Steve Kosten is a security consultant at Cypress Data Defense and an instructor for the SANS DEV541 Secure Coding in Java/JEE: Developing Defensible Applications course. He's previously performed security work in the defense and financial sectors and headed up the security department for a financial services firm. He is currently OWASP Denver chapter leader and has co-led the OWASP AppSec USA conference. He has presented security talks before numerous conferences. He is experienced in secure code review, vulnerability assessment, penetration testing, risk management. He currently maintains GSSP-JAVA, GWAPT, CISSP, and CISM certifications.