John Steven is a pioneering voice in software and cloud security, with more than three decades of experience shaping the way organizations build and secure technology. As a Senior Advisor to The Chertoff Group, he counsels clients on threat modeling, architectural risk analysis, software-defined security governance, and automation strategies that drive efficiency and resilience.
As co-CTO of Cigital, John transformed the company into the largest and most influential application security firm in the industry. Under his leadership, Cigital introduced the methodologies, tools, and thought leadership that defined modern software security. He helped author the Building Security In Maturity Model (BSIMM), which became the global benchmark for software security programs and informed the NIST Secure Software Development Framework (SSDF).
Today, John partners with enterprises to advance secure software development and governance and is recognized for his strategic impact and technical depth. In addition to his work, John serves and has served as an advisory CTO or CRO for multiple startups in the Cloud Security, ASPM/ASOC space, contributing to several successful exits. He continues to actively advise startups in Supply Chain Security and AI. His expertise continues to influence security strategy for Fortune 500 companies, high-growth innovators, and the broader cybersecurity ecosystem.
John graduated from Case Western Reserve University with a Bachelor of Science in Computer Engineering and a Master’s degree in Computer Science.