Juanita Koilpillai Service Award
Awarded by CSA
2024 Service Award Recipients
The Juanita Koilpillai Award is awarded to CSA members whose contributions reflect Juanita's passion for volunteerism. This award was previously established in 2012 as the Ron Knode Award, and was re-established in 2022 as the Juanita Koilpillai Award.
Ken Huang
Chief AI Officer at DistributedApps.ai
Ken Huang is an acclaimed author of 8 books on AI and Web3. He is the Co-Chair of the AI Organizational Responsibility Working Group and AI Control Framework at the Cloud Security Alliance. Additionally, Huang serves as Chief AI Officer of DistributedApps.ai, which provides training and consulting services for Generative AI Security.
In addition, Huang contributed extensively to key initiatives in the space. He is a core contributor to OWASP's Top 10 Risks for LLM Applications and heavily involved in the NIST Generative AI Public Working Group. He also provides feedback on publications like NIST SP 800-226.
Ken published the book "Generative AI Security: Theories and Practices" with Springer which takes a systematic, principle-based approach to securing generative AI systems.
Furthermore, his blog post "Mitigating Security Risks in Retrieval Augmented Generation (RAG) LLM Applications" stands as one of the most popular on the Cloud Security Alliance website (https://cloudsecurityalliance.org/blog/2023/11/22/mitigating-security-risks-in-retrieval-augmented-generation-rag-llm-applications)
Beyond his Springer book on Generative AI Security, Huang also serves as chief editor of the book "Beyond AI: ChatGPT, Web3, and the Business Landscape of Tomorrow." This volume discusses the wide-ranging business impacts of innovations like generative AI and web3.
A sought-after speaker, Ken has shared his insights at renowned global conferences, including those hosted by Davos WEF, ACM, IEEE, and CSA AI Summit, CSA AI Think Tank Day and World Bank. His recent co-authorship of "Blockchain and Web3: Building the Cryptocurrency, Privacy, and Security Foundations of the Metaverse" adds to his reputation, with the book being recognized as one of the must-reads in both 2023 and 2024 by TechTarget.
MJ Schwenger
vCIO/CISO, RCP
Maria (MJ) Schwenger is a seasoned Information Security Executive. She leverages her deep expertise across cybersecurity, privacy & compliance, AI/Generative AI, cloud modernization, and software development to spearhead transformative digital journeys. Renowned for her leadership in integrating emerging technologies like AI/GenAI, DevSecOps/SRE, Blockchain, IoT/Edge, and cloud-native optimization, she seamlessly unlocks innovative business capabilities. The transformative results of her work demonstrate a substantial increase in ROI, productivity gains, and enhanced business agility.
Sam Pfanstiel Ph.D.
Principal, Technical Compliance, PCI
As Principal Analyst at Toast, Sam is responsible for heading the Payment Card Industry (PCI) compliance programs for this cloud-based fintech company. Over the past 27 years, Sam has held key roles in security, technology, and management, and developed expertise in multiple disciplines, including payments, PCI compliance, fraud, cloud service delivery, application development, mobile technology, infrastructure, and cryptography. This diverse knowledge enables him to support the secure implementation of Toast's cloud-based restaurant payment systems, while helping drive efficiency and innovation across their portfolio of hospitality products.
Sam holds multiple certifications, including CISSP, CISM, CEH, PCIP, and ISA. He is co-chair of the CSA Cloud Key Management Working Group, former chair of the ETA Risk, Fraud, and Security Committee, and remains an active contributor on the PCI Security Standards Council Board of Advisors, Technology Guidance Group, Special Interest Groups, and Task Forces. Sam has had the privilege of speaking at numerous conferences held by PCI SSC, ETA, ICMC, Verifone, ACI, Mastercard, Treasury Institute, MAC, Conexxus, and NACS. In 2022 he received his Ph.D. in management, having published his dissertation on the impacts of retail management perceptions on cybersecurity investment.
Sam lives in Broomfield, Colorado, where he enjoys trail running, skiing, and training his two dogs. He and his wife, Melinda, have been married for 27 years and have three children.
Shruti Kulkarni
Information Security Architect, Elexon
I am a security professional with experience across various domains of security. I work in defining organisation’s security strategy, security architecture and security practices. Translating business objectives and risk management strategies into specific security processes enabled by security technologies and services. I work on gap analysis, design, implementation and maintenance of ISO27001, PCI-DSS and GDPR, including Greenfield implementations.
I collaborate with cross-functional groups to implement information security controls in software development life-cycle, service operations, service delivery, sales function, HR function and other functions as applicable.
I provide thought leadership, present results to CXO community and security trends in forums.
My working roles include security analyst, ISMS auditor, consultant, information security manager, enterprise security architect, volunteer and guest speaker.
2023 Service Award Recipients
Parthasarathi Chakraborty
Associate VP, Cloud Security, Cyber Innovation and R&D
Partha has over 20 years of cyber security leadership experience in the financial services and healthcare industry. An active speaker and panelist in major cyber security conferences around the world, and frequently called in for views and interviews in electronic media like The Economist, UK. Very much passionate about learning new technologies and writing on recent groundbreaking cyber trends. He is also the founder of Cloud Security Practitioner Council, a practitioner driven forum to create security guidelines for the industry. Partha sits in the advisory board of few security startups like Oak9, TrueFort and in the Dean's Board at New Jersey Institute of Technology.
Currently he is heading up security architecture, engineering and cloud for Humana Inc, a Fortune 46 healthcare company. Prior to Humana, Partha held executive leadership roles with Bank of Montreal, JP Morgan Chase, Merrill Lynch, Bank of America, and Guardian Life Insurance Company. A CISSP, CCSP, CEH, CHFI certified security evangelist holding a Bachelor’s degree in engineering from NIT Rourkela, a Masters in Cyber Security from Western Governors University, another Masters in Technology Management from Columbia University, a cyber security professional certificate from Stanford University and executive CTO university credit program from Wharton Business School and University of Pennsylvania. Currently researching security challenges in API, Microservices, Key and posture management space. Partha also has two patents under his name for JP Morgan and Humana Inc.
Masahiro Morozumi
Executive Director, CSA Japan Chapter
Masahiro Morozumi is the executive director of CSA Japan Chapter. He is a founding member of CSA Japan Chapter. He has been working for information security, and founded his own consulting firm back in 2014 with the aim to promote Cloud adoptionproviding consultation to SMEs on how to move to Cloud securely. He also participates in different CSA research and works to promote adoption of CSA’s best practices in different Cloud based technologies. Especially for contributing themapping to CCM, joining to translate CSA documents to Japanese, like CSA guidance, CCM, STAR and IoT.
In addition to the experience of information security, he has an engineering experience for UNIX operating system and Oracle database. He also graduated from The University of Electro-Communications with a Master in Management Engineering.
Responsible for translation of CSA research artifacts in Japanese; they include:
- Top Threats to Cloud Computing The Egregious 11
- Guideline on Effectively Managing Security Service in the Cloud
- Using Blockchain Technology to Secure the Internet of Things
- Code of Conduct for GDPR Compliance
- The Treacherous 12 – Top Threats to Cloud Computing + Industry Insights
- Security Guidance for Critical Areas of Focus in Cloud Computing v4.0
- Identity and Access Management for the Internet of Things
Contributions: Member of CCM, IoT and Guidance Working Groups; contributor to ISO27017 mapping to CCM; managed CSA Japan Summit and Congress; served as Executive Director of the CSA Japan Chapter.
Jason Garbis
Founder and Principal at Numberline Security
Jason Garbis is Founder and Principal at Numberline Security, a consulting firm helping enterprises prepare for, define, and execute on effective Zero Trust security strategies. Jason has authored several books, including Zero Trust Security: An Enterprise Guide, is co-chair of the Zero Trust Working Group at the Cloud Security Alliance, and is a frequent speaker at industry conferences. Jason holds a CISSP certification, has a BS in Computer Science from Cornell, and an MBA from Northeastern. Previously, he served as Chief Product Officer at Appgate, and held roles at security firms including RSA and Aveksa.
Urmila Nagvekar
Urmila Nagvekar is a Certified Information Systems Security Professional (CISSP), with a combined 27 years in Information Technology, Security, and Privacy involving leading Cybersecurity, Information Risk Management, and Data Privacy Programs as business value drivers for Engineering and Geoscience with oil majors.
She has been actively contributing and presenting topics related to Blockchain Security at CSA’s Blockchain/DLT Working Group. As co-author and Team Lead of DLT Security Controls Checklist Group, a global mix of cybersecurity professionals and blockchain practitioners, she has led the Hyperledger Fabric Architecture Security Review Project and a similar project on the Corda platform as well.
Shruti Kulkarni
Information Security Architect, Elexon
I am a security professional with experience across various domains of security. I work in defining organisation’s security strategy, security architecture and security practices. Translating business objectives and risk management strategies into specific security processes enabled by security technologies and services. I work on gap analysis, design, implementation and maintenance of ISO27001, PCI-DSS and GDPR, including Greenfield implementations.
I collaborate with cross-functional groups to implement information security controls in software development life-cycle, service operations, service delivery, sales function, HR function and other functions as applicable.
I provide thought leadership, present results to CXO community and security trends in forums.
