Josh Grossman

CTO

Description

Josh has worked as a consultant in IT and Application Security and Risk for 15 years now, as well as a Software Developer. In that time he has seen the good, the bad and the stuff which is sadly/luckily still covered by an NDA. This has given him an in-depth understanding of how to manage the balance between business needs, developer needs and security needs which goes into a successful software security programme.

As CTO for Bounce Security, he helps clients improve and get better value from their application security processes and provides specialist application security advice. His consultancy work has led him to work, speak and deliver training both locally and worldwide including privately for ISACA and Manicode and publicly for OWASP’s Global AppSec conferences, NDC Security and Black Hat.

In his spare time, he co-leads the OWASP Application Security Verification Standard project and is on the OWASP Israel chapter board and the OWASP Events Committee. In 2025, OWASP recognised his contributions with a Distinguished Lifetime Membership award.

Back to Our Team

Josh Grossman's upcoming events:

Training at OWASP London Training 2026

Building a High-Value AppSec Scanning Programme

Josh Grossman - 25th-26th Feb, 2026
(Read more about this course)

Josh Grossman's previous appearances:

Podcast with ICodeWith.ai

Pre-Launch Security Essentials for Vibe Coded Apps

Josh Grossman - 29th Oct, 2025

DEF CON 2025 - OWASP Community

Vibe Coding: Security Crisis or Opportunity

Josh Grossman - 11:00-12:00 - Room W4/C206, LVCC - 10th Aug, 2025

DEF CON 2025 - OWASP Community

Whitehats Secret Weapon: OWASP

Josh Grossman - 10:30-11:00 - Room W4/C206, LVCC - 8th Aug, 2025

Training at BlackHat USA 2025

Accelerated AppSec – Hacking your Product Security Programme for Velocity and Value

Josh Grossman - August 4th-5th, 2025
(Read more about this course)

Video Interview with ITSPmagazine

Introducing the OWASP ASVS 5.0 release

Josh Grossman - 29th May, 2025

Training at OWASP Global AppSec Barcelona 2025

Building a High-Value AppSec Scanning Programme

Josh Grossman - May 27th-28th, 2025
(Read more about this course)

DevSecNext by Jit

Get Ready for the OWASP ASVS 5.0

Josh Grossman - January 14, 2025

Training at BlackHat USA 2024

Accelerated AppSec – Hacking your Product Security Programme for Velocity and Value (Virtual)

Josh Grossman - August 5th-6th, 2024
(Read more about this course)

Training at OWASP Global AppSec Lisbon 2024

Building a High-Value AppSec Scanning Programme

Josh Grossman - June 25th-26th, 2024
(Read more about this course)

BrakeSec Education Podcast

Building AppSec programs and bridging security and developer gaps

Josh Grossman - 15th April, 2024

Cyber Security Virtual Meetups

Talk title: The Real AppSec Issues

Josh Grossman - March 06, 2024

NDC Security 2024 (Conference)

Tune your Toolbox for Velocity and Value

Josh Grossman - January 11, 2024

NDC Security 2024 (Conference)

Discover your inner security engineer with this one weird trick (hackers hate it!)

Josh Grossman - January 11, 2024

NDC Security 2024 (Workshops)

Building a High-Value AppSec Scanning Programme

Josh Grossman - January 8-9th, 2024
(Read more about this course)

DeveloperWeek Enterprise 2023

Discover Your Inner Security Engineer with This One Weird Trick (Hackers Hate It!)

Josh Grossman - November 16, 2023

Training at BlackHat USA 2023

Building a High-Value AppSec Scanning Programme (SCA, SAST, DAST and More)

Josh Grossman - August 7-8th, 2023

Livestream at BlackHat USA 2023

Dark Reading News Desk

Josh Grossman - August 06, 2023

PyCon Israel 2023

Omniscient AppSec- Custom, Continuous Security Verification of Python Code

Michal Kamensky and Josh Grossman - July 4th, 2023

DevTalks Romania

Building a Sustainable Security Requirements Process With the ASVS

Josh Grossman - June 22nd, 2023

OWASP 2023 Virtual June Training

Application Security Awareness and Security Requirements with the OWASP ASVS

Josh Grossman - June 6-7th, 2023

OWASP Netherlands

The Rise of the Security Verification Standard

Josh Grossman - April 20, 2023

QCon London 2023

Sustainable Security Requirements with the ASVS

Josh Grossman - March 27, 2023

Security Weekly

The OWASP ASVS and Sustainable Software Security Practices

Josh Grossman - March 13th, 2023

OWASP Global AppSec Dublin 2023

Building a High-Value AppSec Scanning Programme - (Training)

Josh Grossman - February 13-14th, 2023

(ISC)2 Meetup February 2023

Talk title: The Real AppSec Issues

Josh Grossman - February 02, 2023

NDC Security 2023 (Conference)

Building a sustainable security requirements process with the ASVS

Josh Grossman - January 19, 2023

OWASP Oslo

Tune your Toolbox for Velocity and Value

Josh Grossman - January 17, 2023

Down the Security Rabbithole Podcast (DtSR)

Episode 534 - The AppSec is Still a Mess

Josh Grossman - January 17th, 2023

OWASP Global AppSec San Francisco 2022

The Rise of the Security Verification Standard

Josh Grossman - November 18th, 2022

OWASP Global AppSec San Francisco 2022

Building a High-Value AppSec Scanning Programme (Training)

Josh Grossman - November 15-16th, 2022

AppSecEU 2022

OWASP ASVS Project

Josh Grossman - June 8th, 2022

Application Security podcast

Building a High-Value AppSec Scanning Program

Josh Grossman - April 20th, 2022

DevSec For Scale Podcast

Proactively Building Secure Software

Josh Grossman - April 12th, 2022

OWASP Morocco

Introduction to the ASVS

Josh Grossman - April 12th, 2022

Open Security Summit

Tune Your Toolbox for Velocity and Value (SCA)

Josh Grossman - March 15th, 2022

OWASP Luxembourg

What's New in the ASVS 4.0?

Josh Grossman - March 8th, 2022

DevSecCon Lightning

Count Up From Zero Day - when a critical vulnerability takes you by surprise

Josh Grossman - November 18th, 2020

MyDevSecOps Livestream

What's new in the ASVS 4.0?

Josh Grossman - January 30th, 2020

OWASP Helsinki

What's new in the ASVS 4.0?

Josh Grossman - September 3rd, 2019

MyDevSecOps Livestream

Panel - The State of Open-Source Security

Josh Grossman - March 14th, 2019

OWASP AppSec USA 2018

How to get the best AppSec test of your life

Josh Grossman - October 11th, 2018

OWASP AppSec Israel 2017

How to get the best AppSec test of your life

Josh Grossman - October 28th, 2017