About the Research Fellowship Program
The appointed title of CSA Fellow is the highest honor and distinction awarded to a CSA Research Volunteer who has demonstrated significant accomplishments and contributions to CSA Research. The honor aims to recognize the talented and dedicated efforts of select CSA Research Volunteers, whose work has led to groundbreaking and forward-thinking advancements of the CSA.
Awarded throughout the year, experts are eligible to receive the CSA Research Fellow designation by meeting the following criteria:
- 100 hours of cumulative time volunteering in CSA research activities
- Material participation in a CSA working group culminating in a published research artifact
- One reference from a CSA staff member and one reference from an external member of the information security community
Interested individuals can submit their references and hours by filling out the submission form.
CSA Research Fellows are expected to contribute 10 hours annually to CSA research on an ongoing basis.
Individuals appointed the title of CSA Research Fellow will receive the following:
- Profile posted permanently on the CSA Research Fellow Directory on the CSA website *
- Free CCSK Test Token
- Periodic special offers and VIP activities will be made available
Should you be a CSA Research Fellow?
Please describe your roles, contributions, and hours involved, as they apply to CSA Working Groups (working group chair, initiative lead / white papers, peer reviews), Events (speaker, voluteer), CSA Certification & Training (CSA certs obtained, training attended), CSA Chapters (Officer, Board Member), CSA CloudBytes (speaker, sponsor), misc. activities (blog posts, grants, PR related activities).
Fill out the following form with your references and hours:
CSA Research Fellows
Dr. Jim Angle
Jim has dedicated hundreds of hours to CSA and was instrumental in reviving CSA’s Health Information Management working group. In doing so, he drafted the group’s first charter and went on to become its co-chair. In this role, he authored three papers — Managing the Risk for Medical Devices Connected to the Cloud, Telehealth in the Cloud, and Healthcare Big Data in the Cloud — and serves as the working group's representative on the CSA International Standardization Council. Jim spoke at the CSA Summit/ISC2 Congress in Orlando in 2019. Additionally, he authored a paper currently under consideration by CSA’s Blockchain working group. He is the manager of Network Security - Vulnerability Management at Trinity Health and has a doctorate in business administration with a specialization in computer and information security. He has over 25 years of experience in multiple areas of IT, culminating as the Deputy CIO for an army hospital, and more than 19 years of information security experience in both government service and the private sector.
Jon-Michael C. Brook, Principal at Guide Holdings, LLC, has 20 years of experience in Information Security with such organizations as Raytheon, Northrop Grumman, Booz Allen Hamilton, Optiv Security and Symantec. Mr. Brook's work traverses the government, financial, healthcare, gaming, oil and gas and pharmaceutical industries. Mr. Brook obtained a number of industry certifications, including CISSP and CCSK, has patents and trade secrets in intrusion detection, enterprise network controls, cross domain security and semantic data redaction. He has spoken at numerous events, including the Hackers on Planet Earth (HOPE), Cloud Security Alliance (CSA) Congress, IAPP Privacy Conferences and DoD Cyber Crime Conference. Additionally, Mr. Brook has contributed to a number of CSA projects over the past six years, and currently co-chairs the CSA Top Threats and Cloud Broker Working Groups. He holds a BS-CEN from the University of Florida and an MBA from the University of South Florida.
Contributions: Top Threats Working Group co-chair, Cloud Broker Working Group co-chair and contributor to several additional working groups. Certified Certificate of Cloud Security Knowledge+ (CCSK+) trainer and Cloud Controls Matrix (CCM) reviewer.
Security GRC Team of TCS Global Technology Practice for the IoT and Smart Cities
Abhik Chaudhuri (PMP, ITIL Expert, Certified in Cobit Foundation, IBM accredited Senior IT Specialist, certified ISO 27001:2013 ISMS Lead Auditor, Member of IEEE SIG on IoT and Corporate Member of CSA’s International Standardization Council) isin the 14th year of IT Consulting profession and leading the Security GRC Team of TCS Global Technology Practice for the IoT and Smart Cities. Abhik has work exposure in Security GRC for Payment Card, Banking, Healthcare, Insurance andverticals in multiple roles. A recipient of “British Chevening Fellowship” in Cyber Policy, “On the Spot Award of Excellence” at TCS and 2-time “Best-of-IBM Award” winner, Abhik has executed IT Security GRC consulting projects in diversefor reputed clients in the US, Europe, Latin America and Australia. He has been a working group member for preparing Cloud Security Alliance’s Cloud Control Matrix V1.2, the Cloud Security Guidance V3.0, Best Practices for Mitigatingin Virtualized Environments, Summary Guidance on Identity and Access Management for the Internet of Things and has been an official peer reviewer for CSA’s SecaaS Implementation Guidance (Category 2: Data Loss Prevention).
Abhik’s consulting papers on IT Governance, Cloud Governance, Security Audit of Virtual IT Systems, Sarbanes-Oxley Section 404 Compliance in ERP Systems and Grid Computing have been published in reputed journals like EDPACS, ISACA Journal andNotes in Computer Science (Springer Verlag). His research works have been widely accepted by both academia and industry. Deloitte Australia has utilized Abhik’s “IT Governance Matrix” and consulting paper for IT Governance Audit at AustralianUniversity. IESEG Business School (University of Lille, France) and Mackenzie University (Brazil) have identified Abhik’s consulting paper on SOX-404 compliance as reference knowledge material in Master’s programme. Abhik has been inductedthe Editorial Board of EDPACS Journal (Taylor & Francis) in 2013.
Contributions: Co-author of ‘Security Guidance for Critical Areas of Focus in Cloud Computing V3’ and ‘Best Practices for Mitigating Risks in Virtualized Environments,’ as well as a contributor to additional reports. Member of several working groups; member andreviewer for the Security as a Service (SecaaS) Working Group.
