Ari Elias- Bachrach

Ari the sole propritor of Defensium llc. Ari is an application security expert. Having spent significant time breaking into web and mobile applications of all sorts as a penetration tester, he now works to try and improve application security. As a former developer who has experience with both static and dynamic analysis he can work closely with developers to try and remediate vulnerabilities. He has also developed and taught secure development classes, and can help make security part of the SDLC. He is a regular speaker on the field of application security at conferences.

Experience 10 years information security
6 years penetration testing and security assessments
6 years web application penetration tests and assessments
2 years Lotus Domino security reviews
2 years mobile security assessments
1 year Java development


Independent Consultant, Defensium LLC                                           Oct 2011 - present
  • Assist clients in integrating security into the SDLC
  • Perform web application security assessments
  • Provide secure coding guidance and training for developers
Lead Infosec Engineer, Navy Federal Credit Union          June 2008 - Oct 2011
  • Serve as an in-house subject matter expert for application security
  • Assess the security of web and mobile apps using dynamic and static analysis
  • Develop and lead a vulnerability management program
Senior Consultant, Protiviti                                                        July 2006 - May 2008
  • Served as technical lead for vulnerability assessments and penetration tests
  • Assisted clients with remediation of identified vulnerabilities
  • Mentored younger employees and provided technical training
IT Specialist, NASA Office of the Inspector General        May 2004 - June 2006
  • Assess the security of networks and systems against NIST standards
  • Audit wireless networks at NASA centers around the country

  • CSRF: Not all Defenses are created equal. AppSec USA, November 2013
  • Security Testing for Domino Applications. (In)Secure Magazine, September 2011
  • White and Black box testing of Lotus Domino Applications. AppSec DC, 2010
  • Learning Fast Classifiers for Image Spam. Conference on Email and anti-spam, 2007
Certifications CISSP, CEH, Linux+, GWAPT, GSEC

M.S. in Computer Science           The George Washington University        2004
B.S. in Computer Science             Washington University in St. Louis           2003