Ralph Andalis
Security Director, Gridlock Security (GridlockSec)
Actions
Ralph is the Director of Security of Gridlock Security (GridlockSec) - a company he founded that focuses on cybersecurity consulting services. He has 10 years experience in the industry as a Security Consultant/Pentester/Security Researcher for a few companies such as Microsoft, NCC Group, Hewlett-Packard (HP), Forward Security, and Ernst & Young (E&Y).
His expertise is mainly Web, Mobile, and Network Pentesting, Threat Modelling, Security Architecture Review, and Security Design Reviews. When he was a Senior Security Engineer at Microsoft, he dealt with security architecture reviews, security design reviews, threat modelling, security research, code reviews, and pentesting on the dedicated product he is directly working on with 100+ software engineers. The threat modelling practice he had daily done with his software engineers had helped secure the product and promoted a culture of secure coding and engineering of the said software.
He is also a major active contributor and a member of the working group for the OWASP Application Security Verification Standard (ASVS) project, making the standard better for fellow pentesters and developers alike.
He trained attendees at BSides Vancouver 2025, BSides Orlando 2025 and BSides Luxembourg 2026 for the same workshop, "Threat Modelling Starter Training" which had been well received. He has presented his talk entitled, "OWASP ASVS: A Methodical and Practical Approach to Application Security Testing" on OWASP AppSec Pacific Northwest conference (PNW) 2024 in Vancouver, BC Canada. He has also presented a similar presentation aimed for beginners delivered online at HackStop Cybersecurity Summit 2024 held in Ljubljana, Slovenia.
Area of Expertise
Threat Modelling Starter Training
This threat modelling training is geared towards beginner to intermediate audiences with software engineering and security engineer/pentester backgrounds who have never done any sort of threat modelling work but are trying to get into it. Practically, anyone can join this class even if they do not have those backgrounds, but at least some basic idea of how programs work on a code level, basic cybersecurity issues and threats and anybody interested in learning them.
The main goal of this training is to equip participants with understanding the importance of threat modelling in dealing and understanding cyber threats to their applications and networks. The trainer's goal is to prevent more software security bugs from inception by teaching students whether they build more secure software or find underlying security flaws and bugs and minimizing the risks and impact of the engineered software. Participants will be immersed with STRIDE and DREAD methodologies for threat modelling and they will create their own threat models during the training.
At the end of the training, students shall expect themselves to be able to do a quick threat model of any function/method that they wish to implement in their software, realize the threats that they could introduce or deal with, and finally be able to write a full and complete threat model on their own from start to finish including recommendations, threat scenarios and related risk ratings.
BSides Orlando 2025 Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top