Profile for JohnDeSantis

JohnDeSantis
Member Since: December 7, 2017
Author
Blog Posts: 3
Posts: 1

John De Santis is Chairman & CEO of HyTrust, an IT infrastructure security software company based in Mountain View, CA and backed by VMware, Cisco and Intel Corporation. John is a company builder with experience in the software, networking and information security domains. He has over thirty years of international and US based experience at venture-backed technology start-ups as well as large global public companies in the Telecom and IT fields. 

Prior to HyTrust, he was VP, Cloud Services for VMware. He was Chairman & CEO of TriCipher (acquired by VMware), and prior to that, he was an entrepreneur-in-residence at Trident Capital. John's first CEO role was at Sygate Technologies (acquired by Symantec), where they developed the technical foundation of Symantec's $1B Enterprise Endpoint Protection suite. During the rapid telecom deregulation in Europe in the 1990's, he led the European operations for various software, hardware and telecom networking companies. In the mid-80's, he had co-founded and led to exit a start-up that built the first optical fiber networking capability for IBM mainframes.

He is currently on the board of directors of Stealth Security (detection/mitigation against automated malicious web service attacks), ValiMail (anti-phishing/email authentication), Aetherpal (mobile app/device support software) and noHold (artificial intelligence applied to customer support). He was previously on the boards of NeoHapsis (IT security consulting - acquired by Cisco), Trace Security (GRC software as a service - exit to a management buy out), Arxan Technologies (application security software - private equity exit to TA Associates), Applied Identity (identity management networking software - acquired by Citrix), and Tablus (data leakage protection software - acquired by RSA Security). 

John is a graduate of Fairfield University with an AB in Philosophy (concentration: Mathematics). He completed the Stanford University/AEA Executive Institute program for Management of High Technology Companies.



12 Free, Ready-to-Use Security Tools
Steve Zurier, Freelance Writer,  10/12/2018
Pair of Reports Paint Picture of Enterprise Security Struggling to Keep Up
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/11/2018
New Domains: A Wide-Open Playing Field for Cybercrime
Ben April, CTO, Farsight Security,  10/9/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-18324
PUBLISHED: 2018-10-15
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has XSS via the admin/fileManager2.php fm_current_dir parameter, or the admin/index.php module, service_start, service_fullstatus, service_restart, service_stop, or file (within the file_editor) parameter.
CVE-2018-18322
PUBLISHED: 2018-10-15
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Command Injection via shell metacharacters in the admin/index.php service_start, service_restart, service_fullstatus, or service_stop parameter.
CVE-2018-18323
PUBLISHED: 2018-10-15
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Local File Inclusion via directory traversal with an admin/index.php?module=file_editor&file=/../ URI.
CVE-2018-18319
PUBLISHED: 2018-10-15
** DISPUTED ** An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because api.php has an eval call, as demonstrated by the /6/api.php?function=command&class=remote&Cc='ls' URI. NOTE: the vendor indicates that Merli...
CVE-2018-18320
PUBLISHED: 2018-10-15
** DISPUTED ** An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because exec.php has a popen call. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allo...