Governing Board

Arun Gupta is vice president and general manager of Open Ecosystem Initiatives at Intel Corporation. He is an open source strategist, advocate, and practitioner for nearly two decades. He has taken companies such as Apple, Amazon, and Sun Microsystems through systemic changes to embrace open source principles, contribute and collaborate effectively. As an elected chair of the Cloud Native Computing Foundation (CNCF) Governing Board, Arun works with CNCF leadership and member companies to grow cloud native ecosystem. He has delivered technical talks in 45+ countries, authored multiple books, and is a Docker Captain, Java Champion, and Java User Group leader. He also founded the Devoxx4Kids chapter in the U.S. and continues to promote technology education among children. Arun holds two patents on using XML and XSL for an efficient generation of test reports. Arun is an avid runner, and is easily accessible at @arungupta on Twitter.

Brian is Co-founer and Chief Technology Officer at Sonatype. He has extensive open source experience as a member of the Apache Software Foundation and former Chair of the Apache Maven project. Brian was a direct contributor to the Maven ecosystem, including the maven-dependency-plugin and maven-enforcer-plugin. He has over 20 years of experience driving the vision behind, as well as developing and leading the development of software for organizations ranging from startups to large enterprises. Brian is a frequent speaker at national and regional events including Java User Groups and other development related conferences.

Declan is the VP of Security Architecture, IAM and Application Security at Morgan Stanley.

With two decades of experience in Information Security and Compliance, Emilio has worked at large enterprises, medium-sized companies, and governmental organizations. Previously, Emilio served as the VP of Information Security for Hulu, where he played a pivotal role in setting up key security functions. Prior to that, Emilio worked for PlayStation, where he built and ran the software security teams. Emilio’s unique approach to security and compliance has always prioritized partnerships and people—hiring the right talent to build the processes, procedures, and technologies that unite Security, Engineering, and Operations teams. Emilio holds a bachelor’s degree in Computer Science from the University of Puerto Rico.

Eric Brewer is professor emeritus of computer science at the University of California, Berkeley and vice-president of infrastructure at Google. His research interests include operating systems and distributed computing. He is known for formulating the CAP theorem about distributed network applications in the late 1990s.

Graham is the Managing Director, Cybersecurity & Technology Controls at JPMorgan Chase & Co.

Ian holds the position of Chief Engineer for Lockheed Martin Software Factory and specializes in DevSecOps and full stack engineering. He is responsible for technical direction for repeatable development processes and tooling that is leveraged across Lockheed Martin to expedite software delivery. As part of this software delivery, his team develops Software Bill of Materials tooling and Attestation processes to be compliant with White House Executive Order 14028. These areas of focus have led to involvement in the Security Tooling WG, SBOM Everywhere SIG, and SBOMit project.

Jamie Thomas has a history of setting innovation agendas that provide business solutions to clients worldwide. She has extensive organizational experience with R&D and client support transformation. She currently serves as General Manager, IBM Technology Lifecycle Services and IBM Enterprise Security.

In this role, Jamie oversees IBM Technology Lifecycle Services including the delivery of client support and services, providing clients with predictive, preventative, and technical support solutions focused on IBM Logo as well as multi-vendor infrastructure support. Jamie’s team partners with worldwide, leading technology providers to provide exceptional compute, storage and networking capability. She serves all of IBM as leader of the IBM Enterprise Security team, which protects IBM and IBM’s clients in an ever-changing and challenging cybersecurity environment by driving security and privacy by design into all of IBM’s offerings and providing industry regulatory and compliance leadership. Jamie serves as the board chair for the Open Source Security Foundation (OpenSSF), focused on addressing hardware and software open-source supply chain security.

Jinguo Cui serves as a leader of open source security and infrastructure strategies and ecosystem development in Huawei. He devotes long-term efforts to the software development, planning and software supply chain security. He is also an executive member of CCF Open Source Development Committee and AII Open Source SIG.

John is the Global CTO of Dell Technologies. Previously he was Global CTO DellEMC, Global CTO EMC Corporation, SVP/GM Huawei, Global CTO of Nortel, Enterasys and Cabletron Systems and Broadcom ENG.

Justin Cappos is an associate professor at NYU’s Tandon School of Engineering.  He has worked in software supply chain for 2 decades and is the creator of the Linux Foundation projects TUF, in-toto, Uptane, SBOMit, and gittuf. Justin’s research philosophy focuses on improving real world systems, often by addressing issues that arise in practical deployments. Justin’s research philosophy focuses on improving real world systems, often by addressing issues that arise in practical deployments.

His dissertation work was on Stork, the first package manager designed for environments that use operating system virtualization, such as cloud computing. Improvements in Stork, particularly relating to security, have been widely adopted and are used on the majority of Linux systems via integrations into Apt, YUM, YaST, and Pacman. His later research advances have been adopted into production use including by Microsoft, IBM, VMware, Cloudflare, Docker, RedHat, ControlPlane, Datadog, and git, as well as a substantial percentage of automobiles.  More information is available

Kelly leads design and implementation of training, tooling, and processes as a cloud infrastructure security engineer at Apple. She combines decades of work spanning intelligence and investigations, software development, and penetration testing with a passion for empathetic engagement and honest communication to holistically reduce risk across the software development lifecycle. Kelly spent years intervening in illegal poaching operations aboard Sea Shepherd ships, working with confidential sources and evading high-tech tracking by nation-state actors, whalers in Antarctica, and pirates in Somali waters. She misses ocean sunsets, but relishes a life without seasickness.

Mark Russinovich is Chief Technology Officer of Microsoft Azure, where he oversees the technical strategy and architecture of Microsoft’s cloud computing platform. He is a widely recognized expert in distributed systems, operating system internals, and cybersecurity. He is the author of the Jeff Aiken cyberthriller novels, Zero Day, Trojan Horse, and Rogue Code, and co-author of the Microsoft Press Windows Internals books. Russinovich joined Microsoft in 2006 when Microsoft acquired Winternals Software, the company he cofounded in 1996, as well as Sysinternals, where he authors and publishes dozens of popular Windows administration and diagnostic utilities. He is a featured speaker at major industry conferences, including Microsoft Ignite, Microsoft //build, RSA Conference, and more.

Mark works for the Chief Information Security Officer of AWS, leading a team of cloud security experts who interface with customers, partners, and internal stakeholders around security in the AWS cloud, and information security more generally.

Michael Lieberman is co-founder and CTO of Kusari. His passion is in applying his expertise to use cases where privacy and security are paramount. Mostly recently he has been focused on work within the software supply chain security space. He is also highly committed to open-source, having co-created projects like GUAC and FRSCA, along with having co-lead white papers like the CNCF’s Secure Software Factory Reference Architecture. He is an OpenSSF SLSA steering committee member, tech lead for the CNCF Security Technical Advisory Group (STAG), and formerly co-chaired the CNCF FinServ User Group. His career has led him from startups to multinational financial institutions and everything in between.

Mike Linksvayer is Vice President of Developer Policy at GitHub, leading the company’s efforts to advocate for developers globally, including by helping policymakers understand and foster open source collaboration. Mike has worked in the “open” space for two decades, including previously as VP and CTO of Creative Commons. Mike began his career as a Web 1.0 developer.

Per Beming is Vice President and Head of Standards & Industry Initiatives based in Stockholm and reporting to Ericsson Group CTO. In this capacity he drives