John Poulin is an experienced Application Security Practitioner with over 10 years of experience in software development and security. Over his tenure, John has worked with many Fortune 500 companies and startups alike to perform secure code review, architecture, and design discussions, as well as threat modeling. Currently, as a Staff manager of Product Security Engineering at GitHub, John and his team focus on performing secure code review of features and services, performing threat modeling, and overall helping to ensure that our software ecosystem is moving towards security maturity. John has given talks or training at many industry conferences, such as DEF CON, LASCON, DevSecCon, CactusCon, Source, as well as various Ruby and OWASP events about practical Application Security.