Senior Director Executive- Cloud Security
Aradhna serves as a Senior Director Executive- Cloud Security at TIAA, a financial services company. She is responsible for the cloud security vision, strategy, standards, security patterns for a multi-cloud hybrid enterprise and engineer security solutions, to support the vision. Aradhna has worked in various Cybersecurity leadership roles at JP Morgan Chase, Boeing Company, Microsoft & T-Mobile.
Aradhna is an active member in the cyber security industry. She is Co-Chair of Cloud Native Computing Foundation Security TAG, Co-Chair for CSA Serverless Working group and a Cloud Security Alliance Research Fellow; Contributing to CNCF, Cloud Security Alliance and NIST Cloud computing standards, Aradhna has influenced best practices & standards for cloud, containers and micro services security. She has also been providing expert guidance to a number of startups on security product roadmaps and feature development especially, in the area of Identity & Access Management, Zero Trust and Container Security etc.
Aradhna has a Master's in Cybersecurity, a Bachelor's in Electrical Engineering, a CISSP and CCSP from ISC2.org. Outside of work, Aradhna enjoys hiking, snow shoeing and volunteering for women's causes.
Cybersecurity, Chevron IT Company
Edward is a Distinguished Engineer in Cybersecurity at Chevron Technical Center. He serves in CSA's Quantum-Safe Security working group, during which time he authored “Preparing Enterprises for the Quantum Computing Cybersecurity Threats,” and co-authored “A Day Without Safe Cryptography.” His experience includes cybersecurity R&D and operations, software engineering, development, and security in oil and gas, IT consulting, and software development companies. Edward is a technology visionary and evangelist, who raises awareness regarding the importance of preparing for quantum threat mitigation. He received an Engineering Physics degree from McMaster University, an MBA from The Chinese University of Hong Kong, and pursued graduate studies in Computer Science. He holds CISSP and CSSLP certifications and is a member of IEEE.
Director at GTB Technologies, Inc
Wendy is a seasoned Global Operations / Data Security Executive with extensive experience and a successful track record in both start-up and public companies. Currently Wendy is a Director at GTB Technologies, Inc. a leading independent Datafirm. In this role, Wendy applies over 15 years of experience to create data protection services for both the company’s internal networks as well as its’ clients. This position has also permitted Wendy to create a data discovery donationin memory of her sister, Leslie. The program helps nonprofit cancer organizations avoid heavy fines and damaging publicity while achieving compliance and maintaining patient privacy by receiving donations of GTB’s market leading Discovery andClassification tools.
Contributions: Co-lead of the SecaaS Category Leads Data Loss Prevention (DLP) Group; leader of the 2016 SecaaS Category Leads DLP Group. CSA LA Chapter participant.
Sean Cordero brings more than 15 years of information security and IT experience to his current role as director, information security at Optiv. Cordero provides executive level advisement for the company’s Fortune 50 clients. Cordero’s prior leadership roles included: President of Cloud Watchmen, CSO for EdFund, CSO for ECMC West, Director of Security and Compliance for Charlotte Russe.
Cordero is a thought-leader and serves as chair of the Cloud Security Alliance’s (CSA) Cloud Control Matrix working group where he drives the development of security standards for cloud computing. Cordero was awarded the 2013 Ron Knode Service Award by the Cloud Security Alliance for his contributions to cloud research.
Cordero is active in the conference speaking circuit where he has presented for CSO magazine, the CSA, the High Technology Crimes Association, Secure360, the University of California, Bsides, and ISACA. Cordero is CISSP, CRISC, CISM and CISA.
Contributions: Evangelized use of CCM and the CSA Security, Trust and Assurance Registry (STAR) across the industry at conferences, webinars and podcasts. Co-led the development of the CCM and helped drive CCM versions 1.3, 1.4, and 3.0. Recipient of 2013 Ron Knode Award.
STAR Program Director, CSA
Rajat is an accomplished Cyber Security professional with 12+ years of experience in IT security, Cyber Strategy, Risk Advisory, and Security Compliance for the Insurance, Banking, and Financial Industries.
He possesses advanced knowledge of cyber security, risk assessment, risk advisory, data privacy, data compliance, network infrastructure, etc.
He holds a Master of Engineering in Cyber Security - Policy and Compliance from George Washington University, Washington D.C., and a Master of Business Administration from Rotman School of Management - University of Toronto.
Zou has been working in IT for 15+ years with a strong technical
background and broad experience in heterogeneous systems and
Starting as Communication Engineer at ICBC, the largest bank in China, Zou maintained legacy telecommunication circuits and an IBM mainframe communication controller. During this period, Zou built up their first experience in data security by implementing a cipher machine to encrypt data.
In 1998, Zou joined SGS-CSTC. With the boom of the IT industry around Y2K, Zou became an enthusiastic IT practitioner and has undertaken different roles, including IT support, Support Supervisor, and network administrator. Prior to relocating to Australia, as Regional Network Manager based in Hong Kong, Zou was responsible for overseeing the operation of the Asia Pacific network, managing corporate security infrastructure, and providing technical support for SGS affiliates in 13 counties.
Christopher Frenz is the AVP of IT Security for Mount Sinai South Nassau. Christopher is widely regarded as being one of the first healthcare security leaders to embrace a zero-trust model for network security and for taking an evidence-based approach to solving security challenges. Christopher has also played a role in pushing for the adoption of improved security standards within healthcare, led the development of the OWASP Secure Medical Device Deployment Standard, and co-led the development of the CSA Medical Device Incident Response Playbook Guidance. He has also served as an author on the OWASP Anti-Ransomware Guide and as an author on the CSA Telesurgery Tabletop Guide. He is currently involved in the CSA Medical Device Attack Flow project and in revitalizing the CSA HPC Working Group. Christopher’s security expertise has been highlighted in The Financial Times, HealthTech Magazine, CSO Magazine, SC Magazine, and many other publications.
