IOACTIVE - Key Persons

Alex Cartagena

Job Titles:
  • Member of the Executive Management Team
  • Senior Vice President, Global Sales
  • SVP of Global Sales
As SVP of Global Sales, Alex is responsible for the company's revenue growth and retention strategies. Cartagena's experience of growing sales revenue, creating growth strategies and promoting internal mobility, spans twenty years. Prior to joining IOActive, Alex successfully developed and helmed numerous sales organizations, most recently as Vice President of Sales for Key Accounts at NCC Group, where he led all field sales and strategic accounts. Prior to his role with NCC, he served as Vice President of Corporate Sales at WhiteHat Security - having created a new global SDR function and leading the team to exceed all sales targets; and as Head of Customer Success for North America and EMEA at CDNetworks, Cartagena developed his international business acumen in leading sales groups to to achieve global success.

Cesar Cerrudo

Formerly the CTO for IOActive Labs, and the founder and CEO of Argeniss Consulting, acquired by IOActive, Cesar is a world-renowned security researcher and specialist in application security. Cesar is credited with discovering and helping to eliminate dozens of vulnerabilities in leading applications, including Microsoft SQL Server, Oracle database server, IBM DB2, Microsoft Windows, Yahoo! Messenger, and Twitter. He has a record of finding more than 50 vulnerabilities in Microsoft products and more than 20 in Microsoft Windows Operating Systems. Cesar has authored several white papers on database and application security as well as attacks and exploitation techniques based on his unique research. More recently he's conducted research on the Internet of Things (IoT) and traffic control systems. He has been invited to present at a variety of companies and conferences, including Black Hat, Bellua, CanSecWest, EuSecWest, WebSec, HITB, Microsoft BlueHat, EkoParty, FRHACK, H2HC, Infiltrate, 8.8, Hackito Ergo Sum, NcN, and Defcon. Cesar collaborates with and is regularly quoted in print and online publications.

David Croom - CFO

Job Titles:
  • Advisor
  • Chief Financial Officer
  • Member of the Executive Management Team
As the Chief Financial Officer, Advisor, for IOActive, David is responsible for providing guidance and leadership in navigating the myriad of regulatory, business operational and financial concerns for the company. Leveraging his 30+ years of experience as an executive management leader and entrepreneur - with both large and small companies across numerous sectors - he brings his unique perspective to forge strategic relationships with senior investment advisors/bankers, retail investors, and large family offices. David actively manages and advises on long standing investments and ownership interests in retail, restaurants/hospitality, and business services. Prior to his current business operations and advisory roles, David has held senior finance positions at supercomputer maker Cray Inc., Drugstore.com Inc., and four years at Microsoft Corp serving various roles within the US Sales, MSN, and Corporate Accounting groups. Earlier on his career, David has held roles for a decade within the Comptrollers, Internal Audit and US Refinery Operations groups at the Chevron Corporation. He holds an accounting degree from Washington State University and is a Certified Internal Auditor.

Gunter Ollman - CTO

Job Titles:
  • CTO

Gunter Ollmann - CTO

Job Titles:
  • Chief Technology Officer
  • Member of the Executive Management Team
As CTO for IOActive, Gunter Ollman is focused on incubating and launching IOActive's next-generation of strategic security services and technology. Gunter has spent his career building and leading global consulting and product solutions teams spanning the cybersecurity domain and providing expert security council to Fortune 100 companies. Prior to IOActive he led product innovation and strategy for Devo as their CTO, and previously served as CSO for Microsoft Cloud and AI Security division - incubating and driving multiple commercial products and services whilst protecting the world's largest cloud applications and infrastructure. He has been at the forefront of applying machine-learning (ML) and AI technology to cybersecurity services for over a decade, holds multiple cyberthreat detection and mitigation patents, and has overseen and guided the invention and patent process of hundreds of core technology patents. Gunter is a widely respected authority on security issues and technologies and has researched, written and published hundreds of technical papers and bylined articles.

Heather Overcash

Job Titles:
  • Member of the Executive Management Team
  • Vice President, Global Marketing
  • Vice President of Global Marketing
As Vice President of Global Marketing for IOActive, Heather Overcash is responsible for spearheading strategic marketing initiatives. With her dynamic and results-driven leadership style, Heather has demonstrable success driving revenue growth and expanding market share. Her expertise encompasses developing and executing comprehensive marketing strategies, overseeing multi-channel campaigns, and excelling in brand management, customer acquisition, and retention strategies. In her previous role at NCC Group, Heather orchestrated and executed highly effective marketing strategies across North America and globally, leading to substantial increases in press mentions in prestigious publications. Her approach integrates various innovative marketing tools and techniques, contributing significantly to revenue and pipeline growth. Under her leadership, the marketing team surpassed annual targets, delivering exceptional results. Heather has been responsible for establishing proficient marketing teams, integrating multiple entities into a brand, and significantly increasing lead generation. Her earlier experiences at companies like OPTIV, Synopsis, Inc., Trustwave, Forcepoint, and IBM have contributed to her comprehensive understanding and mastery of marketing, specifically in the cybersecurity field.

