Josh Grossman

CTO

Description

Josh has worked as a consultant in IT and Application Security and Risk for 15 years now, as well as a Software Developer. In that time he has seen the good, the bad and the stuff which is sadly/luckily still covered by an NDA. This has given him an in-depth understanding of how to manage the balance between business needs, developer needs and security needs which goes into a successful software security programme.

As CTO for Bounce Security, he helps clients improve and get better value from their application security processes and provides specialist application security advice. His consultancy work has led him to work, speak and deliver training both locally and worldwide including privately for ISACA and Manicode and publicly for OWASP’s Global AppSec conferences, NDC Security and Black Hat.

In his spare time, he co-leads the OWASP Application Security Verification Standard project and is on the OWASP Israel chapter board and the OWASP Events Committee. In 2025, OWASP recognised his contributions with a Distinguished Lifetime Membership award.


Back to Our Team

Josh Grossman's upcoming events:

Training at OWASP Global AppSec Vienna 2026

Repeatable, Scalable, and Valuable Code Security Scanning

Josh Grossman - 23rd-24th June, 2026
(Read more about this course)
Event Link

Training at BlackHat USA 2026

Achieving Scalable Code Security Scanning through AI Acceleration

Josh Grossman - August 3rd-4th, 2026
(Read more about this course)
Event Link

Josh Grossman's previous appearances:

Podcast with ICodeWith.ai

Pre-Launch Security Essentials for Vibe Coded Apps

Josh Grossman - 29th Oct, 2025
Event Link

DEF CON 2025 - OWASP Community

Vibe Coding: Security Crisis or Opportunity

Josh Grossman - 10th Aug, 2025
Event Link

DEF CON 2025 - OWASP Community

Whitehats Secret Weapon: OWASP

Josh Grossman - 8th Aug, 2025
Event Link

Training at BlackHat USA 2025

Accelerated AppSec – Hacking your Product Security Programme for Velocity and Value

Josh Grossman - August 4th-5th, 2025
(Read more about this course)
Event Link

Video Interview with ITSPmagazine

Introducing the OWASP ASVS 5.0 release

Josh Grossman - 29th May, 2025
Event Link

Training at OWASP Global AppSec Barcelona 2025

Building a High-Value AppSec Scanning Programme

Josh Grossman - May 27th-28th, 2025
(Read more about this course)
Event Link

DevSecNext by Jit

Get Ready for the OWASP ASVS 5.0

Josh Grossman - January 14, 2025
Event Link

Training at BlackHat USA 2024

Accelerated AppSec – Hacking your Product Security Programme for Velocity and Value (Virtual)

Josh Grossman - August 5th-6th, 2024
(Read more about this course)
Event Link

Training at OWASP Global AppSec Lisbon 2024

Building a High-Value AppSec Scanning Programme

Josh Grossman - June 25th-26th, 2024
(Read more about this course)
Event Link

BrakeSec Education Podcast

Building AppSec programs and bridging security and developer gaps

Josh Grossman - 15th April, 2024
Event Link

Cyber Security Virtual Meetups

Talk title: The Real AppSec Issues

Josh Grossman - March 06, 2024
Event Link

NDC Security 2024 (Conference)

Tune your Toolbox for Velocity and Value

Josh Grossman - January 11, 2024
Event Link

NDC Security 2024 (Conference)

Discover your inner security engineer with this one weird trick (hackers hate it!)

Josh Grossman - January 11, 2024
Event Link

NDC Security 2024 (Workshops)

Building a High-Value AppSec Scanning Programme

Josh Grossman - January 8-9th, 2024
(Read more about this course)
Event Link

DeveloperWeek Enterprise 2023

Discover Your Inner Security Engineer with This One Weird Trick (Hackers Hate It!)

Josh Grossman - November 16, 2023
Event Link

Training at BlackHat USA 2023

Building a High-Value AppSec Scanning Programme (SCA, SAST, DAST and More)

Josh Grossman - August 7-8th, 2023
(Read more about this course)
Event Link

Livestream at BlackHat USA 2023

Dark Reading News Desk

Josh Grossman - August 06, 2023
Event Link

PyCon Israel 2023

Omniscient AppSec- Custom, Continuous Security Verification of Python Code

Michal Kamensky and Josh Grossman - July 4th, 2023
Event Link

DevTalks Romania

Building a Sustainable Security Requirements Process With the ASVS

Josh Grossman - June 22nd, 2023
Event Link

OWASP 2023 Virtual June Training

Application Security Awareness and Security Requirements with the OWASP ASVS

Josh Grossman - June 6-7th, 2023
Event Link

OWASP Netherlands

The Rise of the Security Verification Standard

Josh Grossman - April 20, 2023
Event Link

QCon London 2023

Sustainable Security Requirements with the ASVS

Josh Grossman - March 27, 2023
Event Link

Security Weekly

The OWASP ASVS and Sustainable Software Security Practices

Josh Grossman - March 13th, 2023
Event Link

OWASP Global AppSec Dublin 2023

Building a High-Value AppSec Scanning Programme - (Training)

Josh Grossman - February 13-14th, 2023
(Read more about this course)
Event Link

(ISC)2 Meetup February 2023

Talk title: The Real AppSec Issues

Josh Grossman - February 02, 2023
Event Link

NDC Security 2023 (Conference)

Building a sustainable security requirements process with the ASVS

Josh Grossman - January 19, 2023
Event Link

OWASP Oslo

Tune your Toolbox for Velocity and Value

Josh Grossman - January 17, 2023
Event Link

Down the Security Rabbithole Podcast (DtSR)

Episode 534 - The AppSec is Still a Mess

Josh Grossman - January 17th, 2023
Event Link

OWASP Global AppSec San Francisco 2022

The Rise of the Security Verification Standard

Josh Grossman - November 18th, 2022
Event Link

OWASP Global AppSec San Francisco 2022

Building a High-Value AppSec Scanning Programme (Training)

Josh Grossman - November 15-16th, 2022
(Read more about this course)
Event Link

AppSecEU 2022

OWASP ASVS Project

Josh Grossman - June 8th, 2022
Event Link

Application Security podcast

Building a High-Value AppSec Scanning Program

Josh Grossman - April 20th, 2022
Event Link

DevSec For Scale Podcast

Proactively Building Secure Software

Josh Grossman - April 12th, 2022
Event Link

OWASP Morocco

Introduction to the ASVS

Josh Grossman - April 12th, 2022
Event Link

Open Security Summit

Tune Your Toolbox for Velocity and Value (SCA)

Josh Grossman - March 15th, 2022
Event Link

OWASP Luxembourg

What's New in the ASVS 4.0?

Josh Grossman - March 8th, 2022
Event Link

DevSecCon Lightning

Count Up From Zero Day - when a critical vulnerability takes you by surprise

Josh Grossman - November 18th, 2020
Event Link

MyDevSecOps Livestream

What's new in the ASVS 4.0?

Josh Grossman - January 30th, 2020
Event Link

OWASP Helsinki

What's new in the ASVS 4.0?

Josh Grossman - September 3rd, 2019
Event Link

MyDevSecOps Livestream

Panel - The State of Open-Source Security

Josh Grossman - March 14th, 2019
Event Link

OWASP AppSec USA 2018

How to get the best AppSec test of your life

Josh Grossman - October 11th, 2018
Event Link

OWASP AppSec Israel 2017

How to get the best AppSec test of your life

Josh Grossman - October 28th, 2017
Event Link