STAR Program Business Development Manager and Evangelist, CSA
Andreas Fuchsberger is a Standards Officer in Microsoft’s Corporate Standards Group. In this role he participates in the international standards community, predominantly attending ISO/IEC JTC 1/SC 27 (IT Security Techniques) as a UK NB delegateITU-T SG 17 (Security) as an ISO invited expert. Currently for SC 27 he is the convener of the Special Working Group on Traversal Items and the editor of 2 international standards on network security and security information and event management (SIEM).
Andreas co-chairs the Cloud Security Alliance’s International Standards Council where he is the liaison officer to ITU-T SGs 13 and 17. He also co-chairs CSA’s Open Certification Framework working group. He has been an appointed member of (ISC)2‘sSecurity Advisory Board (ASAB)
Previously Andreas was a full-time academic at the internationally recognized Information Security Group at Royal Holloway, University of London, where he previously lectured in the areas of network, computer and software security. He has over 20of experience in teaching and running training programmes in IT security architecture, design and programming. He has published articles on programming and network security, intrusion detection/prevention and vulnerability analysis.
Andreas holds the joint CSA/(ISC)2 CCSP as well as CISSP, ISSAP and CSSLP credentials of (ISC)2. He is a registered Chartered Engineer (CEng) of the Engineering Council UK as well as a EUR ING of Fédération Européenne d’Associations Nationales’Ingénieurs (FEANI).
Contributions: Co-chair of the CSA’s International Standardization Council and Open Certification Working Group Leadership. Speaker at numerous events, including the 2015 U.S. Congress and the CSA APAC CISO Forum in 2013.
Chief Security Strategist at prpl Foundation
Cesare Garlati is an internationally renowned leader in information security. Former Vice President of mobile security at Trend Micro, Cesare currently serves as Chief Security Strategist at prpl Foundation and Co-chair of the Mobile Working GroupCloud Security Alliance. Prior to Trend Micro, Mr. Garlati held director positions within leading mobility companies such as iPass, Smith Micro Software and WaveMarket. Prior to this, he was senior manager of product development at Oracle, whereled the development of Oracle’s first cloud application and many other modules of the Oracle E-Business Suite.
Cesare has been frequently quoted in the press, including such media outlets as The Economist, Financial Times, The Register, The Guardian, ZD Net, SC Magazine, Computing and CBS News. An accomplished public speaker, Cesare also has deliveredand highlighted speeches at many events, including the Mobile World Congress, Gartner Security Summits, IDC CIO Forums, CTIA Applications, CSA Congress and RSA Conferences.
Cesare holds a Berkeley MBA, a BS in Computer Science and numerous professional certifications from Microsoft, Cisco and Sun.
Contributions: Co-founder and co-chair of the Mobile Working Group; provided critical research for the Security Guidance for Critical Areas of Mobile Computing and Security Guidance for Early Adopters of the IoT papers. Represented CSA and the Mobile Working Groupnumerous panels and speaking engagements.
Hitachi Data Systems’ CTO Security & Privacy
Eric Hibbard is Hitachi Data Systems’ CTO for Security & Privacy where he leads the Hitachi product-oriented security strategy activities with an emphasis on data and storage security. He is a senior security professional with expertise in information assurance, privacy, storage, cloud computing, eDiscovery and enterprise ICT. He leverages this expertise and extensive experience in the public and private sectors in leadership roles within the ABA, CSA, INCITS, IEEE and SNIA. Hibbard currently serves as the ISO editor of ISO/IEC 27040 (Storage security), ISO/IEC 27050 (eDiscovery) and ISO/IEC 17788 (Cloud computing). He speaks internationally and is published. Hibbard holds a BSCS along with the CISSP-ISSAP, ISSEP, ISSMP and CISA certifications. – See more at: http://www.rsaconference.com/speakers/eric-hibbard#sthash.dEjfY17n.dpuf
Contributions: Created the original ‘Top Threats’ to the cloud; co-chair and founder of the SDP Workgroup, where he invented SDP and managed all major activities. Authored numerous blog posts; speaker at numerous events, including CloudBytes presentations. Recipient of the Ron Knode Award.
Chief Technology Officer for OpenDNS
Dan Hubbard is Chief Security Architect at Lacework, driving innovation and expanding the company’s security strategy for public and private clouds. A pioneering force in Internet security, Dan’s expertise spans from reputation and advancedsystems to large-scale security data mining, and cloud security. Prior to Lacework, Dan was CTO at OpenDNS, helped deliver the world’s largest cloud security network that led to the $600M acquisition by Cisco. Prior to OpenDNS, Dan wasat Websense, led R&D, launched the Websense Security Labs, and was instrumental in the company’s success from early days through successful IPO. Dan owns several patents in the areas of data classification and cloud security and is a frequent speaker at security conferences globally.
Contributions: Built and defined the ‘Top Threats’ report; a featured speaker on behalf of the CSA at numerous events.
Security Services Manager
Salman Hussain is an Information Security consultant and Security Services Manager at IBM.
He has been in the industry for more than 13+ years. He has experience in Cyber Security, Security Solutions and Delivery, Data Privacy, NextGen-SOC, Risk and Compliance, CTI, Managed Security Services, and IoMT.
His experience includes working closely with customers advising them on technical security practices, security solutions, and architectures, and advanced threat mitigation strategies, including Security Operation Transitions and transformation for industries like Financial, Healthcare, Oil&Gas, etc.
