BARUCH FISCHHOFF, Co-Chair, is Howard Heinz University Professor, Department of Engineering and Public Policy and the Institute for Politics and Strategy, Carnegie Mellon University. A graduate of the Detroit Public Schools, he holds a B.S. (mathematics, psychology) from Wayne State University and a Ph.D. (psychology) from the Hebrew University of Jerusalem. He is a member of the National Academy of Medicine and has served on many committees of the National Academies of Sciences, Engineering, and Medicine. He is past president of the Society for Judgment and Decision Making and of the Society for Risk Analysis. He has chaired the Food and Drug Administration Risk Communication Advisory Committee and been a member of the Eugene Commission on the Rights of Women, the Department of Homeland Security (DHS) Science and Technology Advisory Committee, and the Environmental Protection Agency Scientific Advisory Board, where he chaired the Homeland Security Advisory Committee. His books include Acceptable Risk, Risk: A Very Short Introduction, Judgment and Decision Making, A Two-State Solution in the Middle East, Counting Civilian Casualties, and Communicating Risks and Benefits. He has co-chaired three National Academies’ Sackler Colloquia on the Science of Science Communication.
PETER J. WEINBERGER, Co-Chair, has been a software engineer at Google, Inc., since 2003, working on software infrastructure. He has a Ph.D. in mathematics (number theory) from the University of California, Berkeley (UC Berkeley). After a stint at the University of Michigan, Ann Arbor, he
moved to Bell Labs. At Bell Labs, he worked on Unix and did research on various topics before moving into research management, ending up as information sciences research vice president. After AT&T and Lucent split, he moved to Renaissance Technologies, a technical trading hedge fund, as head of technology. He has been on the Army Science Board, and for the National Academies he served on the Computer Science and Telecommunications Board and participated in a number of studies, including one that produced Asking the Right Questions about Electronic Voting and one that produced Bulk Collection of Signals Intelligence: Technical Options. From 2008 to 2016, he was on the Information Security and Privacy Advisory Board, the last 2 years as chair.
JANDRIA S. ALEXANDER is principal director of the Cyber Security Subdivision, The Aerospace Corporation. Ms. Alexander has been with The Aerospace Corporation since 1992 and leads cyber and information assurance architecture definition, technology assessments, vulnerability and countermeasures experiments, cyber command and control, and security engineering and acquisition for the Department of Defense, the Intelligence Community, and civil customers. She has a B.S. in computer science from Brandeis University and an M.S. in technology management from American University.
ANNIE I. ANTÓN is a professor in and chair of the School of Interactive Computing at the Georgia Institute of Technology. She has served the national defense and intelligence communities in a number of roles since being selected for the Institute for Defense Analyses (IDA)/Defense Advanced Research Projects Agency (DARPA) Defense Science Study Group in 2005 and 2006. Her current research focuses on the specification of complete, correct behavior of software systems that must comply with federal privacy and security regulations. She is founder and director of ThePrivacyPlace.org. Dr. Antón currently serves on various boards and committees, including the following: the DHS Data Privacy and Integrity Advisory Committee, an Intel Corporation advisory board, and the Future of Privacy Forum advisory board. She is a former member of the Computing Research Association (CRA) board of directors, the National Science Foundation (NSF) Computer and Information Science and Engineering Directorate Advisory Council, the Distinguished External Advisory Board for the TRUST Research Center at UC Berkeley, the DARPA Information Science and Technology Study Group, the U.S. Association for Computing Machinery Public Council, the advisory board for the Electronic Privacy Information Center in Washington, D.C., the Georgia Tech Alumni Association board of trustees, the Microsoft Research University Relations Faculty Advisory Board, the CRA-W, and the Georgia Tech Advisory
Board. Prior to joining the faculty at Georgia Tech, she was a professor of computer science in the College of Engineering at North Carolina State University. Dr. Antón is a three-time graduate of the College of Computing at the Georgia Institute of Technology, receiving a Ph.D. in 1997 with a minor in management and public policy, an M.S. in 1992, and a B.S. in 1990 with a minor in technical and business communication.