My working roles include security analyst, ISMS auditor, consultant, information security manager, enterprise security architect, volunteer and guest speaker.
Lars Ruddigkeit
Account Technology Strategist, Swiss FedGov
Lars Ruddigkeit completed his PhD in Chemistry at the University of Bern in 2013 with a focus on computer-aided drug design. He began his professional career at Accenture in technology consulting in Big Data and Data Science. At UBS, he specialized in operational machine learning and cybersecurity as a machine learning architect in the Financial Service industry. He is a contributor to the Cloud Security Alliance working groups for Zero Trust and Artificial Intelligence. He is currently responsible for the Swiss state as Account Technology Strategist at Microsoft Switzerland.
His Expertise compromises Artificial Intelligence, Adversarial Machine Learning, Compliance, Cloud, and Cybersecurity.
2022 Service Award Recipients
Jyoti Ponnapalli
Jyoti Ponnapalli is the SVP, Head of Blockchain Innovation Strategy at Truist. She has more than 18 years of experience leading emerging technology and complex digital transformations for fortune 500 companies across a range of industries including Finance, Telecom, Airline, Energy, and Food & Beverage. Prior to joining Truist, she was a Director of Blockchain at DTCC leading strategic initiatives in support of efforts to modernize the financial industry post-trade market infrastructure such as optimizing the trade settlement cycle from T+2 to T+0 as well as tokenizing securities for private capital markets. In addition to Fintech, she has also delivered strategic solutions and roadmaps for Value Chain using Blockchain for Retail supply chains, Chemical and Energy Industries.
Jyoti holds an Executive M.S. in Technology Management from Columbia University, New York, and a Bachelor of Science, Statistics, and Operations Research degree from the University of Mumbai.
Michael Roza
Risk, Audit, Control and Compliance Professional at EVC
Since 2012, Michael Roza has been a pivotal member of the Cloud Security Alliance (CSA) family. He has contributed to over 125 projects, as a Lead Author or Author/Contributor and many more as a Reviewer/Editor.
Michael's extensive contributions encompass critical areas including Artificial Intelligence, Zero Trust/Software Defined Perimeter, Internet of Things, Top Threats, Cloud Control Matrix, DevSecOps, and Key Management. His leadership at CSA has included co-chairing working groups such as Top Threats, Enterprise Architecture, and Security-as-a-Service, as well as co-leading ZT Pillar 5, Network/Environment, where he has played a significant role in advancing cloud security practices.
In addition to his research, Michael has been instrumental in developing CSA's certifications, including the CCAK, CCSK, and CCZT. He has authored and edited each certification's Body of Knowledge, along with the corresponding certification exams. Beyond this, Michael has contributed to the development of over 20 micro-courses, many of which are based on CSA publications to which he also contributed.
Michael's dedicated efforts have earned him the prestigious Juanita Koilpillai Service Award in 2018, 2020, 2021, and 2022, as well as the CSA's highest award the CSA Research Fellowship Award in 2021.
With over 20 years of experience in risk, audit, control, and compliance, Michael has worked with major organizations such as Bridgestone EMEA, Komatsu International, Mitsui Novus International, Johnson & Johnson Inc., and Baxter Inc. He has also collaborated with startups across sectors including network management, contact center software, disk manufacturing, and radiological cancer treatment. In leadership roles, he has transformed risk management and internal audit functions, managed complex SAP transformation and configuration projects, and strengthened compliance through robust IT general controls and segregation of duties frameworks.
Michael has also served as a secretary or observer on key committees focused on internal audit, risk management, corporate governance, information security, and corporate social responsibility, further establishing himself as an advocate for governance and compliance.
His professional certifications include Certified Information Systems Auditor (CISA), Certified Public Accountant (CPA), and Certified Internal Auditor (CIA). He has also attained the CSA’s Cloud Security Knowledge v5 (CCSKv5) and CSA Cloud Zero Trust v5 (CCZTv1) certifications. Michael holds an AEMBA from Claremont College’s Peter Drucker Center and an MBA from DePaul University.
Satyavathi Divadri
With over 24 years of experience in IT and cyber security across various business sectors that include BFSI, Telecom,BPO, Media, and IT/ITSE, Satya is the go-to person for critical security projects. She is the Global head of enterprise security architecture and Cloud CTO at CyberRes, a Micro Focus line of business. She also serves on the board of nonprofit organization i.e., Chairman of Cloud Security Alliance, Bangalore, Global Advisory Board Member - CTIA at EC-Council.
She is an inventor, a thought leader, a noted speaker in international and national forums, and has been recognized as Top 10 Women Tech Leaders in India, Top 20 Indian Women Security Influencer, Women in Tech - Chief Mentor, and more.
Being a continuous learner, She is currently pursuing a Ph. D in Cyber Security and holds a variety of certifications. A few key ones to quote are AWS Cloud Solution Architect Associate, CFE, CIPT, TOGAF, PMP, and CISSP*.
She is a working mother blessed with two sons and lives with a big supporting family. She loves reading, traveling, and making friends.
Alexander Getsin
Alexander Stone Getsin is a financial technologies security leader with particular expertise and interest in cloud security, secure application design, and security governance. Alex is the lead author of industry security best practices, particularly with the Cloud Security Alliance, Top Threats research group, and the (ISC)2 Israeli Chapter, which he helps champion as a co-chairman. Alex leverages a decade of experience in finance, military, technology, and cyber intelligence sectors in his current role as CISO at RiseUP. Alex is an alumnus of the IDF technical academic program, having served in the prestigious cyber and computing MAMRAM unit, a certified CISSP and PMP.
Martim Taborda Barata
Martim is a Partner at ICTLC – an international law firm specializing in information and communication technology, privacy, data protection/security, and intellectual property law – having accumulated over 5 years of practical experience in these areas throughout his career. His primary focus is managing privacy and data protection compliance strategies for multinational clients (including organizations in the courier and mail delivery, fintech, banking, healthcare, payroll processing, compliance attestation, IT service provision, software development, cloud computing, food confection, and retail sectors), EU institutions and international organizations (notably in the humanitarian sector), as well as local subsidiaries and public institutions in Portugal (given that he is also a qualified Portuguese lawyer). As needed, he further advises these clients on ad hoc privacy/data protection matters, as well as on a range of related legal domains, notably intellectual property, IT, consumer, and gaming law. Martim further supports local start-ups and smaller companies (particularly software and video game developers) on the same topics, seeking to help them understand their rights and push back against unfair or misleading proposals from stronger counterparties. Together with other colleagues at ICTLC, he played an important role in drafting and revising the current CSA Code of Conduct for GDPR Compliance and continues to assist CSA on the Code by providing support in the management of CSP self-attestations, as well as collaborating with CSA’s Privacy Level Agreement Working Group (PLA WG) to further develop the Code.
2021 Service Award Recipients
Dr. Ricci Ieong
Dr Ricci Ieong is the principal consultant of eWalker Consulting (HK) Ltd. and has over 20 years of industry experience in information technology, as well as more than 17 years of experience in IT security, where he specializes in security risk assessment, IT audit, penetration testing, and computer forensics investigation. He is the former vice chairman of professional development of Cloud CSA (HK & Macau Chapter) and has served on the CSA Cloud Incident Response Working Group. He is an active speaker at numerous security events, including CSA summits, in Hong Kong and throughout APAC, as well as being a qualified Certificate of Cloud Security Knowledge (CCSK) instructor and grandfathered to teach the Certificate of Cloud Auditing Knowledge (CCAK). Additionally, he is an adjunct assistant professor at a Hong Kong university, a program director in HKUSpace for the Digital Forensics Diploma course, and an authorized ISC2 Certified Cloud Security Professional (CCSP).
Juan Perez-Etchegoyen
As CTO and co-founder of Onapsis, JP leads the innovation and research teams that keeps Onapsis on the cutting edge of the Business-Critical Application Security market, addressing some of the most complex problems that organizations are currently facing while managing and securing their ERP landscapes. JP helps manage the development of new products as well as support the ERP cybersecurity research efforts that have garnered critical acclaim for the Onapsis Research Labs.
Michael Roza
Risk, Audit, Control and Compliance Professional at EVC
Since 2012, Michael Roza has been a pivotal member of the Cloud Security Alliance (CSA) family. He has contributed to over 125 projects, as a Lead Author or Author/Contributor and many more as a Reviewer/Editor.
Michael's extensive contributions encompass critical areas including Artificial Intelligence, Zero Trust/Software Defined Perimeter, Internet of Things, Top Threats, Cloud Control Matrix, DevSecOps, and Key Management. His leadership at CSA has included co-chairing working groups such as Top Threats, Enterprise Architecture, and Security-as-a-Service, as well as co-leading ZT Pillar 5, Network/Environment, where he has played a significant role in advancing cloud security practices.
In addition to his research, Michael has been instrumental in developing CSA's certifications, including the CCAK, CCSK, and CCZT. He has authored and edited each certification's Body of Knowledge, along with the corresponding certification exams. Beyond this, Michael has contributed to the development of over 20 micro-courses, many of which are based on CSA publications to which he also contributed.