Bruno has co-chaired CSA’s Quantum-Safe Security working group, which was formed to address key generation and transmission methods and help the industry understand quantum‐safe methods for protecting their networks and their data, for approximately six years. As such, he has participated in writing most of the group’s research papers and has given several presentations about the group’s work. Bruno joined ID Quantique in 2014, where he’s responsible for the business development and product management in the quantum security division. Over the course of his career, Bruno has participated in and given lectures at many international conferences. He has also been active in standardization organizations, first in ITU-T on the polarization effects in optical fibers, then in SAE, ARINC and ASD/STAN for applications of optical fibers in aviation. Bruno is an engineer (Ecole Centrale Paris) and a physicist (PhD from the Technion, Israel Institute of Technology).
Secure Communications Expert
Junaid Islam is the CTO and founder of Vidder which provides distributed access control solutions to Fortune 500 companies. Prior to founding Vidder, Junaid founded Bivio Networks which developed the first Gigabit speed software based securityin the industry. Earlier in his career Junaid helped create networking standards such as Frame Relay, ATM and MPLS while at StrataCom and Cisco.
In addition to his work in the technology industry Junaid has served at the local and national levels. Junaid served as the Human Relations Commissioner of Santa Clara Country (Silicon Valley) from 2002 to 2009. Currently Junaid is the Co-Chair ofSoftware Defined Perimeter (SDP) research group which supports a number of US national cyber security initiatives.
Contributions: Co-chair of the SDP Working group; co-author and chief architect behind the SDP specification. Presenter at several events including U.S. Congress 2013, CSA Congress in 2014 and 2015 and CSA Summit Hack-a-thon host. Recipient of the Ron Knode Award.
Working for more than 20 years within the ICT industry, focussing on information security, Bernd’s scope ranges from security management related activities down to a deep, “hands-on” level of understanding of today’s threats and countermeasures.
Working for Telecommunication-, Internet-, Cloud and Technology Service provider, Bernd designed and implemented highly customized security solutions, developed technical blueprints and products, conducted security audits and penetration tests,and introduced new technologies, trained employees and customers as well as provided internal and external consultancy at all times. In addition to that he had been part of Cyber Security Incident Response Teams supporting forensics, malwareand application vulnerability testing.
His most recent work is focused on security architectures for the software defined (virtualized) future of data centre and network services in a provider environment and as member of the “Office of the CTO” writing strategic technology papers andguidance to the executive committee.
As chair of the Telecom Working Group and contributor to variety of research initiatives within the Cloud Security Alliance, as speaker at conferences and writer, Bernd is actively supporting the international research community, promotingbest practice and knowledge. In 2012 he received the Ron Knode Service Award recognizes excellence in volunteerism and is awarded in memory of Ron Knode, a cherished member of the CSA community.
Contributions: Co-chair of the Telecom Working Group; member of the Virtualization Working Group; founding member of the Incident Management & Forensic Working Group and contributor to several of its publications.
Co-founder and CEO, RegScale
Anil Karmel is the Co-Founder and CEO of RegScale, which helps organizations start and stay compliant via the world's first real-time GRC platform. Formerly, Anil served as the National Nuclear Security Administration's (NNSA) Deputy Chief Technology Officer. Karmel began his government career as a Technical Staff Member of Los Alamos National Laboratory (LANL) and was responsible for inventing their cloud and collaboration technologies Karmel and his team have garnered industry and government accolades, including the SANS National Cyber Security Innovators Award for Cloud Security, InformationWeek 500 Top Government IT Innovators, ACT/IAC Excellence.gov Award and the DOE Secretary's Achievement Award. Anil currently serves as the president of the Cloud Security Alliance’s DC Metro Area Chapter and as a member of the CSA's CxO Trust Advisory Council.
Balaji is an active contributor to several CSA working groups, including Hybrid Cloud Security and Artificial Intelligence, and has had articles published in well-known journals. Currently, he is a nationally and internationally acclaimed global IT/cloud infrastructure manager for Natsoft Corp., where he is responsible for the leadership, management, and direction of the enterprise’s data science and AI initiatives through machine learning, computer vision, and NLP predictive analytics. Responsible for exploring AI options in the market space and educating the enterprise on these opportunities, he provides strategic guidance through the implementation and iteration of predictive algorithms for improved program outcomes through tool and resource development. Balaji has a successful track record of prioritizing and delivering multiple high-dollar projects using the synergistic multi-disciplinary application of data science and six sigma quality methodologies in an agile software development environment.
Dr. Ryan Ko
Asia Pacific Research Advisor
Dr Ryan Kok-Leong Ko is Head of Cyber Security Lab and Senior Lecturer at the University of Waikato, New Zealand, Affiliate Faculty Member at Idaho State University, USA, and Asia Pacific Research Advisor for the Cloud Security Alliance.
In 2013, he established New Zealand’s first Master of Cyber Security, and NZ’s first university-led cyber security graduate research programme with the Cyber Security Lab at the University of Waikato. Waikato’s Cyber Security Lab also hosts the NZ Cyber Security Challenge since 2014. Dr Ko is recipient of the University of Waikato’s Early Career Academic Excellence, Nola Campbell Memorial ELearning Excellence, and the 2014, 2015 Faculty Teaching Excellence Awards.
Recipient of the inaugural Cloud Security Alliance (CSA) Ron Knode Service Award in 2012, Dr Ryan Ko has served as a CSA APAC volunteer since CSA’s beginnings, including pioneering research via the formation of the CSA Data Governance Working group, CSA Cloud Vulnerabilities Working Group, and as curriculum and examination co-creator of the (ISC)2-CSA Certified Cloud Security Professional (CCSP).
Dr Ko is principal investigator of the MBIE-funded NZ$12.23 million (incl. GST) STRATUS research project – NZ’s largest scientific research grant in the field of computer science. Dr Ko publishes extensively, in indexed academic journals, ranked computer science conference proceedings, international patents, and most recently, co-edited the book on “The Cloud Security Ecosystem – Technical, Legal, Business and Management Issues” with Elsevier. Dr Ko also leads virtualized server security standardization as a technical committee member of the ISO/IEC JTC 1/SC 27 and SPRING/ IDA IT Standards Committee SPSTC.
