Professional Documents
Culture Documents
Application security is hard. It’s hard to find security experts for your team, and once you get them it’s hard to keep them.
There are so many commercial and open source tools available, how do you choose which one(s) to use? When you do decide,
how do you configure them, schedule them, and run them? When they run they produce hundreds, even thousands of results
with SO MANY false positives. How are you supposed to find the true vulnerabilities within that noise and get them quickly in
front of your development team? How do you fix those vulnerabilities? Why do you always have to go to an external tool
outside of your team's normal workflow? Do these problems sound familiar?
Welcome to EASY (Embedded Application Security y-word). Yes, that’s “y-word”. We like to have fun too! We not only have the
experts, we ARE the experts in application security. Our entire team has development experience; we know software and
applications. And we really like security. We routinely train people and teams around the world in application security, and can
bring our expertise to YOUR team.
With EASy, we are virtually embedded into your team. We augment your development and security teams by:
To put it simply, we put actionable results, quickly, directly in front of your devs using your normal Secure SDLC process.
Have our experts be your appsec experts on your team. Let us scan your applications on a regular basis,
either scheduled or as part of your CI/CD or DevOps build. Give your developers the power to fix
security vulnerabilities when they are committed, not weeks or months later during a
penetration test, when it’s too late to take action. Easily manage vulnerabilities in your
applications with custom tags and filtering in your issue tracking system. As issues are
resolved and are removed from the scans, they get automatically dispositioned in
your issue tracking system.
Cypress Data Defense is headquartered in Denver, Colorado. Our consultants work remotely, and are available for onsite travel
for our national and international customers. We have a team of security consultants that live across the United States and
come from various industries to provide a wide range of cyber security expertise that can be targeted/dedicated to client
projects. We make sure to match the right resource based upon industry and expertise to client projects to ensure client
deadlines and business objectives are fully recognized. Our founding partners, Steve Kosten, and Aaron Cure each bring their
own background and expertise to the firm.
steve aaron
kosten cure
He currently maintains GSSP-JAVA, GWAPT, CISSP, Aaron holds the GIAC GPEN, GSSP-.NET,
and CISM certifications. GWAPT, GMOB, and CISSP certifications and
is located in Arvada, CO.
CYPRESS DATA DEFENSE
our background
Our mission at Cypress Data Defense is to help our clients build secure applications by providing training, introducing
best practices, and evaluating security during every stage of the Secure Application Development Lifecycle. We offer a
complete range of services related to this goal. We offer training in all aspects of cybersecurity including secure
software development, industry best practices, and risk identification and management.
One of our primary functions is to help organizations assess and mitigate risk with existing software. Whether we are
involved before a project begins or any point in the lifecycle, we work with our clients to identify risks and develop
secure environments and processes to mitigate these risks.
Our security engineers average more than 15 years of development and security experience in various industries
including e-commerce, government, banking, telecom, and engineering. They are seasoned professionals who under-
stand the requirements of business and are able to recommend solutions that are both sound business and secure
practices.
We are frequently invited to speak at events such as AppSec USA, Java ONE, OWASP, SANS, and other conferences.
Our engineers also routinely present to development and testing groups in their local communities. Many of us are also
SANS instructors, and present at various conferences and private training sessions throughout the world.
Industries
we serve
certifications
we have
▼ Certified Information Systems Security Processional ▼GIAC Web Application Penetration Tester
▼ GIAC Secure Software Programmer .NET ▼GIAC Secure Software Programmer Java
▼Certified Information Security Management ▼GIAC Mobile Device Security Analyst
▼GIAC Penetration Tester ▼Offensive Security Certified Professional