managing Principal

Ramsey has an extensive software development background. He helped develop the first commercial network vulnerability scanner for Internet Security Systems in 1995. As a member of the security team for Trustworthy Computing at Microsoft, he developed a network scanner (KB 824146) for unauthenticated detection of Windows hosts vulnerable to MSRC bulletins MS03-026 and MS03-039. He also participated in the Windows Server 2003 security push, focusing on kernel code review. After TwC, Ramsey held an SDE position in Microsoft’s Consumer Operating System Division.

After Microsoft, Ramsey joined MySpace as the Chief Information Security Officer (CISO) where he designed and implemented their security programs and practices. Most recently, as a partner at Casaba, Ramsey has worked on a diverse range of security projects, from risk assessment for an aerospace client, to security design and code review for embedded hardware systems. Ramsey continues to develop commercial security software.

Brandon Chalk

Senior Security Consultant

Brandon specializes in fraud analysis and detection with a primary focus on the detection and reverse engineering of bots and automated cheating tools. Brandon has experience with reverse engineering, web and application penetration testing, software development, and at Casaba has successfully guided projects through the requirements of the Microsoft Security Development Lifecycle. As a secondary focus Brandon also works to keep up with the trends in mobile and smartphone security to provide insight on the rapidly increasing number of threats to mobile operating systems. Brandon graduated from the University of Washington with a bachelor’s degree in Computer Software and Systems as well as Computer Engineering and is returning for a master’s degree in Electrical Engineering.

Robert Mooney

Principal Security Consultant

Robert is an application and security software architect with a wide range of experience in Internet security, enterprise software development, and application security auditing. Robert began his career maintaining the operational aspects of an ISP, growing an infrastructure supporting a small number of individual users to thousands of individual and corporation clients. He was a member of the Internet Security Systems X-Force (later acquired by IBM), where he contributed heavily to Internet Scanner, RealSecure IDS, and System Scanner; and was involved in the creation and development of the company’s enterprise security monitor. While at ISS, he also developed the first kernel-based stack-fingerprint masquerading module for BSD, and later worked directly with the founder and lead engineers on experimental security software. Robert was an early contributor at SPI Dynamics, Inc. (later acquired by HP), and later held a position at Microsoft as a software design engineer on the Forefront Security product suite.

Noah Glassberg

Senior Security Consultant

Working in software assurance within the credit card industry led Noah to a specialized security focus. His background includes reviewing software implementations and deployments to find security weaknesses and vulnerabilities. Noah specializes in SDL process management, working closely with Casaba’s clients to move them through the SDL process – setting goals, utilizing tools, meeting requirements and defining exceptions.

Josh Betts

Senior Security Consultant

Josh has spent years immersed the security community, engaged in research, penetration testing, and exploit development. Prior to joining Casaba, Josh was a senior security consultant for IOActive were he performed PCI audits and unique projects including the largest anti-piracy initiative in history. Josh has been a speaker at industry conferences and regularly speaks with the press on current security topics.

Loc Nguyen

Senior Security Consultant

Loc employs his multi-faceted background in exploit development, reverse engineering and program analysis to provide added subject matter depth to Casaba's security engagements. Prior to joining Casaba, Loc served for a number of years providing a diverse security expertise to US government entities ranging from internet investigations to offensive tool development. He regularly speaks at conferences ranging from Shmoocon to RightsCon and his spare time is dedicated to contributing open-source tools to the greater infosec community.

Dmitriy Koval

Security Consultant

Dmitriy specializes in network and Web application security. In his spare time, he builds networks, tinkers with embedded hardware devices and pursues professional certifications. He sparked interest in the security field since designing and building networks for regional cybersecurity competitions. He holds a BAS in Cyber Security and Forensics and a CCNA certification.

Carlos Lopez

Senior Security Consultant

Carlos is a security professional with over a decade of IT security experience. He has worked work with a wide range of enterprise technologies and focuses on systems & network architecture. Most recently, while at Microsoft Corporation, Carlos worked on the Online Services Security & Compliance team, as well as Trustworthy Computing's Network Security team. His responsibilities included performing vulnerability assessments, penetration tests, threat modeling, and security design reviews. Additionally, he assisted various teams at Microsoft to design and implement protective & detective security controls for purposes of assisting those organizations meet their business goals, as well as comply with their regulatory compliance obligations.

