SAFECode CONTRIBUTORS > |
Brad Arkin - Senior Director, Engineering Security, Standards, Open Source and Accessibility
Adobe Systems Incorporated
Brad Arkin is the senior director of security for Adobe products and services. In his role, Arkin leads the Adobe Secure Software Engineering Team (ASSET) responsible for ensuring Adobe's products are designed, engineered and validated using security best practices, as well as the Product Security Incident Response Team (PSIRT) dedicated to responding to and communicating about security issues. Arkin also oversees the Corporate Standards Group responsible for coordinating Adobe’s involvement with standards bodies such as the International Organization for Standardization (ISO) and the World Wide Web Consortium (W3C), as well as the open source and accessibility teams.
Prior to joining Adobe, Arkin held management positions at StepNexus, Symantec, @Stake and Cigital.
Arkin is currently a board member of SAFECode, the Software Assurance Forum for Excellence in Code. He is also a member of the BSIMM (Building Security In Maturity Model) advisory board, the SAP Security Advisory Board, and the customer advisory boards for security consultancy iSec Partners and security tools vendor Veracode.
Arkin holds a BS in computer science from the College of William and Mary, an MS in computer science from George Washington University, and an MBA from Columbia University and London Business School.
Adobe is changing the world through digital experiences. For more information, visit www.adobe.com.
Eric Baize - Senior Director, Product Security Office EMC
Eric Baize leads EMC’s Product Security Office with company-wide responsibility for product security assurance, covering vulnerability response handling, security development lifecycle implementation and coordination of security certifications. He also represents EMC on SAFECode’s Board of Directors. Additionally, Mr. Baize leads RSA’s product strategy for securing virtual and physical infrastructures.
Previously, Mr. Baize pioneered EMC’s push towards security. He was a founding member of the leadership team that defined EMC’s vision of information-centric security, and which drove the acquisition of RSA Security and Network Intelligence in 2006.
Prior to joining EMC, Mr. Baize held various positions for Groupe Bull in Europe and in the US where he was successively the security architect, product manager and director of security strategy, responsible for the company’s security product line.
Mr. Baize holds a M.S. degree in Computer Science from Ecole Nationale Supérieure des Télécommunications in Brest, France, and is a Certified Information Security Manager (CISM) by the Information Systems Audit and Control Association (ISACA). He is holder of a US patent, author of international security standards and a regular speaker at security conferences in the US and Europe.
Diego Baldini - Senior Product Security Manager Nokia
Diego Baldini is a Senior Product Security Manager responsible for Nokia’s product security development in the Asian Pacific & Greater China region. He currently works in Nokia’s Beijing office where he is an expert in information security assurance.
Mr. Baldini joined Nokia in 2000 and has since held different positions covering a wide spectrum of security aspects and competences: systems testing, risk and threat analysis, military and public safety networks, engineering and incident handling processes, evangelization and awareness, mobile devices, outsourcing and supply chain development, industry collaboration, strategy formulation.
Gunter Bitz - Senior Manager Product Security SAP AG
Dr. Gunter Bitz (MBA and CISSP) is responsible for the Product Security Governance and Strategy at SAP AG. This includes testing security strategies to find security vulnerabilities in the software products and to ensure the integrity of the software supply chain.
As Director of SAP’s fraud prevention competence center, Dr. Bitz has developed concepts for financial fraud detection and prevention by means of using IT systems as an automated detection of misconduct.
Previously, he was an information security manager for SAP, where he was responsible for protecting SAP’s intellectual property. Dr. Bitz has also developed and implemented measures to protect SAP from the consequences of industrial espionage.
Dr. Bitz presents his work regularly in front of international audiences such as at the RSA and the Information Security Solutions Europe (ISSE) conferences. He is also a member of several committees for various security conferences.
For more information: https://www.xing.com/profile/Gunter_Bitz
Bob Dix - Vice President, Government Affairs & Critical Infrastructure Protection Juniper Networks, Inc.
Bob Dix is the Vice President of Government Affairs & Critical Infrastructure Protection for Juniper Networks. Mr. Dix is a widely recognized subject matter expert and a leading policy expert in furthering government—especially in industry partnerships to protect this nation’s critical infrastructure.
Mr. Dix has served in senior executive positions in the IT sector. Prior to joining Juniper, he served as the Executive Vice President for Government Affairs & Corporate Development at Citadel Security Software. While with Citadel and continuing at Juniper, Mr. Dix has been active in IT and Telecommunications industry leadership roles.