Ian Cook

Ian is an internationally respected IT security leader, security researcher, and intelligence analyst. For 30 years, he's pioneered the application of government intelligence procedures to predict corporate security risks and help security managers to better target security resources and make effective strategic decisions. He's held senior technical and management positions at Saudi American Bank, Citigroup, Merrill Lynch, Barclays, and Team Cymru, and received the Cymraeg "Team Cymru Emeritus" title in recognition for his distinguished career. He has helped many start-ups come to market, including Cogenta. A long-standing FIRST member, he served on FIRST's Steering Committee, drove its Best Practice Guide initiative, and was Program Chair for the FIRST 2007 Conference. For 15 years, Ian managed an elite, invite-only Security Mailing list of security industry decision makers. Currently he provides a Virtual Chief Information Security Officer (vCISO) Service for SMEs who cannot hire a full-time CISO; mentors large organization CISOs and provides advice, direction, marketing, funding introductions, and PR to security technology start-ups.

Jennifer Sunshine Steffens - CEO

Job Titles:
  • Chief Executive Officer
  • Member of the Executive Management Team
  • Member of the Executive Women 's Forum
As its CEO, Jennifer Steffens spearheads all aspects of IOActive's global business operations and drives the company's strategic vision. Jennifer brings a wealth of industry and business experience to the company, having been an early member of several successful startups. Recognized as one of the top leaders in information security, Jennifer is an active member of the Executive Women's Forum, the Information Security Systems Association and the Open Web Application Security Project. Lauded by Forbes, The Wall Street Journal, Information Security Magazine, and many more, she received SC Magazine's Reboot Leadership Award for Top Management in 2017 and CV Magazine's IT Security CEO of the Year 2018. She serves as a judge for the TechTrailblazers and DUO Women in Security awards and is a frequent speaker at events around the world. Earlier in her career, she held leadership positions at ground breaking companies such as Sourcefire and NFR Security. Prior to joining IOActive, Jennifer came to Seattle to help startup GraniteEdge reinvent itself. While there, she led initiatives to restructure the company and developed a product strategy that ultimately led to a successful acquisition.

Jim Reavis

Jim has worked in the information security industry as an entrepreneur, writer, speaker, technologist, and business strategist. His innovative ideas about emerging security trends are widely published and presented. In 1998, he founded SecurityPortal, the largest information security website. As Cloud Security Alliance's cofounder and CEO, he is shaping the future of information security and technology industries. SearchCloudComputing.com named him a "Top 10" computing leader. As President of Reavis Consulting Group, he advises security companies, governments, and large enterprises on new trends in Cloud, Mobility, and the Internet of Things. He served as advisor on the launch of industry ventures that have achieved successful M&A exits or IPO status, is widely quoted in the press, and worked with many corporations on their information security strategy and technology roadmap. He received a B.A. in Business Administration and Computer Science from Washington University, where he serves on the alumni board.

John Sheehy

Job Titles:
  • Senior Vice President, Research & Strategy
As SVP of Research and Strategy for IOActive, John works with clients in the Embedded Systems practice focusing on securing vehicles, industrial control systems, medical devices, semiconductors, and smart cities. In addition, John leads IOActive's Advisory Services practice, which helps clients take a strategic, programmatic approach to securing their assets, environments, and customers. John has overseen multiple projects delivering identity management, threat modeling, industrial control systems security, risk assessment, security policy, secure device design, and incident & breach simulation and response services. His experience includes over 20 years of system architecture, systems integration, and information security experience working in Enterprise Architecture, Identity & Access Management, Vulnerability & Threat Management, Operations Technology, Security Strategy, Systems Architecture, and Hardware/Application Security domains.

Joshua Pennell - Chairman, Founder

Job Titles:
  • Chairman of the Board
  • Founder
As IOActive's Founder and Chairman of the Board, Joshua Pennell has a proven, 19-year track record of creating and growing a multimillion-dollar, independent security services organization. Under Josh's leadership, IOActive has emerged as one of the world's leading technical security consultancies based on cutting-edge research and meritocratic governance.