Prior to his academic career, Dr Ko was a lead computer scientist with HP Labs, leading security innovation and technology transfers for cloud data provenance solutions deployed across USA, EU and Asia. He serves as a technical advisor and board members to NZ listed companies, startups and international organisations, including the NZX-listed LIC, NYRIAD Ltd, and the INTERPOL. Dr Ko holds a B.Eng. (Computer Engineering) (Hons.) and a Ph.D. with the Nanyang Technological University, Singapore, and is member of the IEEE, ACM and the Royal Society of New Zealand.
Contributions: Co-founder and chair of the Cloud Vulnerabilities Working Group and the CSA Cloud Data Governance Working Group; spearheaded the formation of the CSA APAC Education Council, contributed to several key research papers; acted as an SME representing CSA in the creation of the CCSP certification.
Chair & Director at UQ Cyber Security, University of Queensland, Australia
Chief Security Engineer and Executive Consultant, Emagined Security Inc.
Jens Laundrup, Chief Security Engineer and Executive Consultant, Emagined Security Inc., has spent over 30 years in the Information Security space to include numerous security engineering disciplines including Military, Government and Corporate Information Security, Compliance Program Design, Architecture Design, and Network & Physical Security. Mr. Laundrup has led the development and design of cutting-edge risk-based security programs and developed enhanced security architectures for numerous commercial enterprises, commercial aircraft systems, the Air Force, and the Navy. Mr. Laundrup’s focus is to help establish robust security infrastructures and integrated Risk, Compliance, and Security strategies. Mr. Laundrup is currently the virtual CISO for three hospitals, virtual CISO for a credit union, executive security advisor to the Head of Security for a defense contractor, and CISO on demand for a Healthcare Management Corporation. Mr. Laundrup continues to do research in information and cyber security, risk-based security response, and enterprise security infrastructures to develop self-healing security solutions. Mr. Laundrup also actively works with the Cloud Security Alliance to help promote better understanding of Cloud Security solutions and how to leverage Security as a Service in IT architectures.
CISO for Blue Cross and Blue Shield
Yaron Levi is an IT practitioner for over 20 years and Information Security for over 10. Served in various roles including Programming, Database Administration, Architecture and Leadership. He started working on Cloud projects in 2009 and joinedCSA as Cloud security practitioner in 2010.
Currently, he is the CISO for Blue Cross and Blue Shield of Kansas City, He is the founder of CISO Forum KC and worked as Director of Information Security for Cerner Corporation, Information Security Business Partner for Intuit, InformationArchitect for eBay and Director of Cloud Security for ANX.
Contributions: Co-chair and architect of the Cloud Enterprise Architecture, contributed to Consensus Assessments Initiative Questionnaire (CAIQ) v1.0 and CCM V1.x; promoted the CSA as best practice in various cloud projects while working at eBay, Intuit, Cerner andCross.
Contributions: Member of CSA International Standards Council (ISC). Represented CSA as the Liaison Officer to ISO/IEC JTC 1/SC 38 and ISO/IEC JTC 1/SC 27, and as editor on ISO/IEC 19086-3. Participant on the Service Level Agreements and Cloud Trust Protocol Working, and represents CSA research in the International Standards space, particularly ISO/IEC JTC 1 and ITU-T.
Security and Compliance, MaaS360
David is a seasoned security professional with nearly 20 years of experience in risk management, information security, compliance, and policy development. Throughout his career David has performed risk and vulnerability assessments along with making recommendations on network and system design improvements. David’s career has spanned from traditional hardware based security architectures to cloud technologies and virtual environments.
Currently in charge of security and compliance for MaaS360 by IBM, David has managed projects to get Fiberlink SAS70-Type2 and more recently SOC2 Type II. David also recently led Fiberlink through audits to receive Federal Information Security Management Act (FISMA) authorization from GSA for Fiberlink’s MaaS360 Cloud Service offering. David also lead MaaS360 through the FedRAMP JAB ATO process, becoming the first mobile SaaS companies to be certified under FedRAMP. Fiberlink’s customers range from the SME space to Fortune 500 and Federal customers. David has helped ensure that MaaS360 meets the different requirements from these different types of customers including PCI, HIPAA, SoX, and NIST.
David helped design MaaS360’s cloud architecture model, and is an active member of the Cloud Security Alliance including being a co-chair for their Mobile Working Group and contributor to the development of the CSA Cloud Control Matrix as well as being active in several other working groups. David is also the president of the local chapter of the Cloud Security Alliance in the Delaware Valley. Along with work with the Cloud Security Alliance David is a member of the NIST Cloud working groups including their Mobile working group and CyberSecurity working group.
Prior to Fiberlink David worked as a security consultant performing security assessments and project management for multiple fortune 500 companies including Merck, CIGNA, Campbell Soup, Sanofi-Aventis and Wyeth (later purchased by Pfizer). This included overseeing projects that were involved with mergers as was the case with Rhone Poulenc and Sanofi-Aventis and separations as with CIGNA and ACE. David frequently gives presentations on Cloud and Mobile technologies and has presented for ISACA, ISSA, Cloud Security Alliance, InfraGard and GTRA among others. David received the 2012 Ron Knode Service Award for volunteer services at the Cloud Security Alliance and was awarded the “Most Dynamic Speaker” award at the 2012 annual GTRA Security in Government event. David has also been quoted as a subject matter expert in a number of different publications. David is a graduate from Fairleigh Dickenson University with a Bachelor of Science in Electrical Engineering.
Contributions: Co-chair of the Mobile Working Group; co-founder of IoT Working Group; contributor to CCM and Subject Matter Expert Working Groups. President of the CSA Delaware Valley Chapter. Contributor to multiple online publications and served as a speaker on behalf of CSA at third-party events, including InfraGard and ISACA.