Michael's dedicated efforts have earned him the prestigious Juanita Koilpillai Service Award in 2018, 2020, 2021, and 2022, as well as the CSA's highest award the CSA Research Fellowship Award in 2021.
With over 20 years of experience in risk, audit, control, and compliance, Michael has worked with major organizations such as Bridgestone EMEA, Komatsu International, Mitsui Novus International, Johnson & Johnson Inc., and Baxter Inc. He has also collaborated with startups across sectors including network management, contact center software, disk manufacturing, and radiological cancer treatment. In leadership roles, he has transformed risk management and internal audit functions, managed complex SAP transformation and configuration projects, and strengthened compliance through robust IT general controls and segregation of duties frameworks.
Michael has also served as a secretary or observer on key committees focused on internal audit, risk management, corporate governance, information security, and corporate social responsibility, further establishing himself as an advocate for governance and compliance.
His professional certifications include Certified Information Systems Auditor (CISA), Certified Public Accountant (CPA), and Certified Internal Auditor (CIA). He has also attained the CSA’s Cloud Security Knowledge v5 (CCSKv5) and CSA Cloud Zero Trust v5 (CCZTv1) certifications. Michael holds an AEMBA from Claremont College’s Peter Drucker Center and an MBA from DePaul University.
Paul Rich
Executive Director, Data Management & Protection
Paul Rich is the executive director, data management and protection for JPMorgan Chase & Co., where he leads the strategy and implementation within the company for unstructured data protection both in the cloud and on-premises. He is the co-chair of the CSA Cloud Key Management Working Group, which he envisions as a means of hearing diverse perspectives on the use of cloud services and expectations for both data privacy and securit
Shawn Harris
Director of Information Security
With more than 25 years of information security experience, Shawn Harris is currently the Director of Information Security at Starbucks Coffee Company. His background includes engineering, architecture, and executive responsibilities. Shawn is currently co-chair of the CSA Cloud Controls Matrix working group, where he led efforts to develop the Cloud Control Matrix 4.0. Additionally, he has served on CSA’s Consensus Assessments (CAIQ) and Enterprise Architecture working groups and has contributed material for ISC2 CISSP, ISSAP, and Certified Cloud Security Professional examinations. Further, he has served on the NIST Cloud Computing Security and IETF JOSE working groups.
Claudius Lam
Claudius Lam is the marketing manager for Trend Micro, responsible for addressing the security challenges of enterprises by connecting market problems with Trend Micro’s solution and service offerings. He served as the chairman of CSA’s Hong Kong & Macau Chapter from 2015 to 2020, and today hosts monthly networking sessions to build awareness of CSA among the local community. He has organized several CSA CxO roundtables and hosted a CloudSEC talk in Hong Kong with CSA Federal Director Katie Lewin. Lam is continuously working to promote CSA and enlist Hong Kong companies as corporate members. A marketing and communication professional, Lam has been involved in information technology for more than 25 years.
2020 Service Award Recipients
Dr. Jim Angle
Jim has dedicated hundreds of hours to CSA and was instrumental in reviving CSA’s Health Information Management working group. In doing so, he drafted the group’s first charter and went on to become its co-chair. In this role, he authored three papers — Managing the Risk for Medical Devices Connected to the Cloud, Telehealth in the Cloud, and Healthcare Big Data in the Cloud — and serves as the working group's representative on the CSA International Standardization Council. Jim spoke at the CSA Summit/ISC2 Congress in Orlando in 2019. Additionally, he authored a paper currently under consideration by CSA’s Blockchain working group. He is the manager of Network Security - Vulnerability Management at Trinity Health and has a doctorate in business administration with a specialization in computer and information security. He has over 25 years of experience in multiple areas of IT, culminating as the Deputy CIO for an army hospital, and more than 19 years of information security experience in both government service and the private sector.
Dr. Yale Li
Yale Li was a Microsoft’s Principal Security Architect responsible for data security, applications development security, and emerging market security in SAFE-T (Security Accelerator for Emerging Technologies) team. Yale was Graduate Education Partner at the Center of Information Assurance and Cyber Security at the University of Washington, and CEO’s Advisor of multiple Microsoft partner companies. As a security professional, Yale worked on corporate security strategy, security aspects of emerging technologies such as cloud computing, mobile computing and big data, and emerging markets such as China. In his 14 years at Microsoft, Yale served as Windows source code manager, Tools development lead, and Web Platform chief engineer and other various positions in a number of Microsoft divisions. He completed secure cloud adoption, Windows engineering excellence, shared source delivery, He came to Microsoft from IBM in Canada where he was the Chief Technology Architect.
Yale Li has been volunteering for the CSA since 2010. He is Chairman of CSA Greater China Region and its Security Coordinating Body. Previously, he served as the Chief Strategy Ambassador and Strategy Advisor for CSA Global, CISO Submit Program Committee Member for CSA APAC, Board Member & Research Director for CSA Seattle Chapter, and Lead/Member for several CSA Workgroups. He is one of the earliest CCSK credential holders. Yale is a global security thought leader in both industry and academia. With a focus on European governments and telecommunications companies, he has provided technical leadership at Huawei in China since late 2014 as the Chief Cyber Security Expert (VP Level) to cover cyber security evaluation, international CSO, cloud computing and CEO advisory roles.
Yale is Senior Fellow & Adjunct Professor at Xi’an Jiaotong University and a Visiting Professor at Nanjing University of Telecommunications & Posts. He was also Ph.D. Supervisor at the University of Washington, Honorary Professor at Peking University, and a Visiting Scholar at Beihang University. He was the ICCSM Programme Chairman, RecordsInTheCloud.Org Collaborator, and advisor/speaker for several government agencies and labs such as US NISTand China CEPREI Certification Body. Yale had background in Physics as a research assistant to CERN’s Nobel Prize and Rutherford Medal laureates. He has also authored several books and many articles and large number of enterprise software development, deployment, and management.
Dr. Vrettos Moulos
Dr. Vrettos Moulos is a senior research software engineer in Institute of Communication and Computer Systems in Greece. He holds a PhD in secure microservice architecture patterns from the School of Electrical and Computer Engineering of the National Technical University of Athens (NTUA).
He has been a member, for more than 10 years, of software development teams creating mission critical applications (rule-based decision systems, secure microservice architectures, big data analytic frameworks etc.). Having worked in different roles (developer, technical coordinator, team leader and architect) in different EU projects (4caast, DITAS, LeanBigData, SocIoS, CoherentPaaS, Orbit) he knows every detail of the information security lifecycle process. In the aforementioned projects, he has also written numerous industrial and scientific articles, published in various scientific journals. His main research interests lie around core topics in Big Data and secure practices that can simplify the implementation of complex models. Also, he has a particular interest in using both on-premise and cloud resources to enable tailored made solutions for AI applications. He contributes to the Cloud Security Alliance’s Serverless, Application Containers and Microservices, and Cloud Key Management Working Groups.
Jim De Haas
Cloud Security Expert
Seasoned security professional with a demonstrated history of working on critical, complex and highly available banking applications. A technology enthusiast, who enjoys collaborating with cross-functional teams. A strong communicator who can evangelize security across the organisation. Specialised in Cloud Security (Both AWS and Azure), IT Security, training DevOps engineers in security topics and making security understandable to non-security/non-technical people. Inventor and creator of the Cloud Octagon Model (and board game) for risk assessments.
Secretary of the ABN AMRO global cloud governance board, for the past five years. For the past years I have been presenting at European conferences on the topic of cloud risk assessments. Former advisory board member of the EU SEC project for continous cloud auditing and monitoring. Experienced in leading teams of security professionals.
Michael Roza
Risk, Audit, Control and Compliance Professional at EVC
Since 2012, Michael Roza has been a pivotal member of the Cloud Security Alliance (CSA) family. He has contributed to over 125 projects, as a Lead Author or Author/Contributor and many more as a Reviewer/Editor.
Michael's extensive contributions encompass critical areas including Artificial Intelligence, Zero Trust/Software Defined Perimeter, Internet of Things, Top Threats, Cloud Control Matrix, DevSecOps, and Key Management. His leadership at CSA has included co-chairing working groups such as Top Threats, Enterprise Architecture, and Security-as-a-Service, as well as co-leading ZT Pillar 5, Network/Environment, where he has played a significant role in advancing cloud security practices.
In addition to his research, Michael has been instrumental in developing CSA's certifications, including the CCAK, CCSK, and CCZT. He has authored and edited each certification's Body of Knowledge, along with the corresponding certification exams. Beyond this, Michael has contributed to the development of over 20 micro-courses, many of which are based on CSA publications to which he also contributed.
Michael's dedicated efforts have earned him the prestigious Juanita Koilpillai Service Award in 2018, 2020, 2021, and 2022, as well as the CSA's highest award the CSA Research Fellowship Award in 2021.
With over 20 years of experience in risk, audit, control, and compliance, Michael has worked with major organizations such as Bridgestone EMEA, Komatsu International, Mitsui Novus International, Johnson & Johnson Inc., and Baxter Inc. He has also collaborated with startups across sectors including network management, contact center software, disk manufacturing, and radiological cancer treatment. In leadership roles, he has transformed risk management and internal audit functions, managed complex SAP transformation and configuration projects, and strengthened compliance through robust IT general controls and segregation of duties frameworks.
