About the Research Fellowship Program
The appointed title of CSA Fellow is the highest honor and distinction awarded to a CSA Research Volunteer who has demonstrated significant accomplishments and contributions to CSA Research. The honor aims to recognize the talented and dedicated efforts of select CSA Research Volunteers, whose work has led to groundbreaking and forward-thinking advancements of the CSA.
Awarded throughout the year, experts are eligible to receive the CSA Research Fellow designation by meeting the following criteria:
- 100 hours of cumulative time volunteering in CSA research activities
- Material participation in a CSA working group culminating in a published research artifact
- One reference from a CSA staff member and one reference from an external member of the information security community
Interested individuals can submit their references and hours by filling out the submission form.
CSA Research Fellows are expected to contribute 10 hours annually to CSA research on an ongoing basis.
Individuals appointed the title of CSA Research Fellow will receive the following:
- Profile posted permanently on the CSA Research Fellow Directory on the CSA website *
- CSA Research Fellow Lapel Pin and digital logo
- CSA Research Fellow Certificate
- Free CCSK Test Token
- Periodic special offers and VIP activities will be made available
Should you be a CSA Research Fellow?
Please describe your roles, contributions, and hours involved, as they apply to CSA Working Groups (working group chair, initiative lead / white papers, peer reviews), Events (speaker, voluteer), CSA Certification & Training (CSA certs obtained, trainings attended), CSA Chapters (Officer, Board Member), CSA CloudBytes (speaker, sponsor), misc. activities (blog posts, grants, PR related activities).
Fill out the following form with your references and hours:
CSA Research Fellows
Principal: Privacy, Cloud and Security at Guide Holdings LLC
Jon-Michael C. Brook, Principal at Guide Holdings, LLC, has 20 years of experience in Information Security with such organizations as Raytheon, Northrop Grumman, Booz Allen Hamilton, Optiv Security and Symantec. Mr. Brook’s work traverses the
Contributions: Top Threats Working Group co-chair, Cloud Broker Working Group co-chair and contributor to several additional working groups. Certified Certificate of Cloud Security Knowledge+ (CCSK+) trainer and Cloud Controls Matrix (CCM) reviewer.
Security GRC Team of TCS Global Technology Practice for the IoT and Smart Cities
Abhik Chaudhuri (PMP, ITIL Expert, Certified in Cobit Foundation, IBM accredited Senior IT Specialist, certified ISO 27001:2013 ISMS Lead Auditor, Member of IEEE SIG on IoT and Corporate Member of CSA’s International Standardization Council) is
Abhik’s consulting papers on IT Governance, Cloud Governance, Security Audit of Virtual IT Systems, Sarbanes-Oxley Section 404 Compliance in ERP Systems and Grid Computing have been published in reputed journals like EDPACS, ISACA Journal and
Contributions: Co-author of ‘Security Guidance for Critical Areas of Focus in Cloud Computing V3’ and ‘Best Practices for Mitigating Risks in Virtualized Environments,’ as well as a contributor to additional reports. Member of several working groups; member and
Principle Cloud and Cyber Security Architect at T-Mobile, Inc
Aradhna is a Principle Cloud and Cyber Security Architect at T-Mobile Inc. and have been a contributing member of CSA since the inception. In the past she has worked as Lead Cloud & Cyber security Architect for Boeing and was awarded Associate
Contributions: Contributing member to CSA V 2.0 and V 3.1, the Software Defined Perimeter (SDP) 1.0 specification and the SecaaS and Identity Access Management (IAM) Working Groups. Led the development of the SecaaS Web Security domain and served as technical
Director at GTB Technologies, Inc
Wendy is a seasoned Global Operations / Data Security Executive with extensive experience and a successful track record in both start-up and public companies. Currently Wendy is a Director at GTB Technologies, Inc. a leading independent Data
Contributions: Co-lead of the SecaaS Category Leads Data Loss Prevention (DLP) Group; leader of the 2016 SecaaS Category Leads DLP Group. CSA LA Chapter participant.
Founder of Cloud Watchmen, Inc.
Sean Cordero brings more than 15 years of information security and IT experience to his current role as director, information security at Optiv. Cordero provides executive level advisement for the company’s Fortune 50 clients. Cordero’s prior
Cordero is a thought-leader and serves as chair of the Cloud Security Alliance’s (CSA) Cloud Control Matrix working group where he drives the development of security standards for cloud computing. Cordero was awarded the 2013 Ron Knode Service
Cordero is active in the conference speaking circuit where he has presented for CSO magazine, the CSA, the High Technology Crimes Association, Secure360, the University of California, Bsides, and ISACA. Cordero is CISSP, CRISC, CISM and CISA.
