Gary McGraw

About the Author

Gary McGraw is the CTO of Cigital, Inc., a software security and quality consulting firm providing services to some of the world's best-known companies for a decade. Dr. McGraw is a globally-recognized authority on software security-featured frequently as a keynote speaker at events coast-to-coast as well as internationally. His strategic advice counsels business executives and top management, technology developers, IT, and operations staff in industries such as finance, hospitality, gaming, and e-commerce. He is on the Board of Directors of Cigital, chairs Fortify Software's Technical Advisory Board, and serves as an Advisor to Raven White. Gary also speaks at academic conferences and participates in academia by advising the Computer Science departments of the University of Virginia and the University of California, Davis. He is a member of the Dean's Advisory Council of the School of Informatics at Indiana University. Among his federal government credentials is serving as a prime contributor on the National Cyber Security Summit Alliance study Security Across the Software Development Lifecycle.

Dr. McGraw has, quite literally, written the book on software security; six of them best-selling in their field. He co-authored the groundbreaking Building Secure Software with John Viega in 2001, introducing ideas that are expanded and made actionable in his latest, Sofware Security: Building Security In released in 2006. His next book Exploiting Online Games will be published in 2007. His other titles include Java Security, Securing Java, Software Fault Injection, and Exploiting Software; he is also editor of the Addison-Wesley Software Security series. He has authored over ninety peer-reviewed scientific publications, writes a monthly security column for, and is often quoted in the press. He holds a dual PhD in Cognitive Science and Computer Science from Indiana University and a BA in Philosophy from the University of Virginia. He serves as a member of the IEEE Security and Privacy Task Force and IEEE Computer Society Board of Governors. He also produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine.

When not performing as a technologist, scientist, author and speaker, Gary is an active musician, playing the violin since the age of three. He has been doing improvisation since college, his other instruments including mandolin and guitar. He plays occasional "gigs" and records original music with the band Where's Aubrey, the band's repertoire ranging from old time folk music to modern jazz. Gary and his wife Amy Barley live with their two sons and an assorted menagerie on a farm on the banks of the Shenandoah River with vistas of the Blue Ridge Mountains.