Senior Principal Solution Architect at Veracode. 20+ years securing software at scale. I help development managers, DevSecOps teams, and CISOs build AppSec programs that actually work.
๐ New Book โ Available on Amazon
Mastering the Art of Application Security Testing โ a practical guide for development managers, DevSecOps leads, and CISOs evaluating SAST, DAST, SCA, and container security tools.
Read more โI speak at international conferences on AppSec program design, DevSecOps transformation, and AI in security testing. Next up: WeAreDevelopers World Congress, Berlin, July 2026.
See my talks โ20+ years building and leading solutions architecture teams at Veracode, Deny All, and across DACH, EMEA, and APAC. Available as PDF download.
View my career โI spent the first decade of my career in the technical trenches โ building web application firewalls, running penetration tests, and designing security architectures for enterprises across Europe, the Middle East, and North America.
The last decade has been about helping organisations get security right at scale โ leading solutions architecture teams at Veracode, scaling the APAC organisation from zero to 27 engineers, and working with development managers and CISOs who are trying to build AppSec programs that survive contact with real engineering teams.
A practical guide for managers and security leaders evaluating and deploying application security tools. Foreword by Chris Wysopal.
Leading solution architecture across EMEA and APAC. Formerly scaled the APAC SA team from 0 to 27 and ~$6M in annual revenue.
Regular speaker at DevOpsCon, Enterprise:CODE, BSides, and OWASP events. Speaking at WeAreDevelopers World Congress, Berlin, July 2026.
Official application security spokesperson for Veracode in the German-speaking market. Providing media interviews, commentary, and bylines.