Michael has also served as a secretary or observer on key committees focused on internal audit, risk management, corporate governance, information security, and corporate social responsibility, further establishing himself as an advocate for governance and compliance.
His professional certifications include Certified Information Systems Auditor (CISA), Certified Public Accountant (CPA), and Certified Internal Auditor (CIA). He has also attained the CSA’s Cloud Security Knowledge v5 (CCSKv5) and CSA Cloud Zero Trust v5 (CCZTv1) certifications. Michael holds an AEMBA from Claremont College’s Peter Drucker Center and an MBA from DePaul University.
Jon-Michael Brook
Jon-Michael C. Brook is a certified, 25-year practitioner of cybersecurity, cloud, and privacy. He is the principal contributor to certification sites for privacy and cloud security, and has published books on privacy. Jon-Michael received numerous awards and recognition during his time with Raytheon, Northrop Grumman, Symantec, and Starbucks. He holds patents and trade secrets in intrusion detection, GUI design, and semantic data redaction. He is recognized as a Research Fellow with the Cloud Security Alliance and currently co-chairs the CSA’s Top Threats to Cloud Security and Enterprise Architecture Working Groups. Jon-Michael is a certified trainer for the CSA's Cloud Security (CCSK+) and Cloud Governance (CGC), teaching the CCSK+ training at RSAC, Black Hat, and ISC2 conferences.
Contributions: Top Threats Working Group co-chair, Cloud Broker Working Group co-chair and contributor to several additional working groups. Certified Certificate of Cloud Security Knowledge+ (CCSK+) trainer and Cloud Controls Matrix (CCM) reviewer.
Aradhna Chetal
Senior Director Executive- Cloud Security
Aradhna serves as a Senior Director Executive- Cloud Security at TIAA, a financial services company. She is responsible for the cloud security vision, strategy, standards, security patterns for a multi-cloud hybrid enterprise and engineer security solutions, to support the vision. Aradhna has worked in various Cybersecurity leadership roles at JP Morgan Chase, Boeing Company, Microsoft & T-Mobile.
Aradhna is an active member in the cyber security industry. She is Co-Chair of Cloud Native Computing Foundation Security TAG, Co-Chair for CSA Serverless Working group and a Cloud Security Alliance Research Fellow; Contributing to CNCF, Cloud Security Alliance and NIST Cloud computing standards, Aradhna has influenced best practices & standards for cloud, containers and micro services security. She has also been providing expert guidance to a number of startups on security product roadmaps and feature development especially, in the area of Identity & Access Management, Zero Trust and Container Security etc.
Aradhna has a Master's in Cybersecurity, a Bachelor's in Electrical Engineering, a CISSP and CCSP from ISC2.org. Outside of work, Aradhna enjoys hiking, snow shoeing and volunteering for women's causes.
2018 Service Award Recipients
Angela Dogan
Director, Vendor Risk Management and Compliance Services, Lynx Technology Partners
Angela Dogan is the Director, Vendor Risk Management and Compliance Services for Lynx Technology Partners. Previously, she served as Senior Project Manager for the Santa Fe Group and Vendor Auditor for Resurgent Capital Services.
With 15 years in the financial services industry, she is well-versed in standardized control frameworks such as those created by the Shared Assessments Program and Cloud Security Alliance, where she is a member of the Cloud Controls Matrix (CCM) Working Group. Her expertise in the implementation and execution of third-party risk management programs has kept the Shared Assessments Program at the cutting edge of the industry’s best practice. Dogan is a Shared Assessments Program Steering Committee member and chair of the Standardized Control Assessment (SCA) Committee.
Jason Garbis
Founder and Principal at Numberline Security
Jason Garbis is Founder and Principal at Numberline Security, a consulting firm helping enterprises prepare for, define, and execute on effective Zero Trust security strategies. Jason has authored several books, including Zero Trust Security: An Enterprise Guide, is co-chair of the Zero Trust Working Group at the Cloud Security Alliance, and is a frequent speaker at industry conferences. Jason holds a CISSP certification, has a BS in Computer Science from Cornell, and an MBA from Northeastern. Previously, he served as Chief Product Officer at Appgate, and held roles at security firms including RSA and Aveksa.
Dr. Kai Chen
Dr. Kai Chen is now serving as the Cybersecurity Ecosystem Specialist of Huawei Technologies Co.,Ltd., is responding for Huawei cybersecurity ecosystem development including strategy, policy and partner engagement, etc. He has over 15 years work experience in applied cryptography, information and network security technical research, standard development, policy and regulation fields; published over 20 research papers and delivered speeches in security related conferences and seminars; developed or co-developed over 10 security standards in wireless communication, DRM and trusted computing; led several information security policy and legislation research projects. He co-founded the GCRF(Great China Regional Forum) of TCG(Trusted Computing Group) and served as co-chair of the GCRF from 2008 through 2015 driving the TPM2.0 standard development and industrialization; co-founded the cybersecurity working group in USITO(United State Information Technology Office) and co-chaired the WG from 2007 through 2015 leading the dialogue and collaboration around cybersecurity policy, regulation and standard development in ICT area. Before joint Huawei, he worked for Microsoft, Intel China and Bell Labs Research China, Lucent Technologies. He is the senior member of China Computer Federation and Chinese Association for Cryptologic Research. Kai holds the Bachelor Degree in Management Engineer, Master Degree in Computer Science and Doctor Degree in Cryptography.
Dr. Sak Segkhoonthod
President and CEO, Digital Government Agency
Dr. Sak Segkhoonthod is the president and CEO for the Digital Government Agency (formerly the Electronic Government Agency), the agency in charge of providing GIN, G-Cloud and other IT services to Thailand’s government agencies. He received a PhD in Electronic System Engineering from Essex University. After graduating, he joined the National Electronic and Computer Technology Center as a researcher at the Network Technology Lab, where he was responsible for projects such as the Information Super Highway Testbed and the Government Information Technology Services (GITS). At GITS, he was in charge of setting IT infrastructure for government agencies such as the Government Information Network.
Dr. Sak has served as the CSA Thailand Chapter’s chairman since its formation. His leadership has enabled the Thai chapter to be active in getting the government cloud to be STAR-certified and has led the way for the private sector to follow suit. The chapter also organizes the popular annual CSA Thai Summit.
Paolo Balboni
Founding Partner of ICT Legal Consulting, President of the European PrivacyAssociation Professor of Privacy, Cybersecurity, and IT Contract Law at theEuropean Centre on Privacy and Cybersecurity (ECPC) within the Maastricht University Faculty of Law.
Paolo Balboni (qualified lawyer admitted to the Milan Bar) is a FoundingPartner of ICT Legal Consulting (ICTLC),a law firm with offices in Milan, Bologna, Rome, an International Desk inAmsterdam, and multiple Partner Law Firms around the world. Together with his team he advises clients in the fields of Personal Data Protection, also acting as Data Protection Officer in outsourcing, Data Security,Information and Communication Technology (ICT) and Intellectual PropertyLaw. Paolo has considerable experience in Information Technologies including Cloud Computing, Big Data, Analytics and the Internet of Things,Media and Entertainment, Healthcare, Fashion, Automotive, Insurance,Banking, Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT).
Paolo is Professor of Privacy, Cybersecurity, and IT Contract Law at the EuropeanCentre on Privacy and Cybersecurity (ECPC) within the Maastricht University Faculty of Law. and Cloud Computing SectorDirector and Responsible for Foreign Affairs at the Italian Institute for Privacy in Rome, Italy. He is involved in European Commission studies on new technologies and participated in the revision of the EU Commission proposal for a General Data Protection Regulation.
He co-chairs the Privacy Level Agreement (PLA) Working Group of Cloud Security Alliance and has acted as the legal counsel for the European Network and Information Security Agency (ENISA) projects on ‘Cloud Computing Risk Assessment’, ‘Security and Resilience in Governmental Clouds’, and ‘Procure Secure: A guide to monitoring of security service levels in cloud contracts’.
Paolo is the author of the book Trustmarks in E-Commerce: The Value of WebSeals and the Liability of their Providers (T.M.C Asser Press), and of numerous journal articles published in leading European Law reviews.
Graduated in Law at the University of Bologna (Italy) in 2001, Paolo Balboni completed his Ph.D. in Comparative Technology Law at TilburgUniversity (The Netherlands) in 2008.
Michael Roza
Risk, Audit, Control and Compliance Professional at EVC
Since 2012, Michael Roza has been a pivotal member of the Cloud Security Alliance (CSA) family. He has contributed to over 125 projects, as a Lead Author or Author/Contributor and many more as a Reviewer/Editor.
Michael's extensive contributions encompass critical areas including Artificial Intelligence, Zero Trust/Software Defined Perimeter, Internet of Things, Top Threats, Cloud Control Matrix, DevSecOps, and Key Management. His leadership at CSA has included co-chairing working groups such as Top Threats, Enterprise Architecture, and Security-as-a-Service, as well as co-leading ZT Pillar 5, Network/Environment, where he has played a significant role in advancing cloud security practices.
