Percy Rotteveel
Redwood City, CA ·
percy@rotteveel.ca
Scan contact card
Senior Application Security Consultant
“The only way to do great work, is to love what you do.” — Steve Jobs
My roots and passion lie within the Application Security (AppSec) Industry, and in this phase of my career, I have decided to return to what I do best and enjoy the most.
Hire an internationally accomplished, hands-on Senior AppSec Consultant and receive 25+ years of overall Cyber Security experience.
Certifications
Socialization
Skills
Application Security
- Security Policy
- Security Requirements
- Vulnerability Management
- Compliance Validation
- Architecture Review
- Integration
- Education
- Threat Modeling
- Manual Code Review
Application Security Testing
- SAST
- SCA
- DAST
- IAST
- RASP
Platform Development & Administration
- Atlassian
- Jenkins
- Bamboo
- Bitbucket
- GitHub
- GitLab
- MediaWiki
Containers & Cloud
Languages, Operating Systems & Tools
- c
- c++
- Java
- PHP
- Python
- git
- subversion
- linux
- bash
- javascript
- typescript
- c#
Data Management
- Microsoft SQL Server
- Oracle
- MySQL
Architecture
- IP Networking
- DNS
- Firewalls
- SaaS/PaaS/IaaS
International Medical Device Supplier
HIPAA being the business driver, Application Security (AppSec) had to be build into the existing DevOps of an acquired company.
International Software Company
The existing Application Security (AppSec) Program was too disjointed, which resulted in an unclear picture of the security posture of the application portfolio. Plus, the program was too expensive.
Dallas Bishoff
MANUS 360 leveraged Percy's highly competent knowledge, skills, and ability to benefit a healthcare client. The organization needed assistance in accounting for information security requirements. Percy was instrumental in assessing the state of the organization but also contributed to a strategy to implement an application security program. We look forward to working with Percy on other engagements in the future.
Habibeh Deyhim
Strong work ethic, highly skilled, dedicated, deep technical expertise, team work is something that comes to my mind when I think about Percy! He is extremely supportive of the team, makes sure everyone is equipped to get the job done. He leads by example making sure the projects are delivered on time and to the best quality. He is an all round great guy to work with. I highly recommend Percy to anyone who has a potential opportunity to work with!
Include Security, LLC
Percy has helped us tremendously this past year. He implement a range of processes and procedures around our workflows including Tech PM project dashboard, Consultant interest & skills tracking application, he also improved individual performance, cohesion and collaboration within our Tech PM team. I'd like to thank Percy for the strategic leadership he brought to the company, his high level of integrity and his good sense of empathy. I consider him a good friend and wish him all the best in his future endeavors.
Wait! There's more..
See all Testimonials
Experience
Senior Application Security Consultant
Rotteveel Consultancy LLC
- Develop, implement, and administer application security (AppSec) programs and infrastructures.
- Recruit and mentor AppSec engineers with effective coaching and training techniques .
- Liaise with a cross-functional organization to integrate security into the product lifecycle from design through deployment.
- Identify application security requirements, conduct application security assessments, and present developers with remediation guidance and advice.
- Carry out code analysis and utilize both static and dynamic application security testing (SAST/DAST/SCA/IAST/RASP) solutions while conducting manual vulnerability analysis.
- Facilitate, prioritize, and validate the urgency of mitigation of product vulnerabilities and security feature enhancement requests by operating closely with product development/marketing teams.
- Transcribe policies, procedures, and protocols to incorporate AppSec into the software development life cycle (SDLC, DevOps, Agile, Waterfall, etc.).
November 2022 - Present
Global Director AppSec Solutions
Micro Focus
- Set forth global AppSec sales strategies and shared impactful knowledge and experience.
- Assisted customers in establishing, implementing, and maturing their AppSec Program while executing with Fortify sales and pre-sales specialists across the world in key Fortify accounts.
- Designed a scalable framework that assists cross-organizational teams to drive value for all the Fortify customers through optimal use of Fortify in the AppSec Program.
June 2021 - November 2022
VP Security Consulting
Include Security LLC
- Played a significant part in identifying and applying some of the best security assessment talent to benefit clients worldwide.
- Enabled the company to grow and scale successfully and implemented a variety of operational improvements through robust strategy and planning.
- Implemented and optimized processes and procedures to identify, track and improve AppSec talent, including dashboards.
- Optimized performance, cohesion, and collaboration within the IncludeSec teams to the highest level to ensure and enhance staff execution, delivering excellence to business clients.
February 2020 - February 2021
Global Head CS for RASP
Imperva (Prevoty)
- Headed a firm that provides Real-time Application Security Protection through an attack detection technique known as LANGSEC, ensuring alignment of detection to the evolving threat landscape.
- Designed effective strategies to ensure product capabilities aligned with -and created- customer success framework to drive key decision-making, resource planning, and improve customer results.
- Built a scalable customer success organization that delivered real results, to include demonstrative ROI through successful deployment, adoption, integration, and utilization of Imperva RASP solutions.
- Identified requirements and strategy to ensure that customer feedback was effectively translated into product features to address the threat landscape, as well as business, customer, and associated needs.