John Michener

Principal Security Consultant

John specializes in security architecture, threat modeling and assessment, risk assessment, ACL’s and permissions, cryptographic key management and design, and risk management and mitigation. John has a Ph.D. from the University of Rochester and has been working and publishing in the software and data security space for more than 25 years, publishing numerous articles in refereed journals. A former security architect and senior security program manager at Microsoft, John has done 3 computer security startups and has ~ 10 patents, many related to security issues. John was active in the foundation of the Seattle Chapter of the Cloud Security Alliance.

Marius Apreutesei

Senior Security Consultant

Marius has 20 years of IT infrastructure architecture, design and implementation. Before joining Casaba he spent 15 years at Microsoft focused on design engineering and enterprise deployment of the internal IPsec and Windows Firewall implementations, DirectAccess, Azure Multi-Factor Authentication, Active Directory, DNS and other core infrastructure technologies.Marius has a BS in Computer Systems and Engineering from the Technical University of Iasi, Romania

Richard Davis

Senior Security Consultant

Richard has over a decade of experience as a software engineer, technical writer, and project manager. At Casaba, he is primarily involved with secure web application development and testing, code review, and tool development. His work has included a mixture of first and third-party product design, development, testing and operational support using a wide variety of technologies - from Windows and Linux, C++ to C#, Java, JavaScript, HTML, ASP.NET, jQuery, AngularJS, web services, SQL, Azure, and more. Richard earned a BS in Computer Science with minor in mathematics from Washington State University, where he also studied computer graphics and assisted with astronomy research.

Ben Ege Izmirli

Security Consultant

Ben utilizes his broad background in network security, application reverse engineering, and penetration testing to bring an attacker's approach to white-hat security testing. Leveraging years of experience in database design and full-stack web development, he specializes in threat modeling with a focus on technology-agnostic implementation best practices. He manages Casaba's Threat Intelligence program as well as providing penetration testing and SDL consultation services. Ben's side projects involve application fuzzing, dissecting cryptographic protocols, and digital signal processing. Ben holds a BA in astrophysics and a BM in classical piano performance from Oberlin College and Conservatory in Ohio.

Singapore Team

Jason Glassberg

Co-founder, Managing Principal

Jason has been providing security consulting, compliance and project management services for over a decade. Jason has scoped and managed a large number of diverse and complex engagements and security initiatives across all facets of the enterprise, including comprehensive reviews of Fortune 50 development environments. Jason’s work is primarily to develop business, assist groups with the SDL process and manage Casaba’s technical resources.

BK Soon

Partner, Asia Operations

From a young age, BK’s work has been driven by his ambition to help others. Prior to joining Casaba Security, he has been a computer teacher, course counselor, businessman and an activist on promoting technology to combat against modern slavery and organized crimes. BK is a leader with a social mission to do good. His experience in private corporations, not-for-profit organizations and law enforcement agencies in Asia, make him the perfect candidate for business development in Casaba Asia.

Adam Radicic

Managing Director, Asia Operations

Adam brings a diverse and unique skill set to the Casaba team with two decades of experience in strategic planning and cross-platform security systems integration. After earning a B.S. Engineering from the United States Military Academy, West Point and completing his service as an Infantry Officer in the U.S. Army, Adam has spent more than a decade living and working internationally focused on strategic security consulting and project management. Adam's specialties include telecommunications security (Lawful Intercept and Internet Monitoring programs) and business and competitive intelligence analysis. Adam is a lifetime member of the Strategic & Competitive Intelligence Professionals (SCIP) and long-standing member of ASIS International.

John Lloyd

Chief Technology Officer

John joins Casaba from a career spanning many countries. Since leaving the US immediately after completing his university education, he has worked for multi-nationals such as BMW, TrendMicro, and NTT Communications Security, in roles centred around securing business and business systems. John has years of experience building and managing large scale security operations centres (SOC) in the APAC region. His primary interest is in managing the human aspects of information security; holistically blending technology and best practices to develop systems which are secure yet provide an effortless user experience. John spends his free time working on security projects in the area of crypto-currency where he focuses on distributed trust and projects related to risk management as well as studying Korean and Mandarin.