In addition to his research, Michael has been instrumental in developing CSA's certifications, including the CCAK, CCSK, and CCZT. He has authored and edited each certification's Body of Knowledge, along with the corresponding certification exams. Beyond this, Michael has contributed to the development of over 20 micro-courses, many of which are based on CSA publications to which he also contributed.
Michael's dedicated efforts have earned him the prestigious Juanita Koilpillai Service Award in 2018, 2020, 2021, and 2022, as well as the CSA's highest award the CSA Research Fellowship Award in 2021.
With over 20 years of experience in risk, audit, control, and compliance, Michael has worked with major organizations such as Bridgestone EMEA, Komatsu International, Mitsui Novus International, Johnson & Johnson Inc., and Baxter Inc. He has also collaborated with startups across sectors including network management, contact center software, disk manufacturing, and radiological cancer treatment. In leadership roles, he has transformed risk management and internal audit functions, managed complex SAP transformation and configuration projects, and strengthened compliance through robust IT general controls and segregation of duties frameworks.
Michael has also served as a secretary or observer on key committees focused on internal audit, risk management, corporate governance, information security, and corporate social responsibility, further establishing himself as an advocate for governance and compliance.
His professional certifications include Certified Information Systems Auditor (CISA), Certified Public Accountant (CPA), and Certified Internal Auditor (CIA). He has also attained the CSA’s Cloud Security Knowledge v5 (CCSKv5) and CSA Cloud Zero Trust v5 (CCZTv1) certifications. Michael holds an AEMBA from Claremont College’s Peter Drucker Center and an MBA from DePaul University.
Kai Chen
Mariano J. Benito
2017 Service Award Recipients
Xiaoyu Ge
Senior Security Standards Manager of Huawei IT
Xiaoyu Ge is the Senior Security Standards Manager of Huawei IT Product Line which include cloud computing, big data, storage, and server products and services. He is also active as security expert in SDOs, He is the ISO/IEC JTC1 SC27 WG expert of China Nation Body, he is the rapporteur of several SC27 project such as “Requirements for establishing roots of trust for virtualized environment”. He participated in CSA several years ago, he is the main contributor of CSA “Best Practices for Mitigating Risks in Virtualized Environments”. He is also the CSA ISC member. Currently, his research interests focus on cloud security.
Jon-Michael Brook
Jon-Michael C. Brook is a certified, 25-year practitioner of cybersecurity, cloud, and privacy. He is the principal contributor to certification sites for privacy and cloud security, and has published books on privacy. Jon-Michael received numerous awards and recognition during his time with Raytheon, Northrop Grumman, Symantec, and Starbucks. He holds patents and trade secrets in intrusion detection, GUI design, and semantic data redaction. He is recognized as a Research Fellow with the Cloud Security Alliance and currently co-chairs the CSA’s Top Threats to Cloud Security and Enterprise Architecture Working Groups. Jon-Michael is a certified trainer for the CSA's Cloud Security (CCSK+) and Cloud Governance (CGC), teaching the CCSK+ training at RSAC, Black Hat, and ISC2 conferences.
Contributions: Top Threats Working Group co-chair, Cloud Broker Working Group co-chair and contributor to several additional working groups. Certified Certificate of Cloud Security Knowledge+ (CCSK+) trainer and Cloud Controls Matrix (CCM) reviewer.
Anil Karmel
CEO, C2 Labs
Anil Karmel is the Co-Founder and CEO of RegScale, which helps organizations start and stay compliant via the world's first real-time GRC platform. Formerly, Anil served as the National Nuclear Security Administration's (NNSA) Deputy Chief Technology Officer. Karmel began his government career as a Technical Staff Member of Los Alamos National Laboratory (LANL) and was responsible for inventing their cloud and collaboration technologies Karmel and his team have garnered industry and government accolades, including the SANS National Cyber Security Innovators Award for Cloud Security, InformationWeek 500 Top Government IT Innovators, ACT/IAC Excellence.gov Award and the DOE Secretary's Achievement Award. Anil currently serves as the president of the Cloud Security Alliance’s DC Metro Area Chapter and as a member of the CSA's CxO Trust Advisory Council.
Sabri Khemissa
Sabri is the ICS group cybersecurity officer a French multinational corporation that produce a variety of construction and high-performance materials. He is in charge of developing and maintaining the cybersecurity strategy, building and coordinate a cross-country and cross-business cybersecurity governance, supporting business initiatives, including strategic Smart Manufacturing and IIoT projects with a large shift to cloud services, defining new policies and rules, and selecting adequate solutions.
With more than 20 years of experience in cybersecurity services, Sabri has developed extensive experience in developing cybersecurity frameworks and designing cyberecurity solutions for complex and hybrid OT/IT/cloud architectures. He also provide top management cybersecurity advisories in early stages of strategic enterprise projects, specially into digital transformation contexts and new technologies adoption.
Sabri is an active member of the IoT working group where he has participated too many publications. He also contribute to IDaaS and the SIEM sub-groups of the Security-as-a-Service (SECaaS) working group. He co-chaired, for two years, the CSA DLT/Blockchain working group.
Ashish Mehta
Cybersecurity - Sr. Risk Manager & Security Architect
Ashish Mehta has extensive experience in cybersecurity, blockchain, web development, IT management, financial markets, and the energy industry.
He currently serves as Co-Chair of the Blockchain Working Group and is a part of the Internet of Things (IoT) and Quantum-Safe Security Leadership Teams at the Cloud Security Alliance. In that capacity, he is responsible for pushing their multiple research efforts as well as coordinating with multiple industry participants on the cross-pollination of research.
He also serves as an Advisor to the Government of Kerala's Blockchain Initiative. He serves as an advisor to multiple blockchain startups and is a part of technology analyst panels like Dimensional Research, IDG, and Aberdeen. He has served as an IT management and cybersecurity professional for multiple SMEs across UAE, India, and USA for over a decade prior to starting his own cybersecurity consultancy.
He was awarded the Ron Knode Award for Cybersecurity Best Practices at
SecTor, Toronto, Canada in 2017. He is a co-author of books on BPX (SAP) and OCEG RedBook(GRC). He is also an active participant in the research efforts of NIST, ACT-IAC, OWASP, and IEEE. He holds multiple certifications in the fields of IT, cybersecurity, blockchain, and IoT. Has a special research interest in quantum computing and IoT defensive techniques. He has been interviewed by Leading Technology Journals like IoT-Inc and has spoken at multiple global events like Metamorphosis 2020, LF Energy 2020, and Planet Blockchain.
Ashish completed his B.Tech (Hons) in Electrical Engineering and M.Sc in Cryptography with a Minor in Technology Strategy from Columbia Business School, NY.
Ronald Tse
CEO, Ribose
Ronald has served CSA in numerous capacities, including as a member of CSA's APAC Research Advisory and International Standardization Council. Additionally, he co-chairs the Open Certification Framework (OCF), SaaS Governance, and DevSecOps working groups. He is the founder and CEO of Ribose, where under his leadership the company has been consistently awarded the industry's highest cloud security ratings, including being the only organization to be triple assured by CSA: CSA STAR Attestation, CSA STAR Certification, and CSA C-STAR Assessment. He is Vice President and Director of External Relationships for CalConnect and a founding co-chair of several of its committees. He sits on the ECCMA Board of Directors, is a Certification Advisory Council Member for BSI Pacific, and a UN/CEFACT expert for the UN Economic Commission for Europe. Additionally, he is a Convener of ISO/TC 154/WG 4 and ISO/TC 154/WG 5, and expert representative to numerous ISO committees for CSA, CalConnect, Canada, United States, and Hong Kong, China. He received CSA's Ron Knode Award in 2017, and is an IAPP Fellow of Information Privacy, a member of Sigma Xi, a CISSP-ISSAP, ISSMP, CSSLP, CAP, SSCP, CISA, CISM, CRISC, CGEIT, CIPP/US, CIPM, CIPT, PSM I-II-III, PSPO I-II, PSD and CCIE Emeritus #9650. He received his bachelor's degree magna cum laude in Computer Science and Biology and a Master of Science in Computer Science from Brown University
2016 Service Award Recipients
Anthony Lim
Anthony is a 20-year Asia Pacific cyber-security pioneer and veteran professional, and an early advocate of cloud computing security and governance, since before 2010, when at IBM he was inaugural AP business leader for application security. Prior, he was Check Point’s founding AP managing director and CA’s first regional security brand director. He is currently a consultant, instructor and auditor in this area.
Anthony was on the international CSA-ISC2 JTA committee that built the CCSP and is AP’s first instructor for it. He had been an active board member of CSA Singapore chapter and has been active for both CSA Singapore and CSA Asia Pacific in making seminar presentations, conducting workshops and training, hosting executive roundtables and expert forums, sitting on government and industry committees, providing content for and speaking with the media, on various aspects of cloud security and promoting CSA’s thought-leadership activities, resources and services in the region, which is is still doing to this day.
Anthony is a long-time well-known subject-matter-expert and speaker at many industry, business, government and academic conferences, workshops, committees and media (print, broadcast, internet) on matters of cyber-security and governance in the Asia Pacific region, and is often interviewed on TV news, including recently on BBC. He is a two-time recipient of ISC2’s senior information security professional awards and was vice-chair of its global application security advisory council.