Among his various roles with Juniper, Mr. Dix serves on the Industry Executive Subcommittee (IES) of the President’s National Security Telecommunications Advisory Committee (NSTAC). Mr. Dix represented Juniper as Chair of the Cyber Security Collaboration Task Force and also participates on several other NSTAC initiatives, examining issues related to national security and emergency preparedness communications.
Dix is active with the Partnership for Critical Infrastructure Security (PCIS), where he is the principal representative of the IT sector, and was elected to the Executive Committee in 2008. Dix has been active in facilitating improved integration of the private sector CI/KR community into the planning and execution of the National Exercise Program, testing our nation’s emergency preparedness, including the TOPOFF, NLE, and Cyber Storm series of National Level Exercises.
Dix also represents Juniper Networks on the National Security Task Force of the U. S. Chamber of Commerce and with TechAmerica. He continues to represent Juniper and participate with the IT-ISAC and the Communications Sector Coordinating Council, and also represents Juniper on the Board of Directors for SAFECode.
Cassio Goldschmidt - Senior Manager, Product Security Symantec
Cassio Goldschmidt is senior manager of the product security team under the Office of the CTO at Symantec Corporation. In this role he leads efforts across the company to ensure the secure development of software products. His responsibilities include managing Symantec’s internal secure software development process, training, threat modeling and penetration testing. Mr. Goldschmidt’s background includes over 13 years of technical and managerial experience in the software industry. During the seven years he has been with Symantec, he has helped to architect, design and develop several top selling product releases, conducted numerous security classes, and coordinated various penetration tests. Mr. Goldschmidt is also known for leading the OWASP chapter in Los Angeles. Mr. Goldschmidt represents Symantec and U.S. industry in many senior capacities, including as company press spokesperson, conference speaker and panelist.
He holds a bachelor degree in computer science from Pontificia Universidade Catolica do Rio Grande Do Sul, a masters degree in software engineering from Santa Clara University, and a masters of business administration from the University of Southern California.
Michael Howard - Principal Security Program Manager Microsoft
Michael Howard is a principal security program manager on the Trustworthy Computing (TwC) Group’s Security Engineering team at Microsoft, where he is responsible for managing secure design, programming, and testing techniques across the company. Mr. Howard is an architect of the Security Development Lifecycle (SDL), a process for improving the security of Microsoft’s software.
He began his career with Microsoft in 1992 at the company’s New Zealand office, working for the first two years with Windows and compilers on the Product Support Services team, and then with Microsoft Consulting Services, where he provided security infrastructure support to customers and assisted in the design of custom solutions and development of software. In 1997, Mr. Howard moved to the United States to work for the Windows division on Internet Information Services, Microsoft’s next-generation web server, before moving to his current role in 2000.
He is an editor of IEEE Security & Privacy, a frequent speaker at security-related conferences and he regularly publishes articles on secure coding and design. Mr. Howard is the co-author of six security books, including the award-winning Writing Secure Code, 19 Deadly Sins of Software Security, The Security Development Lifecycle and his most recent release, Writing Secure Code for Windows Vista.
Tiffany Jones - Policy and Government Affairs Symantec
Tiffany Jones heads Symantec’s North and Latin American Government Affairs team. Her office advises public policy concerning technology, information security, privacy, and other appropriate issues. Ms. Jones’ team is the primary policy resource to federal and state government officials, which includes presenting the company's public policy platform and coordinating the provision of product and subject matter experts to assist legislators and agencies on development of technology and business related policy. Ms. Jones represents Symantec and U.S. industry in many senior capacities, including as company press spokesperson, conference keynote speaker and panelist, designated representative for the company CEO and VP’s during various high profile events and initiatives, and delegate at several government-industry bilateral events with foreign governments.
Prior to working for Symantec in March 2003, Ms. Jones assumed the duties of Deputy Chief of Staff of the President’s Critical Infrastructure Protection Board at the White House in February 2002. In addition to her Deputy Chief of Staff responsibilities, she was responsible for Government Affairs, Public Affairs, Cybersecurity Education and Awareness programs, and Industry Outreach. Additionally, Ms. Jones coordinated all 11 White House town hall events for the National Strategy to Secure Cyberspace dialogue, and assisted in the drafting of the document.
Ms. Jones graduated from the Coast Guard Academy. She is currently on the Board of Officers for the Women’s High Tech Coalition, IT-Sector Coordinating Council (IT-SCC) and the National Cyber Security Alliance, Executive Committee of the IT-ISAC, and is Chair of the Information Security Committee at ITAA.