Director of Enterprise and Security Architecture for the Healthcare Technology Excellence Group
Daniel Logan is a Certified Information Security Professional and was proud to be the co-chair of the CSA Enterprise Architecture working group between 2011 and 2014.
Professionally, he has served as Senior Director of Security Architecture at UnitedHealth Group and he is currently Director of Enterprise and Security Architecture for the Healthcare Technology Excellence Group at Tata Consultancy Services.
Contributions: Co-chair of the Enterprise Architecture Working Group; contributor to the CCM 3.0 to align EA work with CCM work. Represented the working group in collaboration with NIST Cloud Security Working group.
Founder at Precize Inc & Fellow at Cloud Security Alliance
Vishwas is the Founder at Precize Inc, a stealth Cloud and AI security startup. Vishwas is also the co-chair of CSA’s Serverless Working Group and the Chair of Cloud Security Alliance in Silicon Valley. He was the head of Cloud Native security and Chief Technologist at McAfee Enterprise + FireEye. Vishwas joined McAfee Enterprise when his company NanoSec was acquired in 2019.
Vishwas is an advisor to multiple companies including Spirent and Graphiant, as well as Bootup Ventures and H.A.C.K., Karnataka’s first cybersecurity accelerator for startups in India. He is also the founder of Ionos Networks and LiveReach Media. Vishwas has a deep technology background and has led multiple efforts on creating technologies, having authored the early versions of MITRE ATT&CK for Containers, along with over 30 requests for comments (RFC) and standards in the networking and security space, including such technologies as IPsec and DVPN (which are in nearly every router and used by every enterprise).
Cybersecurity - Sr. Risk Manager & Security Architect
Ashish Mehta has extensive experience in cybersecurity, blockchain, web development, IT management, financial markets, and the energy industry.
He currently serves as Co-Chair of the Blockchain Working Group and is a part of the Internet of Things (IoT) and Quantum-Safe Security Leadership Teams at the Cloud Security Alliance. In that capacity, he is responsible for pushing their multiple research efforts as well as coordinating with multiple industry participants on the cross-pollination of research.
He also serves as an Advisor to the Government of Kerala's Blockchain Initiative. He serves as an advisor to multiple blockchain startups and is a part of technology analyst panels like Dimensional Research, IDG, and Aberdeen. He has served as an IT management and cybersecurity professional for multiple SMEs across UAE, India, and USA for over a decade prior to starting his own cybersecurity consultancy.
He was awarded the Ron Knode Award for Cybersecurity Best Practices at
SecTor, Toronto, Canada in 2017. He is a co-author of books on BPX (SAP) and OCEG RedBook(GRC). He is also an active participant in the research efforts of NIST, ACT-IAC, OWASP, and IEEE. He holds multiple certifications in the fields of IT, cybersecurity, blockchain, and IoT. Has a special research interest in quantum computing and IoT defensive techniques. He has been interviewed by Leading Technology Journals like IoT-Inc and has spoken at multiple global events like Metamorphosis 2020, LF Energy 2020, and Planet Blockchain.
Ashish completed his B.Tech (Hons) in Electrical Engineering and M.Sc in Cryptography with a Minor in Technology Strategy from Columbia Business School, NY.
Executive Director, CSA Japan Chapter
Masahiro Morozumi is the executive director of CSA Japan Chapter. He is a founding member of CSA Japan Chapter. He has been working for information security, and founded his own consulting firm back in 2014 with the aim to promote Cloud adoptionproviding consultation to SMEs on how to move to Cloud securely. He also participates in different CSA research and works to promote adoption of CSA’s best practices in different Cloud based technologies. Especially for contributing themapping to CCM, joining to translate CSA documents to Japanese, like CSA guidance, CCM, STAR and IoT.
In addition to the experience of information security, he has an engineering experience for UNIX operating system and Oracle database. He also graduated from The University of Electro-Communications with a Master in Management Engineering.
Responsible for translation of CSA research artifacts in Japanese; they include:
- Top Threats to Cloud Computing The Egregious 11
- Guideline on Effectively Managing Security Service in the Cloud
- Using Blockchain Technology to Secure the Internet of Things
- Code of Conduct for GDPR Compliance
- The Treacherous 12 – Top Threats to Cloud Computing + Industry Insights
- Security Guidance for Critical Areas of Focus in Cloud Computing v4.0
- Identity and Access Management for the Internet of Things
Contributions: Member of CCM, IoT and Guidance Working Groups; contributor to ISO27017 mapping to CCM; managed CSA Japan Summit and Congress; served as Executive Director of the CSA Japan Chapter.
CEO of Trac-Car and Verviam IDaaS
Nya is a key contributor to the Zero Trust working group and author of several position papers published by CSA’s Software-Defined Perimeter working group. She is the CEO of Trac-Car and Verviam IDaaS and a senior information and communications technology (ICT) cloud cyber security and identity management consulting architect. Nya consults as a senior multi-cloud security architect to customize Verviam IDaaS for enterprises and has provided architecture consultancy for organizations across Europe, Australia, and the UK. Nya has co-authored several position papers on cloud security and cloud governance with the Object Management Group (OMG) Cloud Working Group. Nya's international experience in enterprise cloud transformation is as an architect for migration/transition of applications to containerized microservices running on hybrid multi-cloud infrastructure, software, network, and storage virtualization.
Urmila Nagvekar is a Certified Information Systems Security Professional (CISSP), with a combined 27 years in Information Technology, Security, and Privacy involving leading Cybersecurity, Information Risk Management, and Data Privacy Programs as business value drivers for Engineering and Geoscience with oil majors.
