BRANDON BAKER is tech lead for cloud security at Google, where he is responsible for security strategy and technical direction for the Google Cloud platform. Mr. Baker started the Cloud Security organization at Google 8 years ago, building core encryption, sandboxing, mitigation, detection, and security features to protect Google Cloud users and infrastructure from compromise. Since the discovery of Spectre/Meltdown in July 2017, he also wears an incident response hat, dealing with CPU side-channel issues from the cloud perspective. Prior to Google, Mr. Baker was at Microsoft, where he was a developer on Hyper-V, the Windows kernel, Bitlocker, TPMs, and NGSCB. He has worked on virtualization, kernel, and CPU security for over 20 years, and has been a key contributor to Trusted Computing research, inventions, and development across the industry. Mr. Baker holds a B.Sc. degree in computer science from Texas A&M University.
ERNIE BRICKELL is an independent security researcher. Dr. Brickell is a fellow of the International Association for Cryptologic Research (IACR) and was founding editor-in-chief of the Journal of Cryptology. He is an author on over 30 publications and 70 patents in cryptology and has been an invited speaker at IACR conferences numerous times. He retired from Intel Corporation in 2016. At Intel, he ran the Security Architecture Forum, which was the decision-making body for security for all Intel products. During his career, he also worked at Sandia National Laboratories, Bellcore, and CertCo. Dr. Brickell has a Ph.D. in mathematics and a master’s in computer science from The Ohio State University. His current research is on finding a potential balance between the conflicting requirements of individual and corporate needs for security/privacy and law enforcement’s needs for information access.
GALEN HUNT is a distinguished engineer and director at Microsoft. Dr. Hunt founded and led the team that build the Azure Sphere, announced at the RSA Conference 2018. Their goal is to make the Internet of Things safe for society. Azure Sphere provides an end-to-end solution that enables any device manufacturer to create highly secured devices—devices possessing all “Seven Properties of Highly Secure Devices.” Dr. Hunt is also part of the launch team for the Microsoft Research New Experiences and Technologies (MSR NExT) organization. In addition to building Azure Sphere, he also manages the Operating Systems Technologies Group. Previously, he led the Operating Systems and Distributed Systems Group as principal researcher. Dr. Hunt has Ph.D. (1998) and M.S. (1996) degrees in computer science from the University of Rochester, a B.S. (1992) degree in physics from the University of Utah, and an A.S. (1987) degree from what is now Dixie State University.
KATIE MOUSSOURIS is the founder and CEO of Luta Security, a company offering unparalleled expertise to create robust vulnerability coordination programs. Luta Security specializes in governments and multiparty supply chain vulnerability coordination. Ms. Moussouris recently testified as an expert on bug bounties and the labor market for security research for the U.S. Senate and has been called upon for European Parliament hearings on dual-use technology. She was later invited by the U.S. State Department to help renegotiate the Wassenaar Arrangement, in which she successfully helped to change the export control language to include technical exemptions for vulnerability disclosure and incident response. She is a coauthor of an economic research paper on the labor market for bugs, published as a book chapter by MIT Press in 2017, and presented on the first system dynamics model of the vulnerability economy and exploit market in 2015 as part of her academic work as a visiting scholar at MIT Sloan School. Ms. Moussouris has over 20 years of pioneering leadership in information security, including working as a former penetration tester at @stake; creating Microsoft Vulnerability Research, the first MS Bug bounties; and advising the U.S. Department of Defense for years, resulting in the launch of the Hack-the-Pentagon program. She
is also an author and coeditor of standards ISO 29147 “Vulnerability Disclosure” and ISO 30111 “Vulnerability Handling Processes.”
ANDREW MYERS is a professor in the Department of Computer Science at Cornell University in Ithaca, New York. Dr. Myers’s research interests include computer security, programming languages, and distributed and persistent programming systems. His work on computer security has focused on practical, sound, and expressive languages and systems for enforcing information security. The Jif programming language makes it possible to write programs that the compiler ensures are secure, and the Fabric system extends this approach to distributed programming. The Polyglot extensible compiler framework has been widely used for programming language research. Dr. Myers is an Association of Computing Machinery fellow. He has received awards for papers appearing in POPL’99, SOSP’01, SOSP’07, CIDR’13, PLDI’13, and PLDI’15. He is the current editor-in-chief for ACM Transactions on Programming Languages and Systems (TOPLAS).