Yuecel Karabulut - Chief Security Advisor and Head of Security Strategy in the Technology Strategy Group SAP Labs
Yuecel Karabulut is the Chief Security Advisor and Head of Security Strategy in the Technology Strategy Group at SAP Labs in Palo Alto. Yuecel is responsible for security technology scouting, leading, innovating and evangelizing cutting-edge security technologies for SAP and providing technical and strategic guidance to various SAP business units in the areas such as cloud computing security.
Previously, Yuecel worked as a Fellow in the Corporate Strategy Group and a Senior Research Scientist & Consultant in the Office of the Chief Scientist. Prior to joining the Office of the Chief Scientist Yuecel worked as a Senior Research Scientist at SAP Research North Americas and SAP Research EMEA responsible for leading advanced security technology research projects including academic research projects, large European Union funded research projects and internal technology transfer projects in the areas of application, platform & software security, and collaborative business processes. Yuecel also worked as an Adjunct Professor at Carnegie-Mellon University Silicon Valley where he taught a graduate security course and supervised an engineering practicum.
Yuecel has over 32 publications in highly recognized professional workshop, conference & journals, and holds more than 12 patents. He serves as general chair, program chair, advisory board member, program committee member as well as reviewer for several professional conferences, workshops and journals.
Yuecel holds a BSc Degree in Computer Science Engineering from Ege University, Turkey, a MSc Degree and PhD in Computer Science from the University of Dortmund, Germany. He is the recipient of DAAD – German Academic Exchange Service – Best Student Award.
Tim LeMaster - Director of Systems Engineering Juniper Networks, Inc.
Timothy LeMaster is Director of Systems Engineering at Juniper Networks, where he is responsible for driving product development efforts to meet the demands of public sector customers and for overseeing the activities of Juniper’s public sector systems engineers.
A government IT industry veteran, Mr. LeMaster leverages his more than 15 years of experience in telecommunications and networking for the benefit of Juniper’s public sector customers.
Prior to Juniper, he spearheaded the development of applications aiding the government in the management of a very large SONET/IP network for IT solutions provider Veridian. Mr. LeMaster has also held several positions in the government, ranging from network operations and network modeling to engineering. He is a former U.S. Air Force officer.LinkedIn: http://www.linkedin.com/in/timlemaster
Brad Minnis - Director of Environmental, Health, Safety and Security (EHS&S) Juniper Networks, Inc.
Brad Minnis is the director of Environmental, Health, Safety and Security (EHS&S) for Juniper Networks, Inc., where he is responsible for design, implementation and management of the company’s EHS&S function. Mr. Minnis has more than 20 years experience in management system design and EHSS operations for high technology companies.
Prior to joining Juniper Networks in 2001, Mr. Minnis held senior EHS&S positions at 3Com Corporation and National Semiconductor Corporation. Before becoming an EHS&S professional he served for 10 years in the United States Navy.
Mr. Minnis holds certificates in Occupational and Environmental Safety and Health from the University of Connecticut, and has been certified as a Protection Professional (C.P.P.) by the Professional Certification Board of ASIS International, since 1997.
Steve Lipner - Partner Director of Program Management, Trustworthy Computing Security Microsoft Corporation, Chairman of SAFECode
Steven B. Lipner is Partner Director of Program Management at Microsoft Corp where he is responsible for programs that provide improved product security for Microsoft customers. Lipner leads Microsoft’s Security Development Lifecycle (SDL) team and is responsible for the definition of Microsoft’s SDL and for programs to make the SDL available to organizations beyond Microsoft.
Lipner joined Microsoft in 1999. In late 2001, Lipner and his team devised the strategy of “security pushes” that, as part of the Trustworthy Computing initiative, enabled Microsoft to make rapid improvements in the security of its software and to change the corporate development culture to emphasize product security. The SDL is the product of these improvements, and is widely viewed as the industry’s leading secure software development process.
Before joining Microsoft, Lipner worked for a variety of software vendors and government contractors as a researcher, consultant, development manager and general manager in IT security. Many of the concepts whose development he led form the basis for today’s approaches to building secure systems.
Lipner is coauthor with Michael Howard of The Security Development Lifecycle (Microsoft Press, 2006) and is named as inventor on twelve U.S. patents and two pending applications in the field of computer and network security. He served two terms on the United States Information Security and Privacy Advisory Board and its predecessor. Lipner holds S.B. and S.M. degrees from the Massachusetts Institute of Technology and attended the Harvard Business School’s Program for Management Development.
