Biography
Cassio Goldschmidt is a transformative leader known for his visionary leadership and hands-on expertise in cybersecurity and technology. With over 20 years of experience spanning Fortune 500 companies, startups, and globally recognized institutions, Cassio has been instrumental in transforming security practices and driving innovative solutions that align seamlessly with organizational goals.
Cassio’s expertise integrates technical acumen, strategic thinking, and understanding of business needs, enabling the development of security programs that support growth while enhancing resilience. As Chief Information Security Officer at ServiceTitan, Cassio built an world-class security program from the ground up, significantly contributing to the company’s IPO readiness and operational success. Recognized as one of the top CISOs in the United States, Cassio’s leadership has been acknowledged through numerous national and international industry awards.
Beyond his professional roles, Cassio is an advocate for building a more secure digital ecosystem. As a long-time contributor to OWASP, he led initiatives to educate and empower organizations on web application security. His engaging approaches, such as “phish a phriend” and innovative awareness programs, have left lasting impressions on both corporate and public audiences.
An author, speaker, and thought leader, Cassio has published industry whitepapers, contributed articles to Forbes, and delivered insights at global conferences. He also serves as an advisor to venture capital firms and startups, shaping the future of security through mentorship, investments, guidance, and innovative practices.
Qualifications
Education
Pontifical Catholic University of Rio Grande do Sul
BS, Computer Science
Santa Clara University
Master of Science - Software Engineering
University of Southern California
MBA, Entrepreneurship, technology
Certifications and Accreditations
Certified Secure Software Lifecycle Professional
(ISC)², License 328856 2008 – Present
Certified Cloud Security Professional
(ISC)², License 328856 2018 – Present
Security, Compliance, and Identity Fundamentals
Microsoft, License 992425332 2022 – Present
Certified Information Privacy Professional
IAPP – International Association of Privacy Professionals 2015 – Present
Certified Information Privacy Technologist
IAPP – International Association of Privacy Professionals 2015 – Present
Microsoft Azure Fundamentals (AZ-900)
Microsoft Id Certification number 992425332 2021 – Present
Microsoft Azure AI Fundamentals (AI-900)
Microsoft Id Certification number 992425332 2021 – Present
Microsoft Azure Data Fundamentals (DP-900)
Microsoft Id Certification number 992425332 2022 – Present
Certified Bitcoin Professional
CryptoCurrency Certification Consortium, License 74eeb9 2015 – 2023
Affiliations
Voluntary Work
- ISC2 (2008 – 2023)
- USC Marshall Alumni Mentor Program (2021 – 2023)
- AppSec Cali conference co-founder and one of the organizers (2013 – 2022)
- ITSP Magazine Expert (2017-2018)
- SAFECode, Technical Contributor (2007-2012)
- MITRE, CWE/SANS Top 25 Contributor (2009-2011)
- OWASP, AppSec Latin America 2011 Event Co-chair
- OWASP AppSec USA 2010 Event Co-chair
- Intel ISEF 2011 Grand Award Judge, Computer Science Category
- Proud member of the Infragard Los Angeles Chapter (2019 – 2022)
Boards
- Bessemer Venture Partners – Operating Advisor (2022 – Present)
- Material Security – Customer Advisory Board (2024 – Present)
- SafeBase – Customer Advisory Board (2022 – 2024)
- Glilot Capital Partners – Board of Experts (2021 – Present)
- CISOs Connect – C100 Distinguished CISO Board of Judges (2021 – 2023)
- Forbes – Official Member of Technology Council (2017 – 2021)
- OWASP Los Angeles, Board of Directors (2009 – 2022)
- OWASP, Global Conference Committee (2010 – 2011)
- OWASP, Los Angeles Chapter Leader (2008-2009, 2021-2022)
- UCLA Extension Department of Engineering, Information Systems Advisory Board (2013-2014)
Patents
US Patent #6772194B1
Summary
US Patent #20060181531A1
Summary
US Patent#: US7949665B1
Summary
US Patent#: US8745001B1
Summary
Sample Talks
Briefings
Cassio spoke in more than 100 public events, including some of the most respected international security conferences such as RSA, Black Hat, ISSA, CIO Event, ACSAC, (ISC)² Security Congress, FS-ISAC, Better Software, NULLCon, and Global OWASP AppSec in countries such as Brazil, China, India, Poland, Sweden, and the United States.