AUDREY L. PLONK is a seasoned public policy professional with 13 years of experience working at the intersection of high technology, public policy, and business strategy. As a senior director of public policy at Intel Corporation, Ms. Plonk leads a global team of policy experts focused on connectivity, data, artificial intelligence, and autonomous driving policy issues. She also specializes in China cyber policy and advises Intel business and product teams on China strategy. Prior to joining Intel in 2008, Ms. Plonk worked for the Organisation for Economic Co-operation and Development (OECD) based in Paris. Ms. Plonk led OECD’s security policy work on critical information infrastructure protection and malware. In that role, she also served as liaison to the Asia-Pacific Economic Cooperation Telecommunications and Information Working Group, the International Telecommunication Union, and the Internet Governance Forum. From 2003 to 2006, Ms. Plonk worked as a consultant for the U.S. Department of Homeland Security’s National Cyber Security Division, primarily focusing on international cybersecurity policy issues in its International Affairs Division. She attended George
Washington University in Washington, D.C., and received her B.A. in international affairs with a focus on the European Union and received a double minor in French and dance.
MARK RYLAND is the director of the Chief Information Security Office for Amazon Web Services (AWS). Mr. Ryland leads a team of cloud security experts who interface with customers, partners, and international stakeholders around security in the AWS cloud and information security more generally. He previously worked as the chief architect for the World Wide Public Sector at AWS. Prior to working for AWS, Mr. Ryland worked for Microsoft as a principal program manager within the Identity and Security component of the Business Online Productivity Group.
ARI SCHWARTZ is managing director of cybersecurity services at Venable. Mr. Schwartz directs the firm’s cybersecurity consulting services, assisting organizations with understanding and developing risk management strategies, including implementation of the Cybersecurity Framework and other planning tools to help minimize risk. Previously, Mr. Schwartz served at the White House National Security Council as special assistant to the president and senior director for cybersecurity, where he led legislative and policy outreach to businesses, trade groups, and others. Before his work at the White House, Mr. Schwartz led the Department of Commerce’s Internet Policy Task Force, worked at the National Institute of Standards and Technology, and served for 12 years at the Center for Democracy and Technology.
PAUL WALLER has worked in cryptography and hardware security since graduating with a degree in mathematics in 2001. He has represented the United Kingdom’s National Cyber Security Centre and its predecessor organization in various standards bodies, including the Trusted Computing Group, Global Platform, and FIDO. His current role as technical director for platform security research allows him to spend time with academic and industry partners learning what the future holds for security technology and also to help user communities take advantage of new features.
OTHER RECENT REPORTS OF THE COMPUTER SCIENCE AND TELECOMMUNICATIONS BOARD
Quantum Computing: Progress and Prospects (2019)
Data Science for Undergraduates: Opportunities and Options (2018)
Decrypting the Encryption Debate: A Framework for Decision Makers (2018)
Opportunities from the Integration of Simulation and Data Science: Proceedings of a Workshop (2018)
Recoverability as a First-Class Security Objective: Proceedings of a Workshop (2018)
Securing the Vote: Protecting American Democracy (2018)
Assessing and Responding to the Growth of Computer Science Undergraduate Enrollments (2017)
Cryptographic Agility and Interoperability: Proceedings of a Workshop (2017)
Emergency Alert and Warning Systems: Current Knowledge and Future Directions (2017)
Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions (2017)
Information Technology and the U.S. Workforce: Where Are We and Where Do We Go from Here? (2017)
Software Update as a Mechanism for Resilience and Security: Proceedings of a Workshop (2017)
A 21st Century Cyber-Physical Systems Education (2016)
Continuing Innovation in Information Technology: Workshop Report (2016)
Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop (2016)
Exploring Encryption and Potential Mechanisms for Authorized Government Access to Plaintext: Proceedings of a Workshop (2016)
Future Directions for NSF Advanced Computing Infrastructure to Support U.S. Science and Engineering in 2017-2020 (2016)
Privacy Research and Best Practices: Summary of a Workshop for the Intelligence Community (2016)
Bulk Collection of Signals Intelligence: Technical Options (2015)
Cybersecurity Dilemmas: Technology, Policy, and Incentives: Summary of Discussions at the 2014 Raymond and Beverly Sackler U.S.-U.K. Scientific Forum (2015)
Interim Report on 21st Century Cyber-Physical Systems Education (2015)
A Review of the Next Generation Air Transportation System: Implications and Importance of System Architecture (2015)
Telecommunications Research and Engineering at the Communications Technology Laboratory of the Department of Commerce: Meeting the Nation’s Telecommunications Needs (2015)
Telecommunications Research and Engineering at the Institute for Telecommunication Sciences of the Department of Commerce: Meeting the Nation’s Telecommunications Needs (2015)
At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues (2014)
Future Directions for NSF Advanced Computing Infrastructure to Support U.S. Science and Engineering in 2017-2020: An Interim Report (2014)
LLimited copies of CSTB reports are available free of charge from:
Computer Science and Telecommunications Board
National Academies of Sciences, Engineering, and Medicine Keck
Center of the National Academies
500 Fifth Street, NW, Washington, DC 20001