STEVEN M. BELLOVIN is a professor of computer science at Columbia University, where he does research on networks, security, and especially why the two do not get along. During the 2012–2013 academic year, he was on leave from the university and serving as the chief technologist of the Federal Trade Commission. He joined the faculty in 2005 after many years at Bell Labs and AT&T Labs Research, where he was an AT&T fellow. He received a B.A. degree from Columbia University and an M.S. and a Ph.D. in computer science from the University of North Carolina, Chapel Hill. While a graduate student, he helped create Netnews; for this, he and the other perpetrators were given the 1995 Usenix Lifetime Achievement Award (The Flame). He is a member of the National Academy of Engineering (NAE) and is serving on DHS’s Science and Technology Advisory Committee and the Technical Guidelines Development Committee of the Election Assistance Commission. He has also received the 2007 National Institute of Standards and Technology/National Security Agency (NSA) National Computer Systems Security Award. Dr. Bellovin is the coauthor of Firewalls and Internet Security: Repelling the Wily Hacker and holds a number of patents on cryptographic and network protocols. He has served on many National Academies’ study committees, including those on information systems trustworthiness, the privacy implications of authentication technologies, and cybersecurity research needs; he was also a member of the information technology subcommittee of a study group on science versus terrorism. He was a member of the Internet Architecture Board from 1996 to 2002; he was co-director of the Security Area of the Internet Engineering Task Force from 2002 through 2004.
SEYMOUR E. GOODMAN is a Regents’ Professor, professor of international affairs and computing, and adjunct professor of history at Georgia Tech. He also serves as a co-director of the Center for International Strategy, Technology, and Policy and was founding director and now director emeritus of the Sam Nunn Security Program (Nunn-MacArthur Program). Dr. Goodman studies international developments in the information technologies and technological innovation and its effective implementation and deployment in large-scale conflicts. He has over 150 publications and has served on many academic, government, and industry editorial, study, and advisory committees, including the Computer Science and Telecom-
munications Board of the National Academies. He is a lifetime national associate of the National Academy of Sciences. Prior to coming to Georgia Tech he was the director of the Consortium for Research in Information Security and Policy, with the Center for International Security and Cooperation at Stanford University. He has held a variety of appointments at the University of Virginia (Applied Mathematics, Computer Science, Soviet and East European Studies), the University of Chicago (Economics), Princeton University (The Woodrow Wilson School of Public and International Affairs, Mathematics), and the University of Arizona (MIS, Soviet and Russian Studies, Middle Eastern Studies). Dr. Goodman was an undergraduate at Columbia University and obtained his Ph.D. from the California Institute of Technology in 1970, where he worked on problems of applied mathematics and mathematical physics.
RONALD GRAHAM currently holds the Irwin and Joan Jacobs Endowed Chair in Computer and Information Science in the Computer Science and Engineering Department at the University of California, San Diego (UCSD). He is also chief scientist of the California Institute for Telecommunications and Information Technology at UCSD. He joined the UCSD faculty in 1999 after a 37-year career with AT&T. Dr. Graham received his Ph.D. in mathematics from UC Berkeley in 1962. From 1962 to 1995, he was director of information sciences at AT&T Bell Labs, and from 1996 to 1999 he was chief scientist at AT&T Labs. He has held visiting professorships at Rutgers University, Princeton University, Caltech, Stanford University, and the University of California, Los Angeles, and holds six honorary doctorates. Dr. Graham is a member of the National Academy of Sciences and has served as its treasurer for 12 years. He is a past president of the American Mathematical Society and the Mathematical Association of America. He is a fellow of the American Association of Arts and Sciences, the Society for Industrial and Applied Mathematics, the Association for Computing Machinery (ACM), and the New York Academy of Sciences. Dr. Graham has won numerous awards in the field of mathematics, including the Polya Prize in Combinatorics, the Euler Medal in Combinatorics, the Allendoerfer Award, the Ford Award, and the Steele Prize for Lifetime Achievement in Mathematics (from the American Mathematical Society).
CARL LANDWEHR is lead research scientist at the Cyber Security and Privacy Research Institute at George Washington University and an independent consultant. He received his B.S. degree in engineering and applied science from Yale University and M.S. and Ph.D. degrees in computer and communication sciences from the University of Michigan, where he helped implement the MERIT packet-switched network. From
1976 to 1999, he conducted research in what would now be called cybersecurity at the Naval Research Laboratory. From 1999 to 2001, while at Mitretek Systems, he assisted several of DARPA’s Information Assurance programs. From 2001 to 2005 and again from 2009 to 2011, he headed the NSF’s research programs to advance trustworthy computing, receiving the NSF Director’s Award for Meritorious Service in 2012. From 2005 to 2009, he managed programs in both defensive and offensive cyber operations at I-ARPA (the Intelligence Advanced Research Projects Activity) and its predecessor organizations. He has been active in the Institute of Electrical and Electronics Engineers (IEEE), including two terms as editor-in-chief of IEEE Security and Privacy Magazine, in the ACM, and in International Federation for Information Processing (IFIP) Working Groups 11.3 and 10.4, and he has received a variety of awards for research and service from these organizations. He has served on several National Academies’ study committees and has advised DARPA, NSA, Sandia National Laboratories, Massachusetts Institute of Technology Lincoln Laboratories, Australia’s Defence Science and Technology Organisation, Israel’s Council for Higher Education, and similar institutions. He has taught courses in computer science at Purdue University, Georgetown University, the University of Maryland, and Virginia Tech. In 2012, he was in the first class of 11 individuals inducted into the Cyber Security Hall of Fame. In 2015–2016, he served as Visiting McDevitt Professor of Computer Science at LeMoyne College, where he developed and taught a new course, “Cybersecurity for Future Presidents.” In 2016, he was elected to the board of directors of the nonprofit Center for Democracy and Technology.