His current advocacy and research pursuits are in smart nations / safe cities and was a speaker at a Stanford University seminar and a NATO workshop. He is a guest and adjunct instructor at some universities, and is a life alumni member of the University of Illinois, Urbana-Champaign.
Juanita Koilpillai
Pioneer of Software Defined Perimeter
Juanita Koilpillai was Founder and CEO of Waverley Labs, a pioneer in software defined perimeters (SDP) and digital risk reduction solutions. She had 30 years’ experience researching and developing systems in computer security, network management and real-time distributed software. She led the open source software-defined perimeter (SDP) effort for ‘black’ apps in the cloud with the Cloud Security Alliance and was an active contributor to NIST leading the creation of a security risk index system for moving apps to the cloud (NIST 500-299). She was a key member of FEMA’s Enterprise Security Management Team and served as Principle Investigator for several DoD initiatives. She co-founded CyberWolf - an advanced automated attack warning system deployed by government and later acquired by Symantec.
Eric Wang
Mr. Wang has more than 30 years experience in IT domain, he the expert on IT Security, and also professional in ERP, and Linux. He had led may important IT projects, such as emoffice、MEES、ecOS, iBon v1, Jcloud, and Bootable-USB-EasyLock. He is also UWCE/UWSE Implementor、ISO/IEC 17025 Certification、CEH, AutoCad certified, as well as the e-commerce representer in APEC 2009.
Right now, Eric Wang leads CSA “Mobile App Security Testing (MAST) Co-Chair to publish the world first App Security Testing White paper, and leading the Open Cloud Framework for MAST, CSA.
Andreas Fuchsberger
Andreas Fuchsberger is a Standards Officer in Microsoft’s Corporate Standards Group. In this role he participates in the international standards community, predominantly attending ISO/IEC JTC 1/SC 27 (IT Security Techniques) as a UK NB delegateITU-T SG 17 (Security) as an ISO invited expert. Currently for SC 27 he is the convener of the Special Working Group on Traversal Items and the editor of 2 international standards on network security and security information and event management (SIEM).
Andreas co-chairs the Cloud Security Alliance’s International Standards Council where he is the liaison officer to ITU-T SGs 13 and 17. He also co-chairs CSA’s Open Certification Framework working group. He has been an appointed member of (ISC)2‘sSecurity Advisory Board (ASAB)
Previously Andreas was a full-time academic at the internationally recognized Information Security Group at Royal Holloway, University of London, where he previously lectured in the areas of network, computer and software security. He has over 20of experience in teaching and running training programmes in IT security architecture, design and programming. He has published articles on programming and network security, intrusion detection/prevention and vulnerability analysis.
Andreas holds the joint CSA/(ISC)2 CCSP as well as CISSP, ISSAP and CSSLP credentials of (ISC)2. He is a registered Chartered Engineer (CEng) of the Engineering Council UK as well as a EUR ING of Fédération Européenne d’Associations Nationales’Ingénieurs (FEANI).
Contributions: Co-chair of the CSA’s International Standardization Council and Open Certification Working Group Leadership. Speaker at numerous events, including the 2015 U.S. Congress and the CSA APAC CISO Forum in 2013.
Bruno Huttner
Bruno has co-chaired CSA’s Quantum-Safe Security working group, which was formed to address key generation and transmission methods and help the industry understand quantum‐safe methods for protecting their networks and their data, for approximately six years. As such, he has participated in writing most of the group’s research papers and has given several presentations about the group’s work. Bruno joined ID Quantique in 2014, where he’s responsible for the business development and product management in the quantum security division. Over the course of his career, Bruno has participated in and given lectures at many international conferences. He has also been active in standardization organizations, first in ITU-T on the polarization effects in optical fibers, then in SAE, ARINC and ASD/STAN for applications of optical fibers in aviation. Bruno is an engineer (Ecole Centrale Paris) and a physicist (PhD from the Technion, Israel Institute of Technology).
Brian Russell
Brian Russell is co-author of the book “Practical
Internet of Things
Security” and is a Chief Engineer focused on Cyber Security Solutions
for Leidos (www.leidos.com). He oversees the design and development of
security solutions and the implementation of privacy and trust controls
for customers. Brian leads efforts that include security engineering for
Unmanned Aerial Systems (UAS) and Connected Cars, and the development
of high assurance cryptographic key management systems. Brian is the
Chair of the Cloud Security Alliance (CSA) Internet of Things (IoT)
Working Group and serves on the Editorial Panel of the Center for
Internet Security (CIS) 20 Critical Security Controls for Effective
Cyber Defense. Brian also supports the Federal Communications Commission
(FCC) Cyber Security Working Group and is a contributor to the Securing
Smart Cities Initiative.
2015 Service Award Recipients
Said Tabet
Kai Roer
Kai Roer provides Fortune 1000 companies worldwide with expertise on how to build and maintain security culture based on his free and open Security Culture Framework. Roer is a bestselling author, speaker and security culture facilitator who believes in the power of volunteerism.
Mariano Benito
CISO at GMV
Mariano J. Benito is CISO at GMV, a leading Spanish company in the cybersecurity field, and CSA Spanish Chapter task force (CSA-ES CTO). Along his twenty-year long career, he has contributed to the development and implementation of international standards, including ISO 27001 & 22031 at GMV. Mariano J. Benito has also developed a specific focus also on Cloud Computing, Compliance & Governance, being the author of the first security analysis in Spain regarding cloud security (2009) and currently contributing to the deployment in Spain of CSA Guide, CCM, PLA and other local CSA initiatives.
Dr. Said Tabet
Senior Technologist and Industry Standards Strategist in the Corporate Office of the CTO at EMC
Dr. Said Tabet is a member of the Object Management Group Board of Directors and the principal EMC representative to the Industrial Internet Consortium. Said is the Chair of the INCITS CS1 Secure Cloud Computing Ad-Hoc Group, and a member of the US delegation to ISO SC27. He is also a member of the Cloud Security Alliance International Standardization Council, co-Chair of the SME Council and the Cloud Security SLA working group. Said spent over two decades driving and contributing to various international standardization activities including ISO, RuleML, OMG standards, W3C Semantic Web and Rules, Risk and Compliance, GRC-XML, Regulatory Reporting and Supervision, Security and Data protection and Privacy. Said continues to work on challenges around Cloud Computing adoption, IoT, Cloud SLA and security SLA automation, Big Data Analytics and security, cyber security and best practices, Industrial Internet of Things, and Semantic Data Collaboration. He is a regular speaker and panelist at industry conferences and international standards meetings, authors and editor of book series and articles.
Contributions: Member of the Cloud Security Alliance International Standardization Council, co-Chair of the SME Council Cloud Trust Working Group co-chair, and the Cloud Security SLA working group. Regular speaker and panelist at industry conferences and international standards meetings; author and editor of book series and articles. Co-author of ‘Practices for Secure Development of Cloud Applications’ and ‘CSA Security Guidance Version 3: Domain 4. Recipient of the Ron Knode Award.
David Siah
Vice-Chairman, CSA Asia Pacific Executive Council
David Siah is actively involved in cyber-security activities in Singapore. He is a member of iDA’s Cyber Security Alliance as well as iDA’s working group on Cloud Outage Incidence Response. He is also a committee member on the Singapore Information Technology Federation’s Security and Governance Chapter and is the Country Manager of Trend Micro. In his capacity, he runs Trend Micro’s business operations in Singapore and is in charge of Trend Labs Singapore — responsible for malware analysis and response.
Brian Russell
Brian Russell is co-author of the book “Practical
Internet of Things
Security” and is a Chief Engineer focused on Cyber Security Solutions
for Leidos (www.leidos.com). He oversees the design and development of
security solutions and the implementation of privacy and trust controls
for customers. Brian leads efforts that include security engineering for
Unmanned Aerial Systems (UAS) and Connected Cars, and the development
of high assurance cryptographic key management systems. Brian is the
Chair of the Cloud Security Alliance (CSA) Internet of Things (IoT)
Working Group and serves on the Editorial Panel of the Center for
Internet Security (CIS) 20 Critical Security Controls for Effective
Cyber Defense. Brian also supports the Federal Communications Commission
(FCC) Cyber Security Working Group and is a contributor to the Securing
Smart Cities Initiative.
Benildus Nadar
Chair for India Regional Coordinating Body
Benildus provides senior advisory services in area of Information Technology with a concentration on Information Security and Risk. Currently with Ericsson, Benildus worked in IBM, Fidelity Investment, Comodo etc in a career spanning 14 Years. Benildus is the founder and chairperson of the CSA Bangalore Chapter, one of the biggest chapters for CSA worldwide.
2014 Service Award Recipients
Yi-Lang Tsai
Founder and Director of the CSA Taiwan Chapter
Yi-Lang Tsai is a famous IT commentator and author in Taiwan having published 34 books and many columns in professional IT publications. His works include the research projects for the detection, The Honeynet Project Taiwan Chapter Leader, the analysis and the honeypot related information security technologies and also in the cloud security technologies for industry, government and academy. He is the Director of major security projects and leader of an Information Security Incident Response Team to work for Taiwan Academic Network (TANet) to handing security incident. He is an expert in UNIX/Linux, Windows OS, communication network technology, network security, ISMS, and digital forensics.