Contributions: Evangelized use of CCM and the CSA Security, Trust and Assurance Registry (STAR) across the industry at conferences, webinars and podcasts. Co-led the development of the CCM and helped drive CCM versions 1.3, 1.4, and 3.0. Recipient of 2013 Ron
Product Expertise Spokesperson for BSI Group Americas
John DiMaria is the Sr. Product Manager, System Certification for BSI Americas. He has 30 years of successful experience in Standards and management System Development, including Information Systems, ISMS, Business Continuity and Quality
John has been a keynote speaker internationally, and featured in many publications concerning various topics regarding security, quality and business continuity. He has served on committees that influence legislation and drive international
Contributions: Co-chair of the Open Certification Framework (OCF) and Cloud Trust Protocol (CTP) Working Groups; key innovator and co-author of the CSA STAR certification; designed and developed the CSA STAR webinars.
Regional Standards Officer, Microsoft’s Corporate Standards Group
Andreas Fuchsberger is a Standards Officer in Microsoft’s Corporate Standards Group. In this role he participates in the international standards community, predominantly attending ISO/IEC JTC 1/SC 27 (IT Security Techniques) as a UK NB delegate
Andreas co-chairs the Cloud Security Alliance’s International Standards Council where he is the liaison officer to ITU-T SGs 13 and 17. He also co-chairs CSA’s Open Certification Framework working group. He has been an appointed member of (ISC)2‘s
Previously Andreas was a full-time academic at the internationally recognized Information Security Group at Royal Holloway, University of London, where he previously lectured in the areas of network, computer and software security. He has over 20
Andreas holds the joint CSA/(ISC)2 CCSP as well as CISSP, ISSAP and CSSLP credentials of (ISC)2. He is a registered Chartered Engineer (CEng) of the Engineering Council UK as well as a EUR ING of Fédération Européenne d’Associations Nationales
Contributions: Co-chair of the CSA’s International Standardization Council and Open Certification Working Group Leadership. Speaker at numerous events, including the 2015 U.S. Congress and the CSA APAC CISO Forum in 2013.
Chief Security Strategist at prpl Foundation
Cesare Garlati is an internationally renowned leader in information security. Former Vice President of mobile security at Trend Micro, Cesare currently serves as Chief Security Strategist at prpl Foundation and Co-chair of the Mobile Working Group
Cesare has been frequently quoted in the press, including such media outlets as The Economist, Financial Times, The Register, The Guardian, ZD Net, SC Magazine, Computing and CBS News. An accomplished public speaker, Cesare also has delivered
Cesare holds a Berkeley MBA, a BS in Computer Science and numerous professional certifications from Microsoft, Cisco and Sun.
Contributions: Co-founder and co-chair of the Mobile Working Group; provided critical research for the Security Guidance for Critical Areas of Mobile Computing and Security Guidance for Early Adopters of the IoT papers. Represented CSA and the Mobile Working Group
Hitachi Data Systems’ CTO Security & Privacy
Eric Hibbard is Hitachi Data Systems’ CTO for Security & Privacy where he leads the Hitachi product-oriented security strategy activities with an emphasis on data and storage security. He is a senior security professional with expertise in
Contributions: Created the original ‘Top Threats’ to the cloud; co-chair and founder of the SDP Workgroup, where he invented SDP and managed all major activities. Authored numerous blog posts; speaker at numerous events, including CloudBytes presentations.
Chief Technology Officer for OpenDNS
Dan Hubbard is Chief Security Architect at Lacework, driving innovation and expanding the company’s security strategy for public and private clouds. A pioneering force in Internet security, Dan’s expertise spans from reputation and advanced
Contributions: Built and defined the ‘Top Threats’ report; a featured speaker on behalf of the CSA at numerous events.
Founder and CTO of Vidder
Junaid Islam is the CTO and founder of Vidder which provides distributed access control solutions to Fortune 500 companies. Prior to founding Vidder, Junaid founded Bivio Networks which developed the first Gigabit speed software based security
In addition to his work in the technology industry Junaid has served at the local and national levels. Junaid served as the Human Relations Commissioner of Santa Clara Country (Silicon Valley) from 2002 to 2009. Currently Junaid is the Co-Chair of
Contributions: Co-chair of the SDP Working group; co-author and chief architect behind the SDP specification. Presenter at several events including U.S. Congress 2013, CSA Congress in 2014 and 2015 and CSA Summit Hack-a-thon host. Recipient of the Ron Knode Award.