She has been actively contributing and presenting topics related to Blockchain Security at CSA’s Blockchain/DLT Working Group. As co-author and Team Lead of DLT Security Controls Checklist Group, a global mix of cybersecurity professionals and blockchain practitioners, she has led the Hyperledger Fabric Architecture Security Review Project and a similar project on the Corda platform as well.
Chief Engineer and Director of Advanced Programs, Secure Missions Solutions
Tim Owen, Chief Engineer and Director of Advanced Programs for Secure Missions Solutions, a Parsons Company, has spent 30 years developing, implementing, operating, and assuring complex, high-performance networking and computing environments. Hespent the last 14 years supporting some of the highest value components of the US Federal government enterprise designing and deploying next generation protocol-rich networks and the enterprise security architecture and intrusion managementto protect them. Tim has done research on sensor grid technology, risk based situational awareness and overall detection and response infrastructure that gets beyond finding and fixing individual events to the point of impacting enterpriseTim’s rich expertise in securing high value target missions, critical infrastructure and commercial verticals has placed him in many working groups, steering committees, and task forces developing long term strategies, solutions,and policies for solving the larger, more complex issues facing our industry.
Contributions: Contributing member of the SecaaS, Mobile, IoT Working Groups; category lead for Intrusion Management and Continuous Monitoring Working Groups; contributed and presented on numerous research projects, including SecaaS Security Information and EventImplementation Guidance v1 and SecaaS Network Security Implementation Guidance v1.
Fellow at Fujitsu Laboratories of America (FLA)
Dr. Sreeranga Rajan is currently a Fellow at Fujitsu Laboratories of America (FLA), Sunnyvale, CA. Globally, Fujitsu Laboratories has a rich 50 year history of cutting edge innovation and research. Dr. Rajan joined FLA from SRI InternationalScience Laboratory in 1996 and was recently the Director of the Software Systems Innovation Group at FLA. Dr. Rajan has co-authored many patents and refereed publications in top-tier conferences and journals in the areas of program analysis,execution, and security. Dr. Rajan has served on conference program committees, chaired standards committees, and served as the founding editor-in-chief of ACM Transactions on Storage from 2004 to 2010. Dr. Rajan is the founding chair of theSecurity Alliance’s big data research group. Dr. Rajan is the co-recipient of President’s award at Fujitsu. Also, his work on symbolic execution was recognized by NASA as one of top 50 technologies in 2010. He was recognized by ACM as one of49 Distinguished Members and one of 2 Distinguished Engineers for 2014. Dr. Rajan was honored as an IEEE Fellow in January 2016.
Contributions: Founding chair of the Big Data Working Group and lead and co-author of many publications, white papers, and peer reviews.
Head of Digital Architecture
Narudom ROONGSIRIWONG (SVP, Head of Digital Architecture, Bank of Ayudhya (Krungsri Bank) PCL, Thailand) has been an information security professional for over twenty years with solid technical experience in architecture, data analytics, application development and cloud computing. He has experience in running three security operation centers and the last one operated with in-house AI and Machine Learning. He was a pioneer in setting up the Thailand banking sector CERT. He is also the OWASP Bangkok Chapter Leader.
Narudom ROONGSIRIWONG has been an active member of the APAC Research Advisory Council since 1 Nov 2019, where he has made valuable comments and contributions to the
research proposals and matters put up for discussion. Narudom ROONGSIRIWONG has also been an exco member in the CSA Thailand Chapter.
Narudom ROONGSIRIWONG has been a Co-Chair, Hybrid Cloud Security WG since 2017. He has been the energy driving this initiative. Hitherto the WG has produced 3 research reports on Hybrid Cloud Security. Narudom ROONGSIRIWONG also co-authored a blog article on hybrid cloud security as well as spoke in many APAC and chapter summits to promote the research results. He participated in several panel discussions in APAC & chapter summits.
Head of Risk, Audit, Control and Compliance
Since 2012 Michael has contributed to over 100 CSA projects completed by CSA's Internet of Things, Zero Trust/Software-Defined Perimeter, Top Threats, Cloud Control Matrix, Containers/Microservices, DevSecOps, and other working groups. He has also served as co-chair of CSA's Enterprise Architecture, Top Threats, and Security-as-a-Service working groups while also serving as the Standards Liaison Officer for IoT, ICS, EA, SECaaS, and Cloud Key Management. His contributions during 2018, 2020, 2021, and 2022 resulted in his receiving each year's Juanita Koilpillai Service Award, while his performance over time resulted in his receiving the CSA Research Fellowship Award in 2021.
Michael is a risk, audit, control, and compliance professional with 20-plus years of experience with organizations such as Bridgestone EMEA, Komatsu International, Mitsui Novus International, Johnson and Johnson Inc., and Baxter Inc. He has worked with several high-tech startups serving the network management and contact center software markets and disk manufacturing and radiological cancer treatment markets. He has held leadership positions in SAP configuration and transformation teams, SAP segregation of duties, and IT general controls projects. Michael also served as secretary or observer for various committees and councils on internal audit, risk management, corporate governance, information security, and corporate social responsibility. He is a Certified Information Systems Auditor, Certified Public Accountant, and Certified Internal Auditor. He holds an AEMBA from Claremont College, Peter Drucker Center, and an MBA from De Paul University.
Roupe leads DevSecOps delivery and thought leadership for technology and media clients embracing digital transformation.
Roupe started his DevOps journey in 2016, building containerised microservices on AWS for government platforms. He has since been working with engineers to c-suite executives to embed security and resilience into digital products, secure cloud services, and reduce cyber technical-debt.
Most recently Roupe has:
- Operated as a Lead Security Architect across UK Government digital campaigns.
- Worked with a global media brands to design security and resilience into their landing zones and SaaS services.
- Building DevOps security propositions for Deloitte and working with industry leading hyperscalers to embed security engineering into cloud services.
