Steve Springett

Steve Springett Email and Phone Number

Director, Product Security @ ServiceNow
Chicago, IL, US
Steve Springett's Location
Chicago, Illinois, United States, United States
Steve Springett's Contact Details
About Steve Springett

Steve educates teams on the strategy and specifics of developing secure software.He practices security at every stage of the development lifecycle by leading sessions on threat modeling, secure architecture and design, static/dynamic/component analysis, offensive research, and defensive programming techniques.Steve's passionate about helping organizations identify and reduce risk from the software supply chain. He is an open source advocate and leads the OWASP Dependency-Track project, OWASP Software Component Verification Standard (SCVS), and Chairs the OWASP CycloneDX Core Working Group and Ecma International TC54.Steve serves on the Board of Directors of the OWASP Foundation where he helps drive the continued growth of the foundation and the pursuit of its mission to make secure software a reality through open collaboration, education, and innovation.

Steve Springett's Current Company Details
ServiceNow

Servicenow

View
Director, Product Security
Chicago, IL, US
Website:
servicenow.com
Employees:
32886
Steve Springett Work Experience Details
  • Servicenow
    Director, Product Security
    Servicenow
    Chicago, Il, Us
    View
  • Ecma International
    Chair, Ecma Technical Committee 54
    Ecma International Dec 2023 - Present
    Genève, Genève, Ch
    View
  • Servicenow
    Director, Product Security
    Servicenow Feb 2023 - Present
    Santa Clara, Ca, Us
    View
  • Servicenow
    Senior Manager, Product Security
    Servicenow Dec 2020 - Feb 2023
    Santa Clara, Ca, Us
    View
  • Servicenow
    Senior Security Architect
    Servicenow Aug 2018 - Dec 2020
    Santa Clara, Ca, Us
    View
  • Stackaware
    Advisor
    Stackaware Jun 2023 - Present
    Bartlett, Nh, Us
    View
  • Owasp Cyclonedx Sbom Standard
    Chair, Cyclonedx Core Working Group
    Owasp Cyclonedx Sbom Standard Dec 2020 - Present
    View
  • Owasp® Foundation
    Member At Large, Global Board Of Directors
    Owasp® Foundation Jan 2024 - Present
    Wakefield, Ma, Us
    View
  • Owasp® Foundation
    Project Leader
    Owasp® Foundation Jun 2013 - Present
    Wakefield, Ma, Us
    Leader of multiple OWASP projects including Dependency-Track, CycloneDX, and the Software Component Verification Standard (SCVS)
    View
  • Owasp® Foundation
    Project Committee
    Owasp® Foundation Sep 2020 - Dec 2023
    Wakefield, Ma, Us
    View
  • Mufg
    Vice President, Secure Software Engineering
    Mufg Nov 2017 - Aug 2018
    Chiyoda-Ku, Tokyo, Jp
    View
  • Axway
    Principal Application Security Architect
    Axway Jan 2012 - Nov 2017
    Scottsdale, Az, Us
    As a founding member of Axway's product security team, I've had the unique opportunity to lead and participate in a number of security-related activities that had a positive impact on the global R&D organization and our customers.Helped introduce the Secure SDLC process into Axway by working with stakeholders, customers, and development teams.Architected a global continuous security automation pipeline consisting of static analysis (SAST), dynamic analysis (DAST), component analysis, attack surface analysis, and container analysis.Lead threat modeling exercises along with an initiative to scale threat modeling activity to meet the increasing security demands of the marketplace and the exponential growth of micro-services and the rapidly expanding attack surface they represent.Lead secure architecture reviews, published best practice documents, and worked with teams early in the development lifecycle to ensure secure architectural decisions and best practices were in place.Through data analysis and customer interaction, defined several iterations of compliance controls that provided a roadmap for demonstrating continuous improvement.Worked with every team in the global R&D organization to ensure each team was armed with everything necessary to achieve compliance to the controls. Provided each team continuous training along with strategy and specifics on developing and delivering secure software.Lead transparency efforts to promote competition and excellence between teams and their security champions.Performed whitebox penetration testing engagements of Axway software.Lead offensive research and implemented defensive programming techniques in shared libraries and frameworks consumed by Axway R&D and used as mitigating controls in production applications. Created training, workshops, and documentation on how various attacks take place and proper mitigations needed for defense.Provided mentorship to fellow security team members.
    View
  • Axway
    Research & Development Manager
    Axway Oct 2008 - Dec 2011
    Scottsdale, Az, Us
    Architected several different software solutions and projects including ones used by the FDA, CDC and pharmaceutical industries as well as more general purpose, high transaction applications.Lead the global team with mentoring, code and architectural reviews.Managed quality, security gates, release dates, and Scrum iterations for multiple projects.Focused on high-performance improvements to new and existing software products, either designing for performance in mind, or increasing (sometimes as much as 800%) performance of existing applications. Other improvements were targeted towards various security mitigations.Increased usability of several browser-based applications.
    View
  • New Dimension Media
    Vp, Technology And Engineering
    New Dimension Media Apr 2003 - Sep 2008
    Chicago, Illinois, Us
    Advised content team and implemented solutions for new markets which include download-to-own, streaming, and mobile applications.Architected DRM and DRM-free streaming and download solutions for both the consumer and educational markets.Created new business model for the version 2.0 product. The new model was a hybrid product/subscription in which customers would buy the server appliance and subscribe to the content.Provided leadership to both internal and external software development teams. This included programmers, system and database administrators, interface designers and testers.Analyzed customer and former customer feedback in order to create business requirements and feature sets for new/improved products.Architected and assisted in the development of the version 2.0 product which is a webbased, video on demand platform designed using Java, Struts, Hibernate, MySQL, JBoss, Linux, and utilized AJAX technologies with back-end, internal processes written in Perl.Led and participated in the creation of focus groups which analyzed new product designs and modified those products in order to increase usability.Created video encoding processes and workflows that streamlined digitization and maximized output.Responsible for all project management, timelines, status reporting, repository management, change management and bug/issue management.Consistently analyzed market trends in order to recommend new product designs or revisions and presented possible solutions, benefits, marketing opportunities and costs to senior management.CCC! Video on Demand was recognized as one of the best educational products of 2008 by District Administrator magazine and endorsed by several teaching colleges throughout the country.CCC! Video on Demand was awarded "Best in Tech 2008-2009" by Scholastic Administrator at the National Educational Computing Conference in Washington D.C.
    View
  • Oms National Insurance
    Portal & Media Consultant
    Oms National Insurance Jun 2001 - Nov 2002
    Schaumburg, Illinois, Us
    Performed business systems analysis and proposed solutions that fit requirements.Architected portal and all portal applications.Lead a five person team of internal developers, database and UNIX admins, and interface designers from inception to delivery. Reported project status directly to the CIO.Portal included live and archived streaming video, claims reporting, real-time and moderated chat for guest speakers, complete back-end for insurance agents; all of which was written in mod_perl on Apache on Linux with MySQL, and OpenLDAP.Responsible for the creation of the industry’s first completely automated system where prospects would apply for insurance, receive approvals, and pay for their premiums without input from underwriters.Consistently monitored the portal and its applications for performance and security.Worked with marketing team to create ways to increase awareness through the use of SEO techniques for two customer-facing websites.Provided hosting services and e-commerce solutions for several state associates which were sponsored by OMSNIC.
    View
  • Netlojix Communications, Inc.
    Manager, Web Development
    Netlojix Communications, Inc. Jul 1996 - Jun 2001
    Created and managed the web development team which included programmers, database administrators, and graphic and interface designers.Responsible for all hiring and budgeting decisions.Met with clients to determine business/system requirements and provided sales staff with scope of projects including proposals, deliverables and timelines.Performed most of the project management responsibilities and was immediate liaison for clients.Managed the internal intranet and all other information systems including email, remote access, and Internet connectivity.Created and implemented IT policies that promoted best practices for coding techniques, security and manageability.Architected and implemented numerous websites and a large number of web-based applications for high-profile clients including major airlines, insurance companies, and investment firms.Architected B-to-B and B-to-C commerce solutions for several Fortune 500 companies.
    View