Working for more than 20 years within the ICT industry, focussing on information security, Bernd’s scope ranges from security management related activities down to a deep, “hands-on” level of understanding of today’s threats and countermeasures.
Working for Telecommunication-, Internet-, Cloud and Technology Service provider, Bernd designed and implemented highly customized security solutions, developed technical blueprints and products, conducted security audits and penetration tests,
His most recent work is focused on security architectures for the software defined (virtualized) future of data centre and network services in a provider environment and as member of the “Office of the CTO” writing strategic technology papers and
As chair of the Telecom Working Group and contributor to variety of research initiatives within the Cloud Security Alliance, as speaker at conferences and writer, Bernd is actively supporting the international research community, promoting
Contributions: Co-chair of the Telecom Working Group; member of the Virtualization Working Group; founding member of the Incident Management & Forensic Working Group and contributor to several of its publications.
Dr. Ryan Ko
CSA APAC Research Advisor
Dr Ryan Kok-Leong Ko is Head of Cyber Security Lab and Senior Lecturer at the University of Waikato, New Zealand, Affiliate Faculty Member at Idaho State University, USA, and Asia Pacific Research Advisor for the Cloud Security Alliance.
In 2013, he established New Zealand’s first Master of Cyber Security, and NZ’s first university-led cyber security graduate research programme with the Cyber Security Lab at the University of Waikato. Waikato’s Cyber Security Lab also hosts the NZ
Recipient of the inaugural Cloud Security Alliance (CSA) Ron Knode Service Award in 2012, Dr Ryan Ko has served as a CSA APAC volunteer since CSA’s beginnings, including pioneering research via the formation of the CSA Data Governance Working
Dr Ko is principal investigator of the MBIE-funded NZ$12.23 million (incl. GST) STRATUS research project – NZ’s largest scientific research grant in the field of computer science. Dr Ko publishes extensively, in indexed academic journals, ranked
Prior to his academic career, Dr Ko was a lead computer scientist with HP Labs, leading security innovation and technology transfers for cloud data provenance solutions deployed across USA, EU and Asia. He serves as a technical advisor and board
CISO for Blue Cross and Blue Shield
Yaron Levi is an IT practitioner for over 20 years and Information Security for over 10. Served in various roles including Programming, Database Administration, Architecture and Leadership. He started working on Cloud projects in 2009 and joined
Currently, he is the CISO for Blue Cross and Blue Shield of Kansas City, He is the founder of CISO Forum KC and worked as Director of Information Security for Cerner Corporation, Information Security Business Partner for Intuit, Information
Contributions: Co-chair and architect of the Cloud Enterprise Architecture, contributed to Consensus Assessments Initiative Questionnaire (CAIQ) v1.0 and CCM V1.x; promoted the CSA as best practice in various cloud projects while working at eBay, Intuit, Cerner and
Contributions: Member of CSA International Standards Council (ISC). Represented CSA as the Liaison Officer to ISO/IEC JTC 1/SC 38 and ISO/IEC JTC 1/SC 27, and as editor on ISO/IEC 19086-3. Participant on the Service Level Agreements and Cloud Trust Protocol Working
Security and Compliance, MaaS360
David is a seasoned security professional with nearly 20 years of experience in risk management, information security, compliance, and policy development. Throughout his career David has performed risk and vulnerability assessments along with
Currently in charge of security and compliance for MaaS360 by IBM, David has managed projects to get Fiberlink SAS70-Type2 and more recently SOC2 Type II. David also recently led Fiberlink through audits to receive Federal Information Security
David helped design MaaS360’s cloud architecture model, and is an active member of the Cloud Security Alliance including being a co-chair for their Mobile Working Group and contributor to the development of the CSA Cloud Control Matrix as well as
Prior to Fiberlink David worked as a security consultant performing security assessments and project management for multiple fortune 500 companies including Merck, CIGNA, Campbell Soup, Sanofi-Aventis and Wyeth (later purchased by Pfizer). This
Contributions: Co-chair of the Mobile Working Group; co-founder of IoT Working Group; contributor to CCM and Subject Matter Expert Working Groups. President of the CSA Delaware Valley Chapter. Contributor to multiple online publications and served as a speaker on
Director of Enterprise and Security Architecture for the Healthcare Technology Excellence Group
Daniel Logan is a Certified Information Security Professional and was proud to be the co-chair of the CSA Enterprise Architecture working group between 2011 and 2014.