DevSecOps is a labour of love for Roupe. He is a leader in the Cloud Security Alliance’s DevSecOps working group and has authored their two most recent publications.
Damir Savanovic (M) is an Associate Director - Cloud Controls Lead at Willis Towers Watson, leading a team of subject matter experts to address compliance and control requirements for multiple compliance frameworks within information and cybersecurity for a global financial institution.
As a security evangelist and subject matter expert in the
areas of security governance, risk and compliance, data protection with
over 15 years of experience in cyber security, he has vast experience
and knowledge of cyber security and privacy standards, laws and
regulations. Damir worked as a Senior Innovation Analyst and Program
Manager at Cloud Security Alliance, CISO and IT Quality Manager in SKB,
Société Générale Group, and as IS Auditor at EY. Damir graduated from
University of Ljubljana (Slovenia) in Information Technology and holds
CCSK, CISM, CISA and ISO/IEC 27001 Lead Auditor certifications.
Henry St. Andre
Director of Trust Services for inContact
Henry St. Andre began his career in telecommunication 32 years ago, in 1984 during the break-up and divestiture of AT&T. He served as Director of Operations for over 25 years working for several different regional telecommunications providers and ultimately because the Director of Operations for inContact before being asked to be the Director of Trust Services at inContact, with the mission to create a security team and operations that could support the requirements of inContact, the leading provider of cloud based contact center solutions. inContact recognized very early the importance of security to its cloud customers and as such as Director of the Trust Team, he also took steps to involve inContact in the larger cloud security community by having inContact become a sponsor of the Cloud Security Alliance and engaging actively with the CSA in Subject Matter Expert team and other CSA sponsored activities.
Contributions: Has served as SME Council co-chair for the past five years; member of several working groups, including the Mobile, SLA, Big Data, Telecom and Cloud Maturity Model; recipient of the 2012 Ron Knode Award.
Dr. Said Tabet
Senior Technologist and Industry Standards Strategist in the Corporate Office of the CTO at EMC
Dr. Said Tabet is a member of the Object Management Group Board of Directors and the principal EMC representative to the Industrial Internet Consortium. Said is the Chair of the INCITS CS1 Secure Cloud Computing Ad-Hoc Group, and a member of the US delegation to ISO SC27. He is also a member of the Cloud Security Alliance International Standardization Council, co-Chair of the SME Council and the Cloud Security SLA working group. Said spent over two decades driving and contributing to various international standardization activities including ISO, RuleML, OMG standards, W3C Semantic Web and Rules, Risk and Compliance, GRC-XML, Regulatory Reporting and Supervision, Security and Data protection and Privacy. Said continues to work on challenges around Cloud Computing adoption, IoT, Cloud SLA and security SLA automation, Big Data Analytics and security, cyber security and best practices, Industrial Internet of Things, and Semantic Data Collaboration. He is a regular speaker and panelist at industry conferences and international standards meetings, authors and editor of book series and articles.
Contributions: Member of the Cloud Security Alliance International Standardization Council, co-Chair of the SME Council Cloud Trust Working Group co-chair, and the Cloud Security SLA working group. Regular speaker and panelist at industry conferences and international standards meetings; author and editor of book series and articles. Co-author of ‘Practices for Secure Development of Cloud Applications’ and ‘CSA Security Guidance Version 3: Domain 4. Recipient of the Ron Knode Award.
Ronald has served CSA in numerous capacities, including as a member of CSA's APAC Research Advisory and International Standardization Council. Additionally, he co-chairs the Open Certification Framework (OCF), SaaS Governance, and DevSecOps working groups. He is the founder and CEO of Ribose, where under his leadership the company has been consistently awarded the industry's highest cloud security ratings, including being the only organization to be triple assured by CSA: CSA STAR Attestation, CSA STAR Certification, and CSA C-STAR Assessment. He is Vice President and Director of External Relationships for CalConnect and a founding co-chair of several of its committees. He sits on the ECCMA Board of Directors, is a Certification Advisory Council Member for BSI Pacific, and a UN/CEFACT expert for the UN Economic Commission for Europe. Additionally, he is a Convener of ISO/TC 154/WG 4 and ISO/TC 154/WG 5, and expert representative to numerous ISO committees for CSA, CalConnect, Canada, United States, and Hong Kong, China. He received CSA's Ron Knode Award in 2017, and is an IAPP Fellow of Information Privacy, a member of Sigma Xi, a CISSP-ISSAP, ISSMP, CSSLP, CAP, SSCP, CISA, CISM, CRISC, CGEIT, CIPP/US, CIPM, CIPT, PSM I-II-III, PSPO I-II, PSD and CCIE Emeritus #9650. He received his bachelor's degree magna cum laude in Computer Science and Biology and a Master of Science in Computer Science from Brown University
Onn Chee Wong
Chief Technology Officer, Resolvo Systems and Technical Director, Rajah & Tann Technologies
Onn Chee has served as co-chair for CSA’s APAC Research Advisory Council since 2018 and was chairman of the CSA Singapore Chapter in 2011. He is also a former member of the CSA’s International Standardization Council, and in 2014, he spoke at the CSA ASEAN & OWASP Summit in Bangkok. He serves in several capacities, including as managing director for Infotect Security, Chief Technology Officer for Resolvo Systems, and the Chief Executive Officer for Rajah & Tann Cybersecurity. His areas of expertise include information leakage protection, web/cloud security, and security strategy. He is a co-inventor of at least six international PCT patent rights, in addition to several US, EU, and Singapore patents. He is the Cloud Security Working Group Chair of the Security & Privacy Standards Technical Committee under IT Standards Committee in Singapore. He has also led the Singapore national delegation to ISO/IEC JTC 1/SC 27 meetings. He is a contributor to Singapore’s first technical reference on public computing services (TR 31:2012) and is a member of the working group that developed Singapore’s first national cloud security standard (SS 584:2013).