Steve Springett Skills

Web Applications Software Development Mobile Applications Sdlc Mysql Java Linux Enterprise Software Unix Content Management Web Application Security Secure Development Lifecycle Content Delivery Streaming Media Live Video Streaming Fortify Owasp Application Security Secure Design Review Secure Architecture Sdl Threat Modeling Dynamic Analysis Static Analysis Penetration Testing Agile Methodologies Xml Security Scrum Databases Cloud Computing Software Development Life Cycle

Steve Springett Education Details

  • University Of Phoenix
    University Of Phoenix
    Information Technology

Frequently Asked Questions about Steve Springett

What company does Steve Springett work for?

Steve Springett works for Servicenow

What is Steve Springett's role at the current company?

Steve Springett's current role is Director, Product Security.

What is Steve Springett's email address?

Steve Springett's email address is st****@****gett.us

What is Steve Springett's direct phone number?

Steve Springett's direct phone number is +131239*****

What schools did Steve Springett attend?

Steve Springett attended University Of Phoenix.

What are some of Steve Springett's interests?

Steve Springett has interest in Animal Welfare, Education, Science And Technology.

What skills is Steve Springett known for?

Steve Springett has skills like Web Applications, Software Development, Mobile Applications, Sdlc, Mysql, Java, Linux, Enterprise Software, Unix, Content Management, Web Application Security, Secure Development Lifecycle.

Who are Steve Springett's colleagues?

Steve Springett's colleagues are Saverio Vadacchino, Dipti Sharma, Claire Wheeler, Sierra Stone, Razaq Audu, Ashly Suedkamp, Shivam Tandon.

Free Chrome Extension

Find emails, phones & company data instantly

Find verified emails from LinkedIn profiles
Get direct phone numbers & mobile contacts
Access company data & employee information
Works directly on LinkedIn - no copy/paste needed
Get Chrome Extension - Free

Aero Online

Your AI prospecting assistant

Download 750 million emails and 100 million phone numbers

Access emails and phone numbers of over 750 million business users. Instantly download verified profiles using 20+ filters, including location, job title, company, function, and industry.