Changing the Game: How Titan Intelligence Is Shaping ServiceTitan Today and Beyond
ServiceTitan Pantheon - September 13 2023, Orlando, Florida
Generative AI is revolutionizing how businesses operate. At ServiceTitan’s customer conference, I co-presented a talk on how we secure the AI solutions we create. The focus was on generative AI and its impact on the trades. The video below covers the first 3 minutes of my part of this presentation. The full presentation is available on ServiceTitan’s customer portal.
Dissecting Bitcoin Security
OWASP AppSec Cali 2016 - January 26 2016, Santa Monica, California
Bitcoin introduced a new form of organization and consensus. Activities that previously required central authorities can now be decentralized. This has profound implications for security. In this presentation, Cassio reviews and dissects some of Bitcoin’s core components and their security controls. Cassio analyzes each control and how it could be used in other domains.
Responsibility For The Harm And Risk Of Security Flaws
Black Hat DC 2011 - January 18 2011, Washington DC
Software vulnerabilities are a vexing problem for the state of information assurance and security. Who is responsible for the risk and harm of software security is controversial. Deliberation of the responsibility for harm and risk due to software security flaws requires considering how incentives (and disincentives) and network effects shape the practices of vendors and adopters, and the consequent effects on the state of software security. This presentation looks at these factors in more detail in the context of private markets and public welfare.
Panels
Bug Bounty Programs: Successfully Controlling Complexity and Perpetual Temptation
AppSec USA 2017 - Semptember 2017, Orlando, Florida
Bug bounty programs – compensating a researcher who has found a “bug” in a company’s system – can be effective at mitigating cybersecurity risk, but they must be implemented and managed carefully lest they be abused and backfire. Bug bounty programs debugged will present a holistic view of the process of creating and maintaining a successful program, as well as tips on how to succeed as a bounter and how to stay out of trouble.
Moderated by ITSPmagazine chief editor Sean Martin, this panel will include expert opinions from experienced practitioners, the leader of a well-respected bounty program, “meals” – a top-ranked bug bounter, and a partner and bug bounty expert from Baker & McKenzie.
Sample Podcasts
Sample Articles
Sample articles Cassio wrote for Forbes while serving as a member of the Forbes Technology Council.
Honors and Awards
Security Industry Awards
- Winner: CISOs Top 100 CISOs (C100) 2025
- Winner: CISOs Top 100 CISOs (C100) 2023
- Winner: CISO Village Awards – Cyber Community Development (click here to see a video of the summit and a glimpse of the award ceremony)
- Finalist: T.E.N. Information Security Executive (ISE) West Project Award 2022
- Nominee: T.E.N. Information Security Executive (ISE) Award Winner 2022
- Winner: CISOs Top 100 CISOs (C100) 2021
- Nominee: T.E.N. Information Security Executive (ISE) North America Project Award 2020
- Winner: T.E.N. Information Security Executive (ISE) West Project Award Winner 2020
- Winner: (ISC)2 Information Security Leadership Awards Americas 2019, Senior Information Security Professional (see the award ceremony video)
- Nominee: T.E.N. Information Security Executive (ISE) Award North America 2019
- Finalist: OWASP Web Application Security Person of the Year (WASPY) Awards 2012
- Finalist: (ISC)² Americas Information Security Leadership Awards 2011 – Information Security Practitioner (see the award ceremony video)
- Special Recognition Award: (ISC)² Americas Information Security Leadership Awards 2011 – Community Service Star
(Click here to see a video of the award ceremony)
Honors
- Publicly thanked by Brazil’s Superior Electoral Court (TSE) for finding security weaknesses and providing significant recommendations to improve the security of electronic voting systems used in the country’s presidential election.
- Publicly credited by Cisco Systems for finding CVE-2007-1467, a security vulnerability that affected 124 Cisco offerings. The vulnerability was independently reported by Erwin Paternotte five days apart.
Other Industry Awards
Speaking engagements, travel arrangements, and press inquires
Please email details on your proposed event, including event URLs, location, and dates to [email protected].