16 Women Paving the Way in AppSec

16 Women Paving The Way In Appsec

This International Women’s Day, we want to draw your attention to a special cadre of women AppSec superstars.

Each of the women listed here plays an integral role in the development and progress of application security in their respective organizations. With a wide variety of backgrounds, specialties, and roles, these women are used to pushing boundaries to achieve more.

Check out these 16 inspiring women paving the way in AppSec, and follow them on Twitter to stay on top of their news and events.

16 women in Appsec to follow

Tanya Janca, Founder, Security Trainer & Coach, SheHacksPurple.dev | @shehackspurple

Tanya is a powerhouse in the world of AppSec. Specializing in software and cloud security, she recently launched SheHacksPurple, an educational platform that provides subscription-based blog posts, research papers, checklists, and videos on AppSec, DevSecOps, and cloud security. In addition to running SheHacksPurple, Tanya works part-time as a faculty member for IANS. She is an advocate for diversity and inclusion, co-founding the international women’s organization WoSEC and personally mentoring numerous women in the field of AppSec.

Zoe Braiterman, Research Associate, PurePoint International | @zbraiterman

avatar for Zoe Braiterman

Zoe Braiterman puts her combined expertise in business, technology, data science, and cybersecurity to work as a research associate for PurePoint International and a consultant for GYMedical Device Consulting, LLC. To best describe her approach to work, she calls herself “Innovation Intelligence Strategist (Machine and Human). On top of her current roles, Zoe serves as the New York City Chapter Leader and the Women in AppSec Committee Chair for the OWASP Foundation.

Caroline Wong, Chief Strategy Officer, Cobalt.io | @CarolineWMWong

Caroline is a strategic leader, author, and public speaker on cybersecurity and delivering global programs. Prior to joining Cobalt.io, Caroline held leadership roles with eBay, Zynga, Symantec, and Cigital. She has been featured as an influencer in the Women in IT Security issue of SC Magazine, named as one of the Top 10 Women in Cloud by CloudNOW, and received a Women of Influence Award in the One to Watch category from the Executive Women’s Forum. Caroline wrote the popular textbook Security Metrics, a Beginner’s Guide, and co-hosts the Humans of InfoSec podcast.

Vandana Verma, Security Architect, IBM | @InfosecVandana

Vandana is an information security professional with more than 14 years of experience in AppSec, cloud security, vulnerability assessment, secure code review, threat profiling, and remediation support. In addition to her role at IBM, she works with multiple community organizations, including InfosecGirls, WoSec, and OWASP, where she serves on the global board of directors. Vandana speaks and trains at premier InfoSec conferences around the world, including BlackHat USA, DefCon, AppSec Europe/USA, and more. She is passionate about increasing women’s participation in the field of InfoSec.

Dhivya Chandramouleeswaran, Security Engineer, Lyft | @dhivus

Aa a security engineer for Lyft, Dhivya provides proactive security guidance to key product teams, develops security automation tools, and reviews the security of new technologies. Previously, she served as a security researcher at Adobe and a research assistant at Carnegie Mellon University. Her primary interests include AppSec, secure software development, network security, and IoT security.

Lakshmi Sudheer, Senior Security Partner, Netflix | @Lak5hmi5udheer

Lakshmi serves as senior security partner to Netflix, where she reviews architectures and provides security guidelines to various product teams. Her prior roles include security researcher at Adobe and application security engineer at TriNet. Lakshmi speaks about security topics such as authentication, as well as her open source projects at security conferences, such as BSides LV, RSA, AppSec USA, and AppSec Cali.

Astha Singhal, Application Security Director, Netflix | @astha_singhal

As the leader of Netflix’s application security team, Astha is responsible for securing all of the applications in the company’s cloud infrastructure. She is passionate about AppSec and is an advocate for proactive security, self-service, and stakeholder enablement. Prior to joining Netflix, Astha spent more than five years at Salesforce, where she served as senior manager of product security. She’s an active voice in the security community as a speaker, event organizer, and program reviewer.

Adi Belinkov, VP Cybersecurity, JPMorgan Chase & Co 

With more than seven years of experience in cybersecurity and application security architecture, Adi is the VP of Cybersecurity for JPMorgan Chase. Previously, she held leadership roles with CyberInt, ironSource, EY, and the Israel Ministry of Defense. Adi lends her expertise in AppSec conferences around the world, such as Global AppSec, where she discussed the importance of QA to the security testing process and the SDLC in general.

