Who is VSR

VSR was founded by a former @stake consultant, George Gal whose vision was to create a firm focused on delivering the highest quality information security consulting services. Our company structure and operations allow us to be nimble, provide unbiased recommendations and remain vendor neutral.

Management Team

The VSR management team consists of proven industry experts who each bring unique expertise that add value to our services.

George D. Gal, Founder & Managing Partner

As managing partner George oversees all major corporate functions. George has over fourteen years of application security experience. His specialties include application security assessment and attack simulation with significant experience within the financial services, retail, health care, commercial software & service provider market sectors. At VSR George works with clients as a subject matter expert performing application security assessments ranging from secure code review, architectural review, black-box penetration testing and application security training.

Prior to VSR, George was a Senior Security Consultant with @stake involved in both the attack simulation and forensics / incident response centers of excellence. George is a graduate of Northeastern University with Bachelor of Science and Master of Science degrees in Computer Science.

Timothy D. Morgan, Partner & Digital Forensics Practice Lead

Tim specializes in application security, cryptography, forensics and incident response, and leads VSR's digital forensics practice. Having over nine years of experience with network security, secure application development, incident response and penetration testing, Tim has a broad technical background. At VSR Tim works with clients to assist in securing their computing infrastructure through focused assessments, such as penetration tests on custom and off-the-shelf applications, security code reviews, software and network architecture assessments, and incident response policy reviews.

Prior to VSR, Tim worked in the financial and commercial software sectors where he gained experience in secure software development and acted as a first responder, investigating dozens of internal incidents and external threats. Tim earned his computer science degrees from Harvey Mudd College (BS) and Northeastern University (MS).

John Redford, Partner & Training Services Practice Lead

John has an extensive background in secure application and systems infrastructure development, with over eighteen years implementation and innovation experience. Using his extensive knowledge of diverse software platforms, John assists VSR clients to implement solutions that are both secure and practical. John develops and delivers training materials to educate clients, focusing on fundamental security threats and modern defensive programming techniques. He also performs architectural assessments, code reviews, and application penetration testing.

Prior to VSR, John was a security consultant with @stake and Symantec, where he implemented penetration testing and reporting tools. Previously, he worked in the financial sectors of Boston and New York.

Apple iOS / OSX: Foundation NSXMLParser XXE Vulnerability

XML Schema, DTD, and Entity Attacks

IBM WebSphere Commerce: Encrypted URL Parameter Vulnerable to POA

Timothy D. Morgan presents No Crack Required: Cryptanalysis in Real-World Applications at OWASP AppSecUSA 2012.


Contact us by phone,
fax or e-mail:

Phone: 617.933.8919
Fax: 617.933.8920
Email: inquiry@vsecurity.com