Biography

Cassio Goldschmidt is an award-winning technology executive, advisor, mentor, speaker, and long-time contributor to the security community.  

Cassio’s experience includes both Fortune 500 companies and startups, where he built a comprehensive security practice from the ground up. With an MBA, a Master of Science in Software engineering, and years of hands-on experience in multiple areas of Information Security, Cassio builds security programs that appeal to all facets of the business. His efforts in securing enterprises have been recognized multiple times by multiple organizations. Some of his accolades include a nomination for the web application security person of the year by OWASP, winner of the Information Security Leadership Awards for AllAmericas by (ISC)2, nominated one of the top CISOs in America by ISE, and appointed one of the top 100 CISOs in the United States by his peers at CISO Connect.

With more than 20 years of experience, Cassio is a long-time passionate contributor to the security community. He held multiple positions at OWASP, contributed with numerous articles to Forbes Magazine as a member of the company’s technology council co-authored multiple whitepapers for SAFECode.org, volunteered as a subject matter expert for (ISC)2, contributed to the creation of MITRE/SANS Top 25, designed and lecture a privacy class for LinkedIn Learning, served as a mentor for USC’s Marshall School of Business, and as an advisor for VC firms and startups.

Qualifications

Education

Pontifical Catholic University of Rio Grande do Sul

BS, Computer Science 1992 - 1997

Santa Clara University

Ms Software Engineering

University of Southern California

MBA, Entrepreneurship, technology 2004 - 2007

Certifications

Certified Secure Software Lifecycle Professional

(ISC)², License 328856 October 2008 – Present

Certified Cloud Security Professional

(ISC)², License 328856 August 2014 – Present

Certified Information Privacy Professional

IAPP - International Association of Privacy Professionals April 2015 – Present

Certified Cloud Security Professional

(ISC)², License 328856 August 2014 – Present

Certified Bitcoin Professional

CryptoCurrency Certification Consortium, License 74eeb9 March 2015 – Present

Microsoft Azure Fundamentals

Microsoft, Certification number H320-6570 December 2019 – Present

Accrediations

Trusted Partner Network

MPA and CDSA accredited assessor July 2018 - Present

Affiliations

Voluntary Work

Boards

Patents

US Patent #6772194B1

Inventor: Cassio Goldschmidt

Summary

Single author of Directory Band: a Windows shell extension used to access information in directories. USPTO number 6,772,194 (Cisco Systems)
More Info

US Patent #20060181531A1

Inventor: Cassio Goldschmidt

Summary

Single inventor of a markup language to plot network topologies and generic graphs (TOPOML). USPTO number 7,075,536 and 7,292,246 (Cisco Systems)
More Info

US Patent#: US7949665B1

Inventor: John Millard, Cassio Goldschmidt

Summary

Co-author of a patented method for speeding up disk volumes traversal while examining file content. This patent increased the performance of Norton AntiVirus scans by 18%. USPTO number 7,949,665 (Symantec Corp)
More Info

US Patent#: US8745001B1

Inventor: Cassio Goldschmidt

Summary

Single inventor of Automated remediation of corrupted and tempered files. This patent unites the power of backup products with deployment solutions. USPTO number 8,745,001 (Symantec)
More Info

Online Training

Practical Privacy For Products And Services

LinkedIn Learning, July 2021, Online

One of the biggest threats to your personal information is a lack of cybersecurity. The same rings true for organizations that need to protect their data. In this online course, you will gain a strong understanding of what you can do as an individual contributor to help keep your organization’s data safe.

The course is available on LinkedIn Learning and digital libraries such as the Los Angeles Public Library.

Play Video

Sample Talks

Briefings

Cassio spoke spoke in more than 80 public events, including some of the most respected international security conferences such as RSA, Black Hat, ISSA, CIO Event, ACSAC, (ISC)² Security Congress, FS-ISAC, Better Software, NULLCon, and Global OWASP AppSec in countries such as Brazil, China, India, Poland, Sweden, and the United States.

Dissecting Bitcoin Security

OWASP AppSec Cali 2016 - January 26 2016, Santa Monica, California

Bitcoin introduced a new form of organization and consensus. Activities that previously required central authorities can now be decentralized. This has profound implications for security. In this presentation, Cassio reviews and dissects some of Bitcoin’s core components and their security controls. Cassio analyzes each control and how it could be used in other domains.

Play Video

Responsibility For The Harm And Risk Of Security Flaws

Black Hat DC 2011 - January 18 2011, Washington DC

Software vulnerabilities are a vexing problem for the state of information assurance and security. Who is responsible for the risk and harm of software security is controversial. Deliberation of the responsibility for harm and risk due to software security flaws requires considering how incentives (and disincentives) and network effects shape the practices of vendors and adopters, and the consequent effects on the state of software security. This presentation looks at these factors in more detail in the context of private markets and public welfare.

Play Video

Panels

Passwords, Password Management, And Two-Factor / Multi-Factor Authentication

Innovate Pasadena Cybersecurity - February 27 2017, Pasadena, California

Cassio Goldschmidt, Art Poghosyan, and Michael Cottingham, join forces during this extremely informative Innovate Pasadena CyberSecurity Meetup. Hosted in the ADP Innovation Center and led by Michael Schell, the experts discuss access control risks, password management, and two-factor/multi-factor authentication. Some of the questions answered include:
– Why should people care that their personal email has been hacked?

  • What are some of the credential theft trends you are seeing and how do they impact consumers and businesses?
  • What are some best practices around password management?
  • What are your thoughts on two-factor and multi-factor authentication?
  • Any advice for password logging?
  • How does human behavior change the way you apply and monitor controls?

Bug Bounty Programs: Successfully Controlling Complexity and Perpetual Temptation

AppSec USA 2017 - Semptember 2017, Orlando, Florida

Bug bounty programs – compensating a researcher who has found a “bug” in a company’s system – can be effective at mitigating cybersecurity risk, but they must be implemented and managed carefully lest they be abused and backfire. Bug bounty programs debugged will present a holistic view of the process of creating and maintaining a successful program, as well as tips on how to succeed as a bounter and how to stay out of trouble.

Moderated by ITSPmagazine chief editor Sean Martin, this panel will include expert opinions from experienced practitioners, the leader of a well-respected bounty program, “meals” – a top-ranked bug bounter, and a partner and bug bounty expert from Baker & McKenzie.

Sample Podcasts

Sample Articles

Honors and Awards

Speaking engagements, travel arrangements, and press inquires

Please email details on your proposed event, including event URLs, location, and dates to [email protected].