Gartner Expert

Frank Catucci

Sr Director Analyst

Frank Catucci is an Analyst in the Gartner for Technical Professionals Security and Risk Management Strategies team. He covers Software/Application Security Practices, DevSecOps, Mobile Application Security, API security, SCA, SAST, DAST, IAST, RASP, and WAF.

Previously, Mr. Catucci led a team of Application Security consultants to perform application security management, assessments and security architecture projects. Prior to that, he was a Director of Application Security for large cloud based security innovator, as well as experience that includes consulting and positions within technology solutions, enterprise, financial services, university/higher education, government, healthcare, legal, start-up businesses, public and private industries.

He is a global speaker and evangelist for infosec and appsec industry as well. From consultant to pentester, to CIO/CISO, to advisor, subject matter expert and back again, he is an industry leading professional.

Mr. Catucci conducts security research, penetration testing, and often speaks at information security conferences and events worldwide. Free time is often dedicated to research and bug bounty initiatives.

He is an OWASP Chapter President and an active part of the OWASP bug bounty initiative and frequent contributor to other OWASP wiki and cheatsheet content and security projects and initiatives.

Previous experience

Prior to this, Mr. Catucci was a Director of Application Security.

Professional background

ImagineX Consulting

Director, Application Security and DevSecOps


Director, Application Security, Product and Research

Confidential Employers

Senior IT Security and AppSec Consultant and Mgr.

Areas of coverage

Security of Applications and Data for Technical Professionals


Mr. Catucci has a Bachelor's Degree in Business Administration and Management from Newberry College. He graduated Magna Cum Laude.

Read More Read Less

Top Issues That I Help Clients Address

1DevSecOps - Developing and maturing practices

2Web Application Firewalls - Deployments, configurations and implementations

3Application Security - From program development to maturity to testing methodologies

4AST (Application Security Testing) - SAST, DAST, IAST

5SCA (Software Composition Analysis) and open-source software components and security