STEVEN B. LIPNER is executive director of SAFECode, a nonprofit organization dedicated to increasing trust in information and communications technology products and services through the advancement of effective software assurance methods. He retired in 2015 as partner director of software security in Trustworthy Computing at Microsoft Corporation. His expertise is in software security, software vulnerabilities, Internet security, and organization change for security. He is the founder and long-time leader of the Security Development Lifecycle (SDL) team that has delivered processes, tools, and associated guidance and oversight that have significantly improved the security of Microsoft’s software. Mr. Lipner has over 40 years of experience as a researcher, development manager, and general manager in information technology security. He served as executive vice president and general manager for Network Security Products at Trusted Information Systems and has been responsible for the development of mathematical models of security and of a number of secure operating systems. Mr. Lipner was one of the initial 12 members of the U.S. Computer Systems Security and Privacy Advisory Board (now
the Information Security and Privacy Advisory Board) and served two terms and a total of 10 years on the board. He is the author of numerous professional papers and has spoken on security topics at many professional conferences. He is named as inventor on 12 U.S. patents in the fields of computer and network security and has served on numerous scientific boards and advisory committees, including as a current member of the National Academies’ Committee on Future Research Goals and Directions for Foundational Science in Cybersecurity and the Committee on Law Enforcement and Intelligence Access to Plaintext Information in an Era of Widespread Strong Encryption: Options and Tradeoffs. Mr. Lipner was elected in 2015 to the National Cybersecurity Hall of Fame and in 2017 to the National Academy of Engineering.
ROY MAXION is a research professor in the Computer Science, Machine Learning and Electrical and Computer Engineering Departments at Carnegie Mellon University (CMU), and director of the CMU Dependable Systems Laboratory. His general research interests are rooted in system dependability and reliability, recently turning toward information assurance, behavioral biometrics, and selected aspects of computer security. He has been program chair of the International Conference on Dependable Systems and Networks and a member of the executive board of the IEEE Technical Committee on Fault Tolerance, the U.S. Defense Science Board, and various professional organizations. He has consulted for the U.S. Department of State as well as for numerous industry and government bodies. He is presently on the editorial boards of the International Journal of Biometrics and IEEE Security and Privacy and is past associate editor of IEEE Transactions on Dependable and Secure Computing, the IEEE Transactions on Information Forensics and Security, and International Journal of Security and Networks. He is an elected member of the IFIP Working Group 10.4 on Dependable Systems. Dr. Maxion is a fellow of the IEEE.
GREG MORRISETT is the dean of Computing and Information Sciences (CIS) at Cornell University, which houses the departments of Computer Science, Information Science, and Statistical Sciences. From 2004 to 2015, he held the Allen B. Cutting Chair in Computer Science at Harvard University. At Harvard, he also served as the associate dean for Computer Science and Electrical Engineering and as the director of the Center for Research on Computation and Society. Before Harvard, Dr. Morrisett spent 8 years on the faculty of Cornell’s Computer Science Department. He received his bachelor’s degree from the University of Richmond and both his master’s and doctorate degrees from CMU. His research focuses on the application of programming language technology for building secure, reliable, and high-performance software systems. A common theme is
the focus on systems-level languages and tools that can help detect or prevent common vulnerabilities in software. Past examples include typed assembly language, proof-carrying code, software fault isolation, and control-flow isolation. Recently, his research focuses on building provably correct and secure software, including a focus on cryptographic schemes, machine learning, and compilers. Dr. Morrisett is a fellow of the ACM and has received a number of awards for his research on programming languages, type systems, and software security, including a Presidential Early Career Award for Scientists and Engineers, an IBM Faculty Fellowship, an NSF Career Award, and an Alfred P. Sloan Fellowship. He served as chief editor for the Journal of Functional Programming and as an associate editor for ACM Transactions on Programming Languages and Systems, Information Processing Letters, and The Journal of the ACM. He currently serves as co-editor-in-chief for the Research Highlights column of Communications of the ACM. In addition, Dr. Morrisett has served on the DARPA Information Science and Technology Study Group, the NSF Computer and Information Science and Engineering Advisory Council, The Max Planck Institute for Software Systems Advisory Board, the CRA board, Microsoft Research’s Technical Advisory Board, Microsoft’s Trustworthy Computing Academic Advisory Board, and the Fortify Technical Advisory Board.
