Biography

Cassio Goldschmidt is an award-winning technology executive, advisor, mentor, speaker, and long-time contributor to the security community.  

Cassio’s experience includes both Fortune 500 companies and startups, where he built a comprehensive security practice from the ground up. With an MBA, a Master of Science in Software engineering, and years of hands-on experience in multiple areas of Information Security, Cassio builds security programs that appeal to all facets of the business. His efforts in securing enterprises have been recognized multiple times by multiple organizations. Some of his accolades include a nomination for the web application security person of the year by OWASP, winner of the Information Security Leadership Awards for all Americas by (ISC)2, nominated one of the top CISOs in America by ISE, and appointed one of the top 100 CISOs in the United States by his peers at CISOs Connect.

With more than 20 years of experience, Cassio is a long-time passionate contributor to the security community. He held multiple positions at OWASP, contributed with numerous articles to Forbes Magazine as a member of the company’s technology council, co-authored multiple whitepapers for SAFECode.org, volunteered as a subject matter expert for (ISC)2, contributed to the creation of MITRE/SANS Top 25, designed and lecture a privacy class for LinkedIn Learning, served as a mentor for USC’s Marshall School of Business, and as an advisor for VC firms and startups.

Qualifications

Education

Pontifical Catholic University of Rio Grande do Sul

BS, Computer Science 1992 - 1997

Santa Clara University

Ms Software Engineering

University of Southern California

MBA, Entrepreneurship, technology 2004 - 2007

Certifications and Accreditations

Information Security
CSSLP

Certified Secure Software Lifecycle Professional

(ISC)², License 328856 2008 – Present

CCSP

Certified Cloud Security Professional

(ISC)², License 328856 2018 – Present

SC-900

Security, Compliance, and Identity Fundamentals

Microsoft, License 992425332 2022 – Present

Information Privacy
CIPP

Certified Information Privacy Professional

IAPP – International Association of Privacy Professionals 2015 – Present

CIPT

Certified Information Privacy Technologist

IAPP – International Association of Privacy Professionals 2015 – Present

Cloud Technologies
AZ-900

Microsoft Azure Fundamentals (AZ-900)

Microsoft Id Certification number 992425332 2021 – Present

AI-900

Microsoft Azure AI Fundamentals (AI-900)

Microsoft Id Certification number 992425332 2021 – Present

DP-900

Microsoft Azure Data Fundamentals (DP-900)

Microsoft Id Certification number 992425332 2022 – Present

CBP

Certified Bitcoin Professional

CryptoCurrency Certification Consortium, License 74eeb9 2015 – 2023

Executive Training
Accreditations
TPN

Trusted Partner Network

MPA and CDSA accredited assessor 2018 – 2023

 

Affiliations

Voluntary Work

Boards

Bessemer venture partners
Forbes
US Marshall

Patents

US Patent #6772194B1

Inventor: Cassio Goldschmidt

Summary

Single author of Directory Band: a Windows shell extension used to access information in directories. USPTO number 6,772,194 (Cisco Systems)
More Info

US Patent #20060181531A1

Inventor: Cassio Goldschmidt

Summary

Single inventor of a markup language to plot network topologies and generic graphs (TOPOML). USPTO number 7,075,536 and 7,292,246 (Cisco Systems)
More Info

US Patent#: US7949665B1

Inventor: John Millard, Cassio Goldschmidt

Summary

Co-author of a patented method for speeding up disk volumes traversal while examining file content. This patent increased the performance of Norton AntiVirus scans by 18%. USPTO number 7,949,665 (Symantec Corp)
More Info

US Patent#: US8745001B1

Inventor: Cassio Goldschmidt

Summary

Single inventor of Automated remediation of corrupted and tempered files. This patent unites the power of backup products with deployment solutions. USPTO number 8,745,001 (Symantec)
More Info

Online Training

Practical Privacy For Products And Services

LinkedIn Learning, July 2021, Online

One of the biggest threats to your personal information is a lack of cybersecurity. The same rings true for organizations that need to protect their data. In this online course, you will gain a strong understanding of what you can do as an individual contributor to help keep your organization’s data safe.

The course is available on LinkedIn Learning and digital libraries such as the Los Angeles Public Library.

Play Video

Sample Talks

Briefings

Cassio spoke in more than 80 public events, including some of the most respected international security conferences such as RSA, Black Hat, ISSA, CIO Event, ACSAC, (ISC)² Security Congress, FS-ISAC, Better Software, NULLCon, and Global OWASP AppSec in countries such as Brazil, China, India, Poland, Sweden, and the United States.

Changing the Game: How Titan Intelligence Is Shaping ServiceTitan Today and Beyond

ServiceTitan Pantheon - September 13 2023, Orlando, Florida

Generative AI is revolutionizing how businesses operate. At ServiceTitan’s customer conference, I co-presented a talk on how we secure the AI solutions we create.  The focus was on generative AI and its impact on the trades. The video below covers the first 3 minutes of my part of this presentation.  The full presentation is available on ServiceTitan’s customer portal.

Dissecting Bitcoin Security

OWASP AppSec Cali 2016 - January 26 2016, Santa Monica, California

Bitcoin introduced a new form of organization and consensus. Activities that previously required central authorities can now be decentralized. This has profound implications for security. In this presentation, Cassio reviews and dissects some of Bitcoin’s core components and their security controls. Cassio analyzes each control and how it could be used in other domains.

Play Video

Responsibility For The Harm And Risk Of Security Flaws

Black Hat DC 2011 - January 18 2011, Washington DC

Software vulnerabilities are a vexing problem for the state of information assurance and security. Who is responsible for the risk and harm of software security is controversial. Deliberation of the responsibility for harm and risk due to software security flaws requires considering how incentives (and disincentives) and network effects shape the practices of vendors and adopters, and the consequent effects on the state of software security. This presentation looks at these factors in more detail in the context of private markets and public welfare.

Play Video

Panels

Bug Bounty Programs: Successfully Controlling Complexity and Perpetual Temptation

AppSec USA 2017 - Semptember 2017, Orlando, Florida

Bug bounty programs – compensating a researcher who has found a “bug” in a company’s system – can be effective at mitigating cybersecurity risk, but they must be implemented and managed carefully lest they be abused and backfire. Bug bounty programs debugged will present a holistic view of the process of creating and maintaining a successful program, as well as tips on how to succeed as a bounter and how to stay out of trouble.

Moderated by ITSPmagazine chief editor Sean Martin, this panel will include expert opinions from experienced practitioners, the leader of a well-respected bounty program, “meals” – a top-ranked bug bounter, and a partner and bug bounty expert from Baker & McKenzie.

Sample Podcasts

Sample Articles

Honors and Awards

Security Industry Awards

Honors

Other Industry Awards

Speaking engagements, travel arrangements, and press inquires

Please email details on your proposed event, including event URLs, location, and dates to [email protected].