Cassio Goldschmidt is an award-winning technology executive, advisor, mentor, speaker, and long-time contributor to the security community.
Cassio’s experience includes both Fortune 500 companies and startups, where he built a comprehensive security practice from the ground up. With an MBA, a Master of Science in Software engineering, and years of hands-on experience in multiple areas of Information Security, Cassio builds security programs that appeal to all facets of the business. His efforts in securing enterprises have been recognized multiple times by multiple organizations. Some of his accolades include a nomination for the web application security person of the year by OWASP, winner of the Information Security Leadership Awards for all Americas by (ISC)2, nominated one of the top CISOs in America by ISE, and appointed one of the top 100 CISOs in the United States by his peers at CISO Connect.
With more than 20 years of experience, Cassio is a long-time passionate contributor to the security community. He held multiple positions at OWASP, contributed with numerous articles to Forbes Magazine as a member of the company’s technology council, co-authored multiple whitepapers for SAFECode.org, volunteered as a subject matter expert for (ISC)2, contributed to the creation of MITRE/SANS Top 25, designed and lecture a privacy class for LinkedIn Learning, served as a mentor for USC’s Marshall School of Business, and as an advisor for VC firms and startups.
Pontifical Catholic University of Rio Grande do Sul
BS, Computer Science 1992 - 1997
Santa Clara University
Ms Software Engineering
University of Southern California
MBA, Entrepreneurship, technology 2004 - 2007
- (ISC)2 (2008 – Present)
- USC Marshall Alumni Mentor Program (2021 – Present)
- AppSec Cali conference co-founder and one of the organizers (2013 – present)
- ITSP Magazine Expert (2017-2018)
- SAFECode, Technical Contributor (2007-2012)
- MITRE, CWE/SANS Top 25 Contributor (2009-2011)
- OWASP, AppSec Latin America 2011 Event Co-chair
- OWASP AppSec USA 2010 Event Co-chair
- Intel ISEF 2011 Grand Award Judge, Computer Science Category
- Proud member of the Infragard Los Angeles Chapter (2019 – present)
- Bessemer Venture Partners – Operating Advisor (2022 – Present)
- SafeBase – Customer Advisory Board (2022 – Present)
- Glilot Capital Partners – Board of Experts (2021 – Present)
- CISO Connect – C100 Distinguished CISO Board of Judges (2021 – Present)
- Forbes – Official Member of Technology Council (2017 – 2021)
- OWASP Los Angeles, Board of Directors (2009 – 2022)
- OWASP, Global Conference Committee (2010 – 2011)
- OWASP, Los Angeles Chapter Leader (2008-2009, 2021-2022)
- UCLA Extension Department of Engineering, Information Systems Advisory Board (2013-2014)
Practical Privacy For Products And Services
LinkedIn Learning, July 2021, Online
One of the biggest threats to your personal information is a lack of cybersecurity. The same rings true for organizations that need to protect their data. In this online course, you will gain a strong understanding of what you can do as an individual contributor to help keep your organization’s data safe.
Cassio spoke in more than 80 public events, including some of the most respected international security conferences such as RSA, Black Hat, ISSA, CIO Event, ACSAC, (ISC)² Security Congress, FS-ISAC, Better Software, NULLCon, and Global OWASP AppSec in countries such as Brazil, China, India, Poland, Sweden, and the United States.
Dissecting Bitcoin Security
OWASP AppSec Cali 2016 - January 26 2016, Santa Monica, California
Bitcoin introduced a new form of organization and consensus. Activities that previously required central authorities can now be decentralized. This has profound implications for security. In this presentation, Cassio reviews and dissects some of Bitcoin’s core components and their security controls. Cassio analyzes each control and how it could be used in other domains.
Responsibility For The Harm And Risk Of Security Flaws
Black Hat DC 2011 - January 18 2011, Washington DC
Software vulnerabilities are a vexing problem for the state of information assurance and security. Who is responsible for the risk and harm of software security is controversial. Deliberation of the responsibility for harm and risk due to software security flaws requires considering how incentives (and disincentives) and network effects shape the practices of vendors and adopters, and the consequent effects on the state of software security. This presentation looks at these factors in more detail in the context of private markets and public welfare.
Passwords, Password Management, And Two-Factor / Multi-Factor Authentication
Innovate Pasadena Cybersecurity - February 27 2017, Pasadena, California
Cassio Goldschmidt, Art Poghosyan, and Michael Cottingham, join forces during this extremely informative Innovate Pasadena CyberSecurity Meetup. Hosted in the ADP Innovation Center and led by Michael Schell, the experts discuss access control risks, password management, and two-factor/multi-factor authentication. Some of the questions answered include:
– Why should people care that their personal email has been hacked?
- What are some of the credential theft trends you are seeing and how do they impact consumers and businesses?
- What are some best practices around password management?
- What are your thoughts on two-factor and multi-factor authentication?
- Any advice for password logging?
- How does human behavior change the way you apply and monitor controls?
Bug Bounty Programs: Successfully Controlling Complexity and Perpetual Temptation
AppSec USA 2017 - Semptember 2017, Orlando, Florida
Bug bounty programs – compensating a researcher who has found a “bug” in a company’s system – can be effective at mitigating cybersecurity risk, but they must be implemented and managed carefully lest they be abused and backfire. Bug bounty programs debugged will present a holistic view of the process of creating and maintaining a successful program, as well as tips on how to succeed as a bounter and how to stay out of trouble.
Moderated by ITSPmagazine chief editor Sean Martin, this panel will include expert opinions from experienced practitioners, the leader of a well-respected bounty program, “meals” – a top-ranked bug bounter, and a partner and bug bounty expert from Baker & McKenzie.
Honors and Awards
Security Industry Awards
- Winner: CISOs Top 100 CISOs (C100) 2021
- Nominee: T.E.N. Information Security Executive (ISE) North America Project Award 2020
- Winner: T.E.N. Information Security Executive (ISE) West Project Award Winner 2020
- Winner: (ISC)2 Information Security Leadership Awards Americas 2019, Senior Information Security Professional (see the award ceremony video)
- Nominee: T.E.N. Information Security Executive (ISE) Award North America 2019
- Finalist: OWASP Web Application Security Person of the Year (WASPY) Awards 2012
- Finalist: (ISC)² Americas Information Security Leadership Awards 2011 – Information Security Practitioner (see the award ceremony video)
- Special Recognition Award: (ISC)² Americas Information Security Leadership Awards 2011 – Community Service Star
(Click here to see a video of the award ceremony)
- Publicly thanked by Brazil’s Superior Electoral Court (TSE) for finding security weaknesses and providing significant recommendations to improve the security of electronic voting systems used in the country’s presidential election.
- Publicly credited by Cisco Systems for finding CVE-2007-1467, a security vulnerability which affected a total of 124 Cisco offerings. The vulnerability was independently reported by Erwin Paternotte five days apart.