Jeremy Epstein

Jeremy Epstein

Work History

Work History
Jan 2001 - Present

Independent Consultant

Oct 2008 - Jan 2009

Principal Security Consultant
  • Advise government and commercial clients on software security.
  • Write proposals for government research projects.
  • Support sales and marketing organizations with customers/prospects.
  • Represent company in OWASP, including chairing northern Virginia chapter.
  • Participate in conference organizing, including ACSAC, DHS CATCH, and Metricon.
Jan 2000 - Sep 2008

Senior Director, Product Security & Performance

Software AG, Inc. (formerly webMethods)
  • Advise executive team on security strategy, directions, M&A activities.
  • Supervise product security efforts; provide oversight for corporate IT security.
  • Supervise development of performance benchmarks for all webMethods products.
  • Establish & manage relationships with key security and performance technology partners, including @stake (now Symantec), Entrust, Fortify Software, Forum Systems, Layer 7, Hewlett-Packard, IBM, Mercury Interactive (now HP), Netegrity (now CA), Segue Software (now Borland), Sun, White Hat Security, & others.
  • Responsible for security aspects of all webMethods products, including requirements definition, architectural direction, vulnerability analysis, customer alerting processes, standards conformance, developer training, government criteria conformance, technology partnerships, and customer / field consulting.
  • Co-founder, Common Criteria Vendors Forum.
  • Program Chair, 16th & 17th Annual Computer Security Applications Conference.
  • Contributor to CLASP; participated in SAML & XKMS standards.
Dec 1997 - Dec 1999

Manager, Security Integration Group

Led development and integration of security technologies for use on the DARPA Information Assurance program.Technologies include CORBA-based guards, firewalls, VPNs, switched workstations, and other products to allow safe interconnection of networks from TS/SCI to Unclassified.Inventions led to issuance of patents 6,584,508 and 6,684,329.


Sep 1990 - Jun 1995

Completed coursework for PhD

Jan 1981 - Dec 1981


Sep 1976 - Aug 1980


New Mexico Institute of Mining & Technology


  • Security architect/engineer with over 20 years experience in product development, academic research, standards development, requirements analysis.
  • Skilled communicator, with a strong aptitude for writing.
  • Internationally recognized expert in software security and voting systems with numerous public presentations and over 20 publications in peer-reviewed conferences.

Recent Publications and Presentations

Recent presentations and publications

  1. Internet Voting: Threat or Menace?, Cambridge University (UK) seminar, April 2010.
  2. Internet Voting, Threat or Menace?, invited keynote to 9th Symposium on Identity and Trust on the Internet (IDtrust 2010), April 2010.
  3. Internet Voting: Will We Cast Our Next Votes Online?, ACM Computing Reviews, December 2009.
  4. A Survey of Vendor Software Assurance Practices, 25th Annual Computer Security Applications Conference, December 2009.
  5. Lessons Learned In Election Technology From The 2008 Elections (panel chair), RSA Conference, April 2009.
  6. Invited panelist at Representative Bobby Scott (D-Virginia) town hall meeting on voting systems, December 2008.
  7. Lessons Learned In Election Technology From The 2008 Elections (panel chair), 24th Annual Computer Security Applications Conference, December 2008.

  8. Lessons Learned in Election Technology from the 2008 Elections, University of Hawaii, December 2008.

  9. What did Virginia learn about voting systems in 2008?, op-ed in Augusta (VA) Free Press.

  10. Invited testimony to the District of Columbia Board of Elections and Ethics Investigation Special Committee regarding voting system security, Oct 3 2008 and Nov 13 2008.

  11. What Measures do Vendors Use for Software Assurance?, Making the Business Case for Software Assurance Workshop, Carnegie Mellon University Software Engineering Institute, September 2008.

  12. How Can Researchers and Election Officials Better Work Together? (panelist), USENIX EVT '08 Workshop, July 2008.
  13. Security Lessons Learned from Société Générale, IEEE Security and Privacy magazine, May 2008.
  14. Towards Trustworthy e-Voting: An Open Source Approach? (panelist), Computers Freedom and Privacy 2008, May 2008
  15. Information Assurance Technology Forecast 2008, IEEE Security and Privacy magazine, January/February 2008.
  16. Interview on Voice of the Voters, February 2008 on Virginia legislation and voting system security.
  17. Interview on The New Dominion Show, January 2008 on Virginia legislation and voting system security.
  18. Interview on The Kenny Rahmeyer Show, WLBJ (Austin TX), January 2008 on voting system security.
  19. Electronic Voting 2008: What Are The Technical Issues?, Pew Charitable Trusts Forum, December 2007.
  20. Electronic Voting Options (panel chair), 23rd Annual Computer Security Applications Conference, December 2007.
  21. Electronic Voting 2007: What’s New in the US, University of Virginia, April 2007; Illinois Institute of Technology, October 2007; Olin College of Engineering, November 2007; Worcester Polytechnic Institute, November 2007.
  22. How Things Work: Electronic Voting, IEEE Computer, August 2007.
  23. Is SOA Governance a 10 Letter Word for Access Controls?, 2007 Web Services Security Conference and Exposition, May 2007.
  24. Electronic voting 2007 – what works, what doesn’t, and how can technologists affect the future, RSA Conference, February 2007.
  25. Fifteen Years after TX: A Look Back at High Assurance Multi-Level Secure Windowing (Invited Paper), Proceedings of the 22nd Annual Computer Security Applications Conference, December 2006.
  26. Challenges for Web Services Security (panel), 22nd Annual Computer Security Applications Conference, December 2006.
  27. Brief appearance on CNN Lou Dobbs (recounts for electronic voting), November 2006.
  28. Architecting Secure webMethods Solutions, Integration World 2006, November 2006.
  29. Alternate Assurance Methodologies for Increasing Product Security, 7th International Common Criteria Conference, September 2006.
  30. “Good Enough” Metrics, Metricon 1.0 workshop at USENIX Security, August 2006.
  31. Why Applying Standards to Web Services Is Not Enough, IEEE Security and Privacy magazine, August 2006.
Full list available on request


  • Software security
  • Electronic voting security 

Professional Affiliations

Counter Intelligence Polygraph