BRIAN SNOW is an independent security advisor. As a mathematician/computer scientist, Mr. Snow taught mathematics and helped lay the groundwork for a computer science department at Ohio University in the late 1960s. He joined the NSA in 1971, where he became a cryptologic designer and security systems architect. Dr. Snow spent his first 20 years at the NSA doing and directing research that developed cryptographic components and secure systems. Many cryptographic systems serving the U.S. government and military use his algorithms; they provide capabilities not previously available and span a range from nuclear command and control to tactical radios for the battlefield. Computer security, network security, and strong assurance were major aspects for these systems. He created and managed the NSA’s Secure Systems Design division in the 1980s. He has many patents, awards, and honors attesting to his creativity. His later years at the NSA were the model for what it means to be a senior technical director at the NSA (similar to a chief scientist or senior technical fellow in industry); he served in that capacity in three major mission components: the Research Directorate (1994-1995), the Information Assurance Directorate (1996-2002), and the Directorate for Education and Training—the NSA’s Corporate University (2003-2006). He was the first technical director appointed at the “Key Component” level at the NSA, and the only “techie” at the NSA to serve in such a role across three
different directorates. Throughout those years, his credo was as follows: “Managers are responsible for doing things right; technical directors are responsible for finding the right things to do.” In all of his positions, he insisted that the actions the NSA took to provide intelligence for our national and military leaders should not put U.S. persons or their rights at risk. He was a leading voice for always assessing the unintended consequences of both success and failure prior to taking action. Mr. Snow retired in 2006 and is now a security consultant and ethics advisor. He received his B.S. and M.S. in mathematics from the University of Colorado in 1965 and 1967, respectively, and did additional graduate course work in computer science at Ohio University from 1969 to 1971 and in mathematics at the University of Maryland from 1972 to 1973.
PHILIP VENABLES is the chief operational risk officer at Goldman Sachs. He is a member of the Firmwide Risk Committee. Previously, Mr. Venables served as chief information risk officer and head of technology risk. He joined Goldman Sachs as a vice president in London in 2000 and transferred to New York in 2001. Mr. Venables was named managing director in 2003 and partner in 2010. Prior to joining the firm, he was chief information security officer at Deutsche Bank and also functioned as the global head of technology risk management for Standard Chartered Bank. Before that, Mr. Venables served in various technology, network management, and software engineering roles at a number of finance, energy, and defense organizations. He serves on the executive committee of the U.S. Financial Services Sector Coordinating Council for Critical Infrastructure Protection and is a member of the boards of the Center for Internet Security and the New York University Tandon School of Engineering. He is also an advisor to the IDA and a U.S. intelligence agency. Mr. Venables is a member of the Council on Foreign Relations. He earned a B.Sc. (Hons.) in computer science from the University of York and an M.Sc. in computation from Queen’s College at Oxford University. He was awarded the designation of chartered engineer in 1995 and chartered scientist in 2002 and was elected a fellow of the British Computer Society in 2005.
STEVEN WALLACH was a founder of Convey Computer. Micron Technology bought Convey in 2015. At Micron, Mr. Wallach is a design-engineering director. Previously, he served as vice president of technology for Chiaro Networks, Ltd., and as co-founder, chief technology officer, and senior vice president of development of Convex Computer Corporation. After Hewlett-Packard Co. (HP) bought Convex, Mr. Wallach became chief technology officer of HP’s Enterprise Systems Group. He served as a consultant to the U.S. Department of Energy’s Advanced Simulation and Computing Program at Los Alamos National Laboratory from 1998 to
2007. He was also a visiting professor at Rice University in 1998 and 1999, and was manager of advanced development for Data General Corporation. His efforts on the MV/8000 are chronicled in Tracy Kidder’s Pulitzer Prize-winning book, The Soul of a New Machine. Mr. Wallach, who has 39 patents, is a member of the National Academy of Engineering, an IEEE fellow, and a founding member of the Presidential Information Technology Advisory Committee. He is the 2008 recipient of IEEE’s Seymour Cray Award and the 2002 Charles Babbage award.