Stephen is the founder of Continuum Security and focussed on building AppSec tools to support security in the SDLC, including the IriusRisk threat modeling tool and BDD-Security open source security testing framework. His background is in software development and security testing of web and mobile applications. He has worked at Corsaire, KPMG and on the ISS/IBM X-Force team and contributed to the OWASP Java project, ASVS and the testing guides.