Gary Phillips - Senior Director, Technology Assurance Symantec
Gary Phillips is a Senior Director of Technology Assurance in the Office of the CTO for Symantec Corporation and is a member of SAFECode’s Board of Directors. In his position at Symantec, Mr. Phillips manages a diversity of responsibilities, including open source operations and strategy, product security, interactions with all standards bodies, standards compliance, shared development tool investigations, shared code management, technology control planning and software supply chain management.
Prior to joining Symantec, Mr. Phillips held several senior management and technology leadership positions for Compaq, Schlumberger, Western Geophysical, and Fairchild. He is also currently a member of the Storage Networking Industry Association (SNIA) board of directors, the International Committee for IT Standards (INCITS) executive board, the Software and Information Industry Association software board, and the board of directors for IT-ISAC.
Mr. Phillips earned his Bachelors degree in Computer Science from the Georgia Institute of Technology and attended graduate school at the University of South Florida and the University of Houston.LinkedIn: http://www.linkedin.com/in/glphillips
Dan Reddy - Consulting Product Manager in the Product Security Office EMC
Dan Reddy is a Consulting Product Manager in the Product Security Office at EMC, a group that is charged with the continued driving of security improvements into EMC products. His primary focus is to work with EMC engineering groups to follow best practices to assure the integrity of EMC products as they are developed within the software supply chain.
In his various roles within his 13 years at EMC he has been consulting with EMC customers around product security issues and has been involved in numerous IT software development projects.
Prior to joining EMC, Dan spent 15 years at New England Electric, a major electric utility with nationally critical infrastructure where he held a variety of IT and business roles including Manager of Technical Services in IT and Staff Assistant to the Chief Operating Officer.
He also teaches Computer Science courses at Quinsigamond Community College in Massachusetts where has taught for over 33 years. He holds a B.A. from Tufts University in Education and two M. Ed. degrees from Worcester State College (Education and Computer Science). He has his CISSP and CSSLP security certifications.
Klaus Schimmer - Director of Government Relations SAP AG
Klaus Schimmer is a Director of Government Relations for SAP AG. He has been working with SAP as a communications specialist in the Corporate Security Department since 2003. He is responsible for communications strategies aimed at increasing the level of security awareness among SAP customers, partners and employees. Mr. Schimmer has also been in charge of the SAP Global Security Alliance, whose members provide IT security solutions within the SAP environment.
Reeny Sondhi - Senior Manager of Product Security Assurance EMC
Reeny Sondhi is Senior Manager of Product Security Assurance in the Product Security Office at EMC Corporation. She is responsible for driving the strategy and execution of the EMC Security Development Lifecycle, a companywide initiative to build security into every phase of the product development lifecycle. She also manages the EMC Product Security Response Center, which is responsible for reporting, managing, and resolving security vulnerabilities in EMC products and the EMC Security Certifications program.
Ms. Sondhi has a B.S. in Electronics & Telecommunications Engineering and a Master's Degree in Business Administration.
LinkedIn: http://www.linkedin.com/pub/reeny-sondhi/0/59/a1b
Blog: http://rsa.com/blog/blog.aspx?author=sondhi
Janne Uusilehto - Head of Product Security Nokia Vice Chairman of SAFECode
Janne Uusilehto is the Vice Chairman of SAFECode and he is also the Head of Nokia Product Security for which he is globally responsible for Nokia’s product security development. His team is the overall owner of Product Security and Product Security related education, awareness and process improvement tasks. He started working for the company in 1998.
Mr. Uusilehto first started his career in the ICT industry in 1982 where he worked as an independent software developer and consultant for small businesses. He then started working with security related tasks as an IT Support and Electronic Banking Specialist for several Finnish banks. Mr. Uusilehto was also a member of the Merita-Nordbanken Cash Management Services team who initiated Internet sales portals for Finland in mid 1990’s.
Currently, Mr. Uusilehto is also a member of several Nokia internal security related management boards, Nokia’s main representative to Trusted Computing Group, Chairman of TCG Mobile WG, and Chairman of DIGITALEUROPE mobile Security Issue group.LinkedIn: http://www.linkedin.com/in/uusilehto
We’d also like to thank Eng.Mohammed Osman Saeed - Ethical Hacker / Security Expert at Vision Valley for his efforts to assist us in maintaining the security of our site by reporting a vulnerability to our team so that it could be quickly fixed.