Ex-Goldman-Sachs, ex-Aon AppSec and DevSecOps practitioner with 20+ years of experience in the field. I've done penetration testing, embedded devices design, EU electronic signature consulting and large scale application security management. Active member of OWASP, contributor to many OWASP Cheat Sheets, OWASP ASVS and OWASP Top10. Author of WebCookies.org. Writing at two blogs: IPSec.pl (English/Polish) and Echelon.pl (Polish only). Currently operating his own infosec consultancy, working for fintech, software development and public sector clients. Available for hire.