Ken McGraw - Chief Legal Officer, SVP

Job Titles:
  • General Counsel
  • Member of the Executive Management Team
  • Senior Vice President
  • Member of the Washington State Bar Association
As IOActive's Senior Vice President and General Counsel, Ken McGraw is responsible for corporate and legal affairs, human resources and talent management. A seasoned executive with over 25 years of expertise, Ken is the driving force behind IOActive's global corporate infrastructure in support of the company's sustained growth. Prior to IOActive, Ken was Senior Vice President and Chief Legal Officer at Parallels, Inc.; Executive Vice President, Chief Compliance Officer and General Counsel at Zango, Inc.; Vice President and General Counsel at Vallent Corporation; and General Counsel at Visio Corporation, as well as the Managing Director of the Entrepreneurial Law Clinic at the University of Washington School of Law. Ken graduated from Brown University with BS in engineering and a BA in political science. He earned his MBA from the Johnson Graduate School of Management at Cornell University and his JD from Cornell Law School. Ken is an active member of the Washington State Bar Association, the American Bar Association, the Association of Corporate Counsel, the Society for Corporate Governance, the International Association of Privacy Professionals (certified privacy professional) and the Society for Human Resource Management. Ken is also a speaker at seminars and conferences on such topics as consumer protection, corporate finance, corporate governance, intellectual property licensing and protection strategies, cloud services infrastructure and enablement, privacy, and mergers and acquisitions.

Matt Rahman - COO

Job Titles:
  • Chief Operating Officer
  • Member of the Executive Management Team
As COO for IOActive, Matt Rahman is responsible for co-developing the company strategy and managing the execution of all global business operations. A seasoned executive with over three decades of experience providing IT and cybersecurity solutions to enterprise and industrial clients, Matt returns to IOActive, to provide clear go-to-market leadership for IOActive. Prior to returning to IOActive, Matt served as SVP, and General Manager of Commercial Services at Tangible Security, where he was responsible for the division's earnings, strategy, channel, and operations. During his first engagement with IOActive, he served as chief strategy officer and EVP, rolling out Internet of Things, medical device, automobile, and other industry-driven solutions and services; increasing revenue, profitability and operational efficiencies. He has also spent time building and managing strategic alliances, and leading business development, while at Damballa, Solutionary, and IBM's Internet Security Systems (ISS). He serves as an advisory board member at IKANOW, in addition to his board positions at Indegy, Ellipsis, Aunigma, Mach37, CyberLaunch, InfraGard and Evolution Academy. He is an adjunct professor of information security and a contributing member of CSA, ISSA, and HTCA. Rahman holds an MBA with a focus on Global Management from the New York Institute of Technology.

Randolph Barr

As Chief Information Security Officer (CISO) of Aryaka Networks, Randy leads the security, risk management, and business continuity efforts for the Aryaka's purpose built WAN as-a-service. Before this, he was Chief Security Officer for Qualys and Yodlee's Information Security Officer. He led Yodlee's attainment of the SysTrust Seal, SAS-70 Type II, incorporating the ISO-17799 Control Objectives and DIACAP/FISMA reviews. This led to the interim authority to operate on the NIPRNET network for the Department of Defense and Independent Security Report. Randy also served as CSO for WebEx Communications, where he built a security department and the company's global security infrastructure. Randy is a frequent speaker at security conferences, including CSO Perspectives, RSA, BITS Security Forum, The Security Standard, and SaaS/Gov. He is often quoted in the media and was featured on SC Magazine's front cover.

Robert Maughan

Job Titles:
  • Member of the Executive Management Team
  • Senior Vice President, Services
As SVP of Services for IOActive, Robert is responsible for IOActive's global services delivery platform, including customer satisfaction and quality assurance. Robert has over 20 years of experience in information security, IT operations, network infrastructure, project management, and client account management. He has effectively collaborated with technical, business, and leadership teams, while managing global teams across eight countries in multi-sourced operating environments. He also has led enterprise-wide programs that involved security, compliance, outsourcing, and off shoring initiatives. He has held functional responsibilities across multiple domains of information security, including policy creation and compliance, security architecture, asset classification, awareness training, vulnerability management, PCI-DSS, HIPAA and security administration controls. In addition to a CISSP accreditation, Robert has been trained and/or certified in various disciplines including COBIT, Security+ and Six Sigma Yellow Belt.

Steve Wozniak

A Silicon Valley icon and philanthropist, Steve founded Apple Computer with Steve Jobs in 1976. He helped shape the computer industry with the launch of the Apple I Personal Computer (PC). The Apple II offered a central processing unit, keyboard, color graphics, and floppy disk drive. For his Apple achievements, Steve received the National Medal of Technology from President Ronald Reagan in 1985. After leaving Apple in 1985, Steve founded various business and philanthropic ventures. He adopted the Los Gatos School District, providing students and teachers with computers and training. In 2000, he was inducted into the Inventors Hall of Fame. Steve was awarded the Heinz Award for Technology, the Economy, and Employment for designing the PC and working with grade school students and teachers. He also founded the Electronic Frontier Foundation and helped found the Tech Museum, Silicon Valley Ballet, and Children's Discovery Museum of San Jose.