This is the keynote from the AT&T Cybersecurity Conference in 2015.


I am passionate about software security, machine learning security, and technology transfer. I deliver talks spiked with both humor and insight to audiences ranging from big commercial trade shows to academic lecture halls. You will most certainly laugh and will probably learn something as an accidental side effect. Abstracts for these current titles are available on request:

  • Security Engineering for Machine Learning
  • Seven Things: Frank Zappa, T. Coraghassen Boyle, and 21 Years in Security
  • Four CISO Tribes and Where to Find Them
  • A Brief History of¬†Software, Security, and Software Security: Bits, Bytes, Bugs, and the BSIMM
  • How to Avoid the Top Ten Software Security Flaws
  • Scaling a Software Security Initiative: Lessons from the BSIMM
  • Cyber War, Cyber Peace, Stones, and Glass Houses
  • Looking Forward and Backwards from BSIMM9
  • Technology Transfer: A Software Security Case Study

Sample Keynote Talks from 2014-2018

Looking Forward and Backwards from BSIMM9

  • BSIMM Community Conference, Amelia Island, FL, October 2018.

Four CISO Tribes and Where to Find Them

  • BSIMM Europe Community Conference, London, May 2018.
  • Segurinfo 2018, Buenos Aires, Argentina, April 2018.
  • BSIMM Community Conference, Scottsdale, AZ, October 2017.

Seven Things: Frank Zappa, T. Coraghassen Boyle, and 21 Years in Security

  • Qualcomm Mobile Security Summit, San Diego, CA, May 2018.
  • AlphaTech, Washington, DC, November 2017.
  • OWASP Italy Day, Cagliari, Italia, October 2017.
  • Shmoocon, Washington, DC, January 2017.

The Cybersecurity Threat Landscape

  • PNC Cyberfest, Pittsburgh, PA, November 2015.

Brief History of Software, Security, and Software Security: Bits, Bytes, Bugs, and the BSIMM

  • Daimler Global Technology Conference, Stuttgart, Germany, April 2017.
  • University of Virginia, Distinguished Lecture, Charlottesville, VA, March 2017.
  • Codenomicon Europe 2017, Nuremberg, Germany, March 2017.
  • CTO Forum, San Francisco, CA, February 2017.
  • AT&T Cybersecurity Conference, New York, NY, October 2015.

Scaling a Software Security Initiative: Lessons from the BSIMM

  • BSIMM Europe Community Conference, London, UK, May 2017.
  • OWASP CA, Los Angeles, CA, January 2017.
  • ASTQB, Washington, D.C., September 2015.

Technology Transfer: A Software Security Case Study

  • Oopsla/SPLASH, Portland, OR, October 2014.

Bug Parades, Zombies, and the BSIMM: A Decade of Software Security

  • Genetec ConnectDev16, Montreal, Canada, February 2016.
  • Booster, Bergen, Norway, March 2014.
  • James Madison University Distinguished Lecture, Harrisonburg, VA, January 2014.

Cyber War, Cyber Peace, Stones and Glass Houses

  • Connecticut Information Symposium, Hartford, CT, November 2015.
  • CACR Lecture, Indiana University, Bloomington, IN, April 2014.

How do I Secure my Software?

  • National Cooperative Grocers Association, Montreal, Canada, October 2014.

The Building Security In Maturity Model (BSIMM)

  • EMC Cybersecurity Symposium, Boston, MA, December 2015.
  • FFIEC Technology Conference, Washington, DC, August 2014.

Software Security and the BSIMM

  • GE Security Forum, Washington, DC, October 2016.
  • Flight16, Black Duck Software, Boston, MA, October 2016.
  • Digicert Security Summit, Las Vegas, NV, November 2015.
  • Software Engineering Symposium, Lincoln Lab, Boston, MA, September 2015.
  • CCSC-E, Yorktown, PA, November 2014.
  • Rockstars of Cybersecurity, IEEE, Austin, TX, September 2014.
  • AppsecUSA, Denver, CO, September 2014.


“Thank your for your excellent keynote at our conference! Your high energy is just what we needed to get us going after lunch. And your topic was right on target. Your book signing also had the longest line! You help make this our most successful conference so far.”

– Gus de los Reyes
AT&T Security

“Gary did a wonderful job in educating our software developers on state of the art secure software development practices while at the same time being entertaining and motivating. This was the first technical security presentation seen at SAP which kept the audience excited to the last slide and beyond.”

– Gunter Bitz, Ph.D.
Product Security and Governance

“Gary McGraw is the kind of speaker that gets and holds your attention. He talks about software security and cyber security more broadly, and there is no question that he’s an expert, but what makes him special is the way to make these very hard, very technical topics understandable. In the same talk he manages to deliver value to experts while not losing executives, regulators, press and others who don’t live in the trenches. He is quick, witty, and fun and he speaks English, not geek.”

– Craig Miller, CTO MAPA Group

“Gary came, spoke, and convinced everyone of our 500 guests of the importance of software security – a topic at the very heart of cyber security.

Gary doesn’t just ‘speak to’ the audience. Instead, he seems to be having a personal conversation with everyone in the audience individually. Delivered with ease and garnished with examples and anecdotes in a style that proves years of experience.

Here is a man who grew up in software security, who lives it and who breathes it. Here is a man that people won’t forget.”

– Elly van den Heuvel, General Manager GOVCERT.NL


I travel from Dulles airport near Washington, DC. My speaking fee varies based on the location of the speech and will be provided upon inquiry. Please e-mail further details on your proposed event, including event URLs, location and dates.

Thank you for your interest in having me speak. I look forward to hearing from you.

Loading posts...
Sort Gallery