Founder and President
As IOActive's Founder and President, Joshua Pennell, enjoys a proven, 14-year entrepreneurial track record of creating and maintaining a multimillion-dollar, customer-focused, independent, global security services organization. Through Pennell's leadership, IOActive has emerged as one of the world's longest standing, highly technical boutique security consultancies with a history based on cutting-edge research and meritocratic governance.
Pennell serves on the advisory boards of Source, Vantos, and SiteScout. Pennell is also the Chairman of IOActive's advisory board, which includes computer industry venerables such as Steve Wozniak, Jim Reavis, and Jason Larsen. In years past, Pennell played an integral role in helping his team win Defcon's Capture the Flag competition for three consecutive years. He also spent several years technically revolutionizing the competition before handing the game over to Kenshoto.
Pennell enjoys riding his bicycle in London while thinking of innovative ways to reduce IOActive customers' security risks through pragmatic application of security best practices. If you enjoy what you do for a living, you'll never work another day in your life.
Visit Mr. Pennell's LinkedIn profile.
Chief Executive Officer
As its CEO, Jennifer Steffens is responsible for all aspects of IOActive's global business operations including sales, delivery, and finance as well as driving the company's strategic vision. Steffens brings a wealth of industry and business experience to the company, having been an early member of several successful startups.
Earlier in her career, Steffens was a Director at Sourcefire, where she helped build and grow the business from $250K to an over $35M run rate in just four years. Working closely with the CTO, Steffens helped commercialize the open source Snort technology and build several service offerings around the research initiatives. Prior to joining IOActive, she came to Seattle to help the struggling startup GraniteEdge reinvent itself. She spearheaded initiatives to restructure the company and developed a product strategy to drive early market penetration that ultimately secured two additional rounds of funding.
With over 10 years of industry experience, Steffens has also held senior management positions at Ubizen, NFR Security, and StillSecure. She graduated from Mary Washington University with a Bachelor of Science in Psychology.
Visit Ms. Steffens' LinkedIn profile.
Chief Technology Officer
As IOActive's Chief Technology Officer Gunter Ollmann will play a key role in shaping IOActive's services strategy as the company embarks on its next phase of growth and leadership in innovative service offerings in semiconductor security, embedded software risks, and device threats.
Prior to joining IOActive, Ollmann served as the Vice President of Research at Damballa, where he focused on inventing new crimeware mitigation technologies and the identification of criminal operators behind botnets and other advanced persistent threats. Before joining Damballa, Ollmann held several strategic positions at IBM Internet Security Systems (IBM ISS), most recently as chief security strategist. In this role, he was responsible for predicting the evolution of future threats and helping guide IBM's overall security research and protection strategy, as well as serving as the key IBM spokesperson on evolving threats and mitigation techniques. He also held the role of director of X-Force and was former head of X-Force security assessment services for EMEA while at ISS (which was acquired by IBM in 2006).
Ollmann has been a contributor to multiple leading international IT and security focused magazines and journals. He has authored, developed, and delivered a number of highly technical courses on web application security. He is a well-known industry speaker worldwide and is often invited to present at various international security conferences. Ollmann is also highly regarded in the press as an expert source on security threats and is frequently quoted by the international media.
Visit Mr. Ollmann's LinkedIn profile.
CTO IOActive Labs
Cesar Cerrudo is CTO at IOActive Labs, where he leads the team in producing ongoing cutting-edge research in the areas of SCADA, mobile device, application security, and more. Formerly the founder and CEO of Argeniss Consulting - which was acquired by IOActive - Cesar is a world-renowned security researcher and specialist in application security.
Throughout his career, Cesar is credited with discovering and helping to eliminate dozens of vulnerabilities in leading applications including Microsoft SQL Server, Oracle database server, IBM DB2, Microsoft BizTalk Server, Microsoft Commerce Server, Microsoft Windows, and Yahoo! Messenger. Cesar also has authored several white papers on database and application security, and attacks and exploitation techniques. He has been invited to present at a variety of companies and conferences including Microsoft, Black Hat, Bellua, CanSecWest, EuSecWest, WebSec, HITB, Microsoft BlueHat, EkoParty, FRHACK, H2HC, and Defcon. Cesar collaborates with and is regularly quoted in print and online publications including eWeek, ComputerWorld, and other leading journals.
Visit Mr. Cerrudo's LinkedIn profile.
Vice President of Services
As Vice President of Services, James is responsible and accountable for ensuring high levels of customer satisfaction and quality delivery for consulting engagements.
James Crimens is a seasoned security and services professional, bringing over 15 years of experience in influencing strategic direction, business planning, and execution to IOActive. Prior to joining IOActive, James served as a principal at JG Crimens & Associates and Director of Security & Privacy Services for Deloitte & Touche, where he was instrumental in building the global Oracle security practice and the Deloitte India Security & Privacy Services practice.
Prior to his tenure at Deloitte, James served with the Information Risk Management practice at KPMG and the Information Technology Management team at Washington Group International.
James is a subject matter expert in areas such as Information Security, Risk Management, IT Governance, Identity and Access Management, and Corporate IT Strategy. His past engagements have spanned IT strategy, business optimization, risk management, cloud computing, identity management, operations, and enterprise security clients globally.
Visit Mr. Crimens' LinkedIn profile.