September 2017 - January 2020
VP Global Security Services and Support
Synopsys (Software Integrity Group)
- Spearheaded the development and structuring of an effective and efficient Global Security Services and Support (GSS) organization comprising Technical Support, Customer Success, Professional Services, Customer Education, Sales Engineering, and Solution Architects.
- Created the strategy to establish a security product portfolio, including installation, adoption, and expansion of the portfolio management.
- Optimized and streamlined customer feedback processes, and improved alignment and collaboration with R&D and marketing which resulted a $15M revenue increase.
- Improved quality, effectiveness, and efficiency of customer support and ensured positive customer experiences consistently.
- Enhanced cross-functional collaboration within GSS that resulted in increasing year-over-year growth for professional services and customer satisfaction for technical support by 100% and intensifying product renewal rate from 70% to 85% for customer success.
- Slashed attrition rate from 25% to 10% and augmented average consultant utilization rate from 65% to 85%.
September 2015 - August 2017
Chief Security Services Strategist
HP Enterprise Security Products (Fortify)
- Designing and leading the implementation of enterprise-wide Software Security Programs, increasing software security posture.
- Building and driving Software Security Programs to introduce or increase security automation in the SDLC.
- Designing and building the Software Security Center of Excellence to provide coaching and training for the software development organization.
- Assisting customers to prioritize software security efforts, based on the information from their Customer Relation Management and their Customer Support systems.
- Collaborating with Sales on account strategies.
- Engaging with the broader technical community to define and develop best practices and incorporating them into the Services delivery methodology. Leading the testing, evaluation, and deployment of new products and releases. Collaborating with the Product Management and Engineering teams to optimize the product roadmap.
July 2013 - August 2015
Director Software Security Solutions
HP Enterprise Security Products (Fortify)
- Enabling HP Fortify Professional Services to deliver Fortify software security solutions.
- Packaging of software security solutions to extend the portfolio for the Fortify Sales Force and to increase the delivery capabilities of Professional Services. Cross-organization collaboration enabling professional services to effectively and efficiently alleviate any product-related challenges the internal organization and customers may face.
- Responsible for the development of senior consultants.
- Providing oversight and management of issues and initiatives to ensure consistently positive customer experiences.
November 2012 - June 2013
Practice Principal
HP Enterprise Security Products (Fortify)
June 2012 - Oktober 2012
Managing Consultant
HP Enterprise Security Products (Fortify)
Oktober 2010 - May 2012
Senior Software Security Consultant
HP Enterprise Security Products (Fortify)
Oktober 2008 - Oktober 2010
Technical Architect
Macro Vision - UK
February 2007 - August 2008
Senior Solution Architect
Online Business Systems - Canada
Oktober 2005 - January 2007
Founder and CEO
Rotteveel and Partners Inc. - Canada
June 2003 - September 2005
Senior Solution Architect
ENTRUST - Canada
January 2001 - April 2003
Systems Analyst
ORIGIN B.V. - Netherlands
August 1997 - January 2000
Software Engineer
NEDAP N.V. - Netherlands
June 1994 - August 1997
Software Engineer
RÜTTCHEN B.V. - Netherlands
June 1990 - June 1994
Education
InHolland - University of Applied Sciences
Bachelor of Science
Dual Major:
- Computer Science
- Electrical Engineering
1984 - 1988
Shifting Left with a Twist: Leveraging AI to Create Security Unit Tests
In the ever-evolving landscape of Application Security (AppSec), the term “shift left” has become somewhat of a mantra. This concept implies that the onus of writing secure code is progressively shifting towards software engineers. Consequently, a myriad of AppSec tools are being integrated into the engineers’ build processes, subtly altering the way they construct their code.
But what if we could take a slightly divergent approach to this “shift left” movement?
October 8, 2023
The price of SAST as an afterthought
Your number one priority in building a new application? Getting it into the hands of potential customers as fast as possible. Understood, but what are the risks of this practice? Your Application Security (AppSec) is an afterthought, and the risk exposure of your company is unknown. Now, I am not here to judge this approach, but rather applaud you to want to address the issue. This article provides you with a method to determine how much time (=$$) is needed to address potential vulnerabilities in your application.
January 16, 2023
Where did I write that down?
Albert Einstein once said, “Order is for the stupid, only the genius rules the chaos”. But, if you are like me, jumping from one meeting to the next, you might lose track of where you have written down what.
As a result, you have to search through piles of documents to look for that particular piece of information. Anything really, but I think of email address, phone number, DOB, etc. Regardless of what you’re looking for, the search eats up lots of your valuable time.
December 18, 2022
Building an AppSec Program can be a challenge. Where do you start, and what should it entail?
In my previous article, I discussed an AppSec Program and why you should have one. In this article, I will focus on the minimum number of components an AppSec Program should consist of and an easy method to measure its maturity level.
During my 14+ years working in the AppSec industry, I have helped numerous fortune 500 companies build and mature their AppSec Programs. When looking at all these programs, there are 20 common components they all share.
September 2, 2022
Wait! There's more..
See all Blogs