Junaid Islam
Secure Communications Expert
Junaid Islam is the CTO and founder of Vidder which provides distributed access control solutions to Fortune 500 companies. Prior to founding Vidder, Junaid founded Bivio Networks which developed the first Gigabit speed software based securityin the industry. Earlier in his career Junaid helped create networking standards such as Frame Relay, ATM and MPLS while at StrataCom and Cisco.
In addition to his work in the technology industry Junaid has served at the local and national levels. Junaid served as the Human Relations Commissioner of Santa Clara Country (Silicon Valley) from 2002 to 2009. Currently Junaid is the Co-Chair ofSoftware Defined Perimeter (SDP) research group which supports a number of US national cyber security initiatives.
Contributions: Co-chair of the SDP Working group; co-author and chief architect behind the SDP specification. Presenter at several events including U.S. Congress 2013, CSA Congress in 2014 and 2015 and CSA Summit Hack-a-thon host. Recipient of the Ron Knode Award.
Eric Hibbard
Hitachi Data Systems’ CTO Security & Privacy
Eric Hibbard is Hitachi Data Systems’ CTO for Security & Privacy where he leads the Hitachi product-oriented security strategy activities with an emphasis on data and storage security. He is a senior security professional with expertise in information assurance, privacy, storage, cloud computing, eDiscovery and enterprise ICT. He leverages this expertise and extensive experience in the public and private sectors in leadership roles within the ABA, CSA, INCITS, IEEE and SNIA. Hibbard currently serves as the ISO editor of ISO/IEC 27040 (Storage security), ISO/IEC 27050 (eDiscovery) and ISO/IEC 17788 (Cloud computing). He speaks internationally and is published. Hibbard holds a BSCS along with the CISSP-ISSAP, ISSEP, ISSMP and CISA certifications. – See more at: http://www.rsaconference.com/speakers/eric-hibbard#sthash.dEjfY17n.dpuf
Contributions: Created the original ‘Top Threats’ to the cloud; co-chair and founder of the SDP Workgroup, where he invented SDP and managed all major activities. Authored numerous blog posts; speaker at numerous events, including CloudBytes presentations. Recipient of the Ron Knode Award.
Ben Katsumi
Executive Director and Secretary General of Cloud Security Alliance (CSA) Japan Chapter, Inc.
Ben T. Katsumi is President and CEO, Information Economy Research Institute, Inc. and former Chief Researcher, IT Security Center, IPA(Information-technology Promotion Agency Japan).
Mr. Katsumi has 20 years of experience in cybersecurity specializing in market analysis, social and international studies, and security management and governance. His career includes 8 years at IPA as a researcher (2005 thru 2013), consultant at several Japanese firms including Ricoh’s subsidiary (2004 thru 2008), director at Symantec Japan (2001 thru 2004).
In 2010 Mr. Katsumi co-founded CSA Japan Chapter, which was incorporated in 2013 where he serves as a board member as well. He is members of Japan Network Security Association (JNSA), JASA Cloud Information Security Promotion Alliance (JCISPA), Japan Society of Security Management (JSSM), and Institute of Digital Forensics (IDF). CCSK, CISA, Information Security Associate Auditor, Certified Information Security Administrator.
He is a frequent writer and a speaker at domestic and international conferences including NIST Cloud Forum & Workshop, IEEE-EMBC, CloudAsia, CloudscapeV, Securecloud, and CSA Congress.
Alberto Manfredi
President and Country Leader, CSA Italy
MSc in Computer Science and Master of Science in Computer Science from the University of Milan with the highest marks and honors, he has been working in the Information Technology market for over 30 years, of which more than 20 in the field of Cyber and Information Security. Since 2002 he has been working at Leonardo SpA, where in recent years he has held the role of Divisional CISO and Senior Advisor in the Corporate Security function and since 2023 he has been in the Cyber & Security Solutions Division in the role of Senior Advisor Security Certifications. Specialized in Computer Forensics and Digital Investigations at the University of Milan and holds an Executive MBA from the University of Pavia. He holds the professional certifications CISA, CRISC, CISSP, GCFA, CCSK, CCZT, Lead Auditor 27001 & CSA STAR. President and co-founder of CSA Italy since 2011, the national chapter of CSA, from which he received the Ron Knode Service Award in 2014, and CSA Authorized Instructor.
Damir Savanovic
Damir Savanovic (M) is an Associate Director - Cloud Controls Lead at Willis Towers Watson, leading a team of subject matter experts to address compliance and control requirements for multiple compliance frameworks within information and cybersecurity for a global financial institution.
As a security evangelist and subject matter expert in the
areas of security governance, risk and compliance, data protection with
over 15 years of experience in cyber security, he has vast experience
and knowledge of cyber security and privacy standards, laws and
regulations. Damir worked as a Senior Innovation Analyst and Program
Manager at Cloud Security Alliance, CISO and IT Quality Manager in SKB,
Société Générale Group, and as IS Auditor at EY. Damir graduated from
University of Ljubljana (Slovenia) in Information Technology and holds
CCSK, CISM, CISA and ISO/IEC 27001 Lead Auditor certifications.
2013 Service Award Recipients
Dr. Siani Pearson
Principal Research Scientist at HP Labs, Bristo
Dr. Siani Pearson’s current research focuses on accountability, privacy and the cloud and she holds over 50 patents and is author or co-author of well over 100 papers and technical reports in these fields.
Siani received an MA from Oxford University in logic, a PhD in artificial intelligence from the University of Edinburgh and was a Research Fellow at Cambridge University before joining HP in 1994. She is a Fellow of the British Computer Society, senior member of IEEE and a Certified Information Privacy Professional/Information Technology. Siani is currently the scientific coordinator of a major European research project on Accountability for the Cloud (A4Cloud) and is a member of: HP Privacy and Data Protection Board; UK Cloud Security Alliance Chapter board; HP cloud security WG; CSA PLA and OCF WGs; IEEE Transactions on Cloud Computing Editorial Board; UK IEC subcommittee on data principles; numerous programme committees, including being Program Chair of IEEE CloudCom 2014; the steering committees of a number of conferences and advisory boards of several universities and EU projects.
Antony Ma
Member of Hong Kong OGCIO Expert Group on Cloud Computing
Antony Ma has over 14 years experience in the IT industry taking roles in different areas including software development, IT auditing and IT security. Antony has professional qualifications including CISSP, CISA, Oracle DBA and BS7799 ISMS assessor. He received a Bachelor degreed in Engineering, then completed a LLM degree in Intellectual Property & Information Technology Law from the Faculty of Law at the University of Hong Kong.
Antony has extensive experiences in financial IT, especially in IT compliance and technology risk management.
Dominik Birk
Vice President of the CSA Swiss Chapter
Dominik Birk is working as a Information Security Manager for the Zurich Insurance Group in Zurich, Switzerland. Besides that, Birk is leading the the CSA WG “Incident Management and Forensics”, helped establish the German and Swiss local CSA Chapters, and contributed to the CSA Cloud Security Guidance V3.0.
Sean Cordero
Sean Cordero brings more than 15 years of information security and IT experience to his current role as director, information security at Optiv. Cordero provides executive level advisement for the company’s Fortune 50 clients. Cordero’s prior leadership roles included: President of Cloud Watchmen, CSO for EdFund, CSO for ECMC West, Director of Security and Compliance for Charlotte Russe.
Cordero is a thought-leader and serves as chair of the Cloud Security Alliance’s (CSA) Cloud Control Matrix working group where he drives the development of security standards for cloud computing. Cordero was awarded the 2013 Ron Knode Service Award by the Cloud Security Alliance for his contributions to cloud research.
Cordero is active in the conference speaking circuit where he has presented for CSO magazine, the CSA, the High Technology Crimes Association, Secure360, the University of California, Bsides, and ISACA. Cordero is CISSP, CRISC, CISM and CISA.
Contributions: Evangelized use of CCM and the CSA Security, Trust and Assurance Registry (STAR) across the industry at conferences, webinars and podcasts. Co-led the development of the CCM and helped drive CCM versions 1.3, 1.4, and 3.0. Recipient of 2013 Ron Knode Award.
Evelyn de Souza
Senior Security Strategist at Cisco
Evelyn is responsible for championing holistic security solutions that address emerging industry trends such as cloud, data center SDN and mobile. She is a strong proponent of building automated, repeatable processes that enable organizations to sustain compliance while optimizing security posture and reducing costs. To this end, Evelyn co-chairs the Cloud Security Alliance Cloud Controls Matrix (CCM) which harmonizes regulations and industry standards to a common framework and according to cloud model to enable reduce audit complexity. Evelyn has a weekly column on WIRED Insights and frequently posts at CloudTweaks, Internet Evolution and 21st Century. Evelyn is also a regular speaker at industry conferences and can be followed on Twitter @e_desouza.
Nantawan Wongkachonkitti
Head of Marketing APAC
Nantawan serves as the Director of Innovation and Research and was formerly the Director for IT Intelligence Operations Division for Electronic Government Agency (Public Organization), Thailand. She has been working in the computer and telecommunication field for over 14 years. She manages Electronic Government Agency’s Operations Division for all IT Thailand Government. She is currently served as a secretary of CSA, Thailand Chapter which developed Cloud Control Matrix 1.3 on App Store for dual languages (Thai and English) called “Cloud Control Self Assessment”.