Professionally, he has served as Senior Director of Security Architecture at UnitedHealth Group and he is currently Director of Enterprise and Security Architecture for the Healthcare Technology Excellence Group at Tata Consultancy Services.
Contributions: Co-chair of the Enterprise Architecture Working Group; contributor to the CCM 3.0 to align EA work with CCM work. Represented the working group in collaboration with NIST Cloud Security Working group.
Chief Security Engineer and Executive Consultant, Emagined Security Inc.
Executive Director, CSA Japan Chapter
Masahiro Morozumi is the executive director of CSA Japan Chapter. He is a founding member of CSA Japan Chapter. He has been working for information security, and founded his own consulting firm back in 2014 with the aim to promote Cloud adoption
In addition to the experience of information security, he has an engineering experience for UNIX operating system and Oracle database. He also graduated from The University of Electro-Communications with a Master in Management Engineering.
Contributions: Member of CCM, IoT and Guidance Working Groups; contributor to ISO27017 mapping to CCM; managed CSA Japan Summit and Congress; served as Executive Director of the CSA Japan Chapter.
Chief Engineer and Director of Advanced Programs, Secure Missions Solutions
Tim Owen, Chief Engineer and Director of Advanced Programs for Secure Missions Solutions, a Parsons Company, has spent 30 years developing, implementing, operating, and assuring complex, high-performance networking and computing environments. He
Contributions: Contributing member of the SecaaS, Mobile, IoT Working Groups; category lead for Intrusion Management and Continuous Monitoring Working Groups; contributed and presented on numerous research projects, including SecaaS Security Information and Event
Fellow at Fujitsu Laboratories of America (FLA)
Dr. Sreeranga Rajan is currently a Fellow at Fujitsu Laboratories of America (FLA), Sunnyvale, CA. Globally, Fujitsu Laboratories has a rich 50 year history of cutting edge innovation and research. Dr. Rajan joined FLA from SRI International
Contributions: Founding chair of the Big Data Working Group and lead and co-author of many publications, white papers, and peer reviews.
Henry St. Andre
Director of Trust Services for inContact
Henry St. Andre began his career in telecommunication 32 years ago, in 1984 during the break-up and divestiture of AT&T. He served as Director of Operations for over 25 years working for several different regional telecommunications providers
Contributions: Has served as SME Council co-chair for the past five years; member of several working groups, including the Mobile, SLA, Big Data, Telecom and Cloud Maturity Model; recipient of the 2012 Ron Knode Award.
Dr. Said Tabet
Senior Technologist and Industry Standards Strategist in the Corporate Office of the CTO at EMC
Dr. Said Tabet is a member of the Object Management Group Board of Directors and the principal EMC representative to the Industrial Internet Consortium. Said is the Chair of the INCITS CS1 Secure Cloud Computing Ad-Hoc Group, and a member of the
Contributions: Member of the Cloud Security Alliance International Standardization Council, co-Chair of the SME Council Cloud Trust Working Group co-chair, and the Cloud Security SLA working group. Regular speaker and panelist at industry conferences and
Senior Innovation Analyst for Cloud Security Alliance
Damir Savanovic (M) is a security evangelist and subject matter expert in the areas of security governance, risk and compliance, data protection. With over 15 years of experience in cyber security, he has a vast experience and knowledge of cyber security and privacy standards, laws and regulations. Damir worked a Senior Innovation Analyst and Program Manager at Cloud Security Alliance, CISO and IT Quality Manager in SKB, Société Générale Group, and as IS Auditor at EY. Damir graduated from University of Ljubljana (Slovenia) in Information Technology and holds CCSK, CISM, CISA and ISO/IEC 27001 Lead Auditor certifications.
Contributions: Contributions to Security Guidance, Cloud Control Matrix, GDPR Code of Conduct, project manager for Financial Services Stakeholder Platform, Open Certification Framework and Cloud Audit (CCAK) Expert Group. Damir was active in the CSA International Standardization Council andresponsible for EMEA research and innovation projects CloudWatch, CloudWatch2, PICSE and EU-SEC.