Chris Eng
Senior Director, Security Research

Chris Eng, senior director of security research, leads Veracode’s application security research lab. Drawing on nearly a decade of professional experience in information security, he works closely with the CTO to ensure Veracode’s technology and strategy are industry relevant and aligned. He monitors attack trends, analysis techniques, and other advances in application security to keep Veracode’s efforts focused on timely and emerging threats. Additionally, he provides guidance to engineering and service delivery to maximize the accuracy and consistency of Veracode’s security analysis service.

Prior to joining Veracode, Mr. Eng was a Technical Manager for Symantec Professional Services, the division of Symantec responsible for security consulting. As a senior technical lead, he delivered high-profile security assessments for numerous Fortune 500 companies, focusing primarily on penetration testing of critical web applications, commercial software, and networks. In addition to serving as a technical leader and global facilitator for Symantec’s Attack and Penetration Center of Excellence, he designed, implemented, and maintained a centralized, distributed penetration testing and reporting infrastructure with a web front-end that enabled consultants worldwide to deliver penetration tests in a streamlined, consistent manner.

Before joining Symantec through acquisition in 2004, Mr. Eng was a Principal Consultant and then Technical Director of @stake, Inc., where he led the delivery of security assessments and maintained one of the highest utilization rates company-wide. In addition to consulting, he led the development of WebProxy, a proprietary web application testing tool which became an @stake product in 2002, predating most proxy-based web security tools that exist today. He also authored internal whitepapers on penetration testing which laid the groundwork for @stake’s delivery methodologies.

Prior to @stake, Mr. Eng was an Electrical Engineer for the US Department of Defense. As a member of the National Security Agency’s “Red Team,” he conducted vulnerability research and performed penetration tests to strengthen the security of US government and military networks. His prior work at the NSA consisted mostly of hardware-related pursuits, with an emphasis on analyzing/testing embedded systems and ASICs.

Mr. Eng has presented on application security topics at the Black Hat Briefings and has been quoted in industry publications including CIO Magazine, eWeek, Dark Reading, and Information Security Magazine.

Mr. Eng earned his Bachelor of Science degree in Electrical Engineering and Computer Science from the University of California in Berkeley, CA.