Divya Dwarakanath, Engineering Manager, Application Security, Snapchat | @Divya_Dw

Divya leads the application security team at Snapchat, which is responsible for building product security platform tools, monitoring/analysis in the SDLC, and red teaming. She leads the development of frameworks and tools to prevent vulnerabilities, assesses the security of products and educates developers. Before joining Snapchat, Divya worked as a security consultant and software engineer for iSEC Partners and Intuit. She also participates in AppSec conferences as a speaker, such as AppSec California and DefendCon.

Tash Norris, Head of Product Security, Moonpig | @TashJNorris

avatar for Tash Norris

Tash launched her tech career with Apple in 2008. Since then, she’s held a variety of information security roles within Capital One, Photobox, and now Moonpig. In her current role, she works on all things CloudSec and AppSec related, with a focus on threat modeling. She is a frequent speaker on blue teaming, threat modeling, and women in AppSec. Tash is on the board of the annual DevSecCon conference and is an active member of the AppSec community. She co-leads OWASP Women in AppSec London and is an OWASP project contributor.

Sasha Rosenbaum, Product Manager, Github | @DivineOps

Sasha has served as product manager for GitHub since January. Previously, she spent over four years at Microsoft, where she held roles as a cloud solution architect, Azure DevOps, and program management. Outside of her current role, she is a co-organizer of the DevOpsDays in Chicago and the DeliveryConf events. Sasha recently published a book called Serverless Computing in Azure With .NET: Build, Test, and Automate Deployment.

Kelly Ann, Product Security Engineer, Slack | @kellyxvx

As a product security engineer for Slack, Kelly Ann works on vulnerability assessments of Slack web applications, mobile clients, internal services, and partner applications, and provides education for developers on security best practices. Before joining Slack she was a penetration tester and security consultant for NCC Group. Prior to that she worked in Intelligence and Investigations for nearly 15 years, working undercover and coordinating covert operations to enforce environmental and animal welfare legislation.

Colleen Coolidge, Chief Information Security Officer, Segment | @coleencoolidge

Colleen has 14 years of experience in security, 11 of which she spent in leadership roles. Prior to joining Segment in 2017, she led the security teams of Twilio and CoreLogic. Colleen’s approach to security is a holistic one, where she focuses on coordinating diverse components, such as application security, security monitoring and response, vendor security, compliance, and more. Colleen shares her idea as a public speaker at conferences and on leadership panels.

Kelley Robinson, Developer Advocate, Account Security, Twilio | @kelleyrobinson

Kelley is part of the account security team at Twilio, where she helps developers manage and secure customer identity in their software applications. She launched her career as a developer in 2013 for Versal, and later held roles with Runscope and Sharethrough. As a public speaker, Kelley focuses on making technical concepts, especially security, more accessible to new audiences.

Sarah Young, Azure Security Architect, Microsoft | @_sarahyo

With a background in network and infrastructure engineering, Sarah lends deep technical knowledge to her work at Microsoft. She specializes in the cloud, Kubernetes, and container security, and speaks about cloud-native security and other IT security topics at industry events around the world, such as BSides Las Vegas, The Diana Initiative, Kiwicon, Pycon AU, DevSecCon, and more. She is an active supporter of the local security community in Melbourne, Australia, and is a co-organizer of the city’s All Sec meetup.

Nicole Becher, Director of Information Security & Risk Management, S&P Global Platts | @thedeadrobots

Nicole has more than 10 years of experience in the cybersecurity space, working primarily in offensive security capacities. Her work centers on penetration testing, leading red teams, forensics, and incident responders. She’s also worked on the cyber/regulatory policy for the New York State Department of Financial Services, where she helped draft the first in-nation regulatory framework for assessing the cybersecurity of large financial institutions and draft the first-in-nation regulatory and licensing framework for bitcoin and virtual currency companies. Additionally, she serves as an adjunct instructor at New York University where she teaches offensive and defensive computer security, network security, web app security, and computer forensics. Nicole provides talks and training at national conferences. 

Build a proactive AppSec program

Recent resources

Mend.io is a Strong Performer in the Forrester Wave™ Software Composition Analysis, Q4 2024

See why Mend.io is recognized as a Strong Performer in The Forrester Wave™ Software Composition Analysis (SCA) Q4 2024 report.

Read more

Mend.io & HeroDevs Partnership: Eliminate Risks in Deprecated Package

Announcing an exclusive partnership between Mend.io and HeroDevs to provide support for deprecated packages.

Read more

All About RAG: What It Is and How to Keep It Secure

Learn about retrieval-augmented generation, one complex AI system that developers are using.

Read more