2012 Service Award Recipients
Henry St. Andre
Director of Trust Services for inContact
Henry St. Andre began his career in telecommunication 32 years ago, in 1984 during the break-up and divestiture of AT&T. He served as Director of Operations for over 25 years working for several different regional telecommunications providers and ultimately because the Director of Operations for inContact before being asked to be the Director of Trust Services at inContact, with the mission to create a security team and operations that could support the requirements of inContact, the leading provider of cloud based contact center solutions. inContact recognized very early the importance of security to its cloud customers and as such as Director of the Trust Team, he also took steps to involve inContact in the larger cloud security community by having inContact become a sponsor of the Cloud Security Alliance and engaging actively with the CSA in Subject Matter Expert team and other CSA sponsored activities.
Contributions: Has served as SME Council co-chair for the past five years; member of several working groups, including the Mobile, SLA, Big Data, Telecom and Cloud Maturity Model; recipient of the 2012 Ron Knode Award.
Richard Zhao
Chief Strategy Officer of NSFOCUS
Dr. Liang ZHAO (Richard) manages the research team, strategic planning, and fosters innovations at NSFOCUS. He obtained his B.Sc, M.Sc. and Ph.D degrees from Peking University at 1991, 1994, 1997 respectively. Liang majored physics and fiber-optic communications and has over 15 years of professional experience in telecom and network security areas. He owns certifications of CISSP, ITIL, BS7799.
Prior to his current position, he was the Director of Architect and Security Operations at Lenovo, responsible for the infrastructure architect and information security operations from 2006 to Aug. 2009. Before Lenovo, he worked for Computer Associates as the Principal Consultant at China from 2003 to 2006. From 2000 to 2003, he worked for iS-One as Chief Strategy Officer, responsible for R&D, security consulting service and etc. From 1997 to 2000, he worked for China Telecom, as the chief of network security affairs.
Ryan Ko
Chair & Director at UQ Cyber Security, University of Queensland, Australia
Dr. Ryan Ko
Asia Pacific Research Advisor, Chair & Director at UQ Cyber Security, University of Queensland, Australia
Dr Ryan Kok-Leong Ko is Head of Cyber Security Lab and Senior Lecturer at the University of Waikato, New Zealand, Affiliate Faculty Member at Idaho State University, USA, and Asia Pacific Research Advisor for the Cloud Security Alliance.
In 2013, he established New Zealand’s first Master of Cyber Security, and NZ’s first university-led cyber security graduate research programme with the Cyber Security Lab at the University of Waikato. Waikato’s Cyber Security Lab also hosts the NZ Cyber Security Challenge since 2014. Dr Ko is recipient of the University of Waikato’s Early Career Academic Excellence, Nola Campbell Memorial ELearning Excellence, and the 2014, 2015 Faculty Teaching Excellence Awards.
Recipient of the inaugural Cloud Security Alliance (CSA) Ron Knode Service Award in 2012, Dr Ryan Ko has served as a CSA APAC volunteer since CSA’s beginnings, including pioneering research via the formation of the CSA Data Governance Working group, CSA Cloud Vulnerabilities Working Group, and as curriculum and examination co-creator of the (ISC)2-CSA Certified Cloud Security Professional (CCSP).
Dr Ko is principal investigator of the MBIE-funded NZ$12.23 million (incl. GST) STRATUS research project – NZ’s largest scientific research grant in the field of computer science. Dr Ko publishes extensively, in indexed academic journals, ranked computer science conference proceedings, international patents, and most recently, co-edited the book on “The Cloud Security Ecosystem – Technical, Legal, Business and Management Issues” with Elsevier. Dr Ko also leads virtualized server security standardization as a technical committee member of the ISO/IEC JTC 1/SC 27 and SPRING/ IDA IT Standards Committee SPSTC.
Prior to his academic career, Dr Ko was a lead computer scientist with HP Labs, leading security innovation and technology transfers for cloud data provenance solutions deployed across USA, EU and Asia. He serves as a technical advisor and board members to NZ listed companies, startups and international organisations, including the NZX-listed LIC, NYRIAD Ltd, and the INTERPOL. Dr Ko holds a B.Eng. (Computer Engineering) (Hons.) and a Ph.D. with the Nanyang Technological University, Singapore, and is member of the IEEE, ACM and the Royal Society of New Zealand.
Contributions: Co-founder and chair of the Cloud Vulnerabilities Working Group and the CSA Cloud Data Governance Working Group; spearheaded the formation of the CSA APAC Education Council, contributed to several key research papers; acted as an SME representing CSA in the creation of the CCSP certification.
David Lingenfelter
Security and Compliance, MaaS360
David is a seasoned security professional with nearly 20 years of experience in risk management, information security, compliance, and policy development. Throughout his career David has performed risk and vulnerability assessments along with making recommendations on network and system design improvements. David’s career has spanned from traditional hardware based security architectures to cloud technologies and virtual environments.
Currently in charge of security and compliance for MaaS360 by IBM, David has managed projects to get Fiberlink SAS70-Type2 and more recently SOC2 Type II. David also recently led Fiberlink through audits to receive Federal Information Security Management Act (FISMA) authorization from GSA for Fiberlink’s MaaS360 Cloud Service offering. David also lead MaaS360 through the FedRAMP JAB ATO process, becoming the first mobile SaaS companies to be certified under FedRAMP. Fiberlink’s customers range from the SME space to Fortune 500 and Federal customers. David has helped ensure that MaaS360 meets the different requirements from these different types of customers including PCI, HIPAA, SoX, and NIST.
David helped design MaaS360’s cloud architecture model, and is an active member of the Cloud Security Alliance including being a co-chair for their Mobile Working Group and contributor to the development of the CSA Cloud Control Matrix as well as being active in several other working groups. David is also the president of the local chapter of the Cloud Security Alliance in the Delaware Valley. Along with work with the Cloud Security Alliance David is a member of the NIST Cloud working groups including their Mobile working group and CyberSecurity working group.
Prior to Fiberlink David worked as a security consultant performing security assessments and project management for multiple fortune 500 companies including Merck, CIGNA, Campbell Soup, Sanofi-Aventis and Wyeth (later purchased by Pfizer). This included overseeing projects that were involved with mergers as was the case with Rhone Poulenc and Sanofi-Aventis and separations as with CIGNA and ACE. David frequently gives presentations on Cloud and Mobile technologies and has presented for ISACA, ISSA, Cloud Security Alliance, InfraGard and GTRA among others. David received the 2012 Ron Knode Service Award for volunteer services at the Cloud Security Alliance and was awarded the “Most Dynamic Speaker” award at the 2012 annual GTRA Security in Government event. David has also been quoted as a subject matter expert in a number of different publications. David is a graduate from Fairleigh Dickenson University with a Bachelor of Science in Electrical Engineering.
Contributions: Co-chair of the Mobile Working Group; co-founder of IoT Working Group; contributor to CCM and Subject Matter Expert Working Groups. President of the CSA Delaware Valley Chapter. Contributor to multiple online publications and served as a speaker on behalf of CSA at third-party events, including InfraGard and ISACA.
Kevin Fielder
Senior Manager Cyber Security at Worldpay
Kevin Fielder has over 15 years IT and security experience across multiple industries encompassing online trading, online supermarkets, banking/finance/insurance. His various roles have included pen testing and security assessments through technical and security architecture to security consulting and innovations.
Current focus includes security strategy, secure design and development, security innovations, software based mobile security, cloud policy and architecture, structured risk assessments, and of course his role as co-chair of the SecaaS working group.
He holds a Bachelors degree in Computing with Human Biology and a Masters in Distributed Systems and Networks, along with various industry certifications such as CISSP-ISSAP, CISSP-ISSMP, C|EH, ISEB enterprise and solutions architecture.
Bernd Jaeger
Colt (Germany)
Working for more than 20 years within the ICT industry, focussing on information security, Bernd’s scope ranges from security management related activities down to a deep, “hands-on” level of understanding of today’s threats and countermeasures.
Working for Telecommunication-, Internet-, Cloud and Technology Service provider, Bernd designed and implemented highly customized security solutions, developed technical blueprints and products, conducted security audits and penetration tests,and introduced new technologies, trained employees and customers as well as provided internal and external consultancy at all times. In addition to that he had been part of Cyber Security Incident Response Teams supporting forensics, malwareand application vulnerability testing.
His most recent work is focused on security architectures for the software defined (virtualized) future of data centre and network services in a provider environment and as member of the “Office of the CTO” writing strategic technology papers andguidance to the executive committee.
As chair of the Telecom Working Group and contributor to variety of research initiatives within the Cloud Security Alliance, as speaker at conferences and writer, Bernd is actively supporting the international research community, promotingbest practice and knowledge. In 2012 he received the Ron Knode Service Award recognizes excellence in volunteerism and is awarded in memory of Ron Knode, a cherished member of the CSA community.
Contributions: Co-chair of the Telecom Working Group; member of the Virtualization Working Group; founding member of the Incident Management & Forensic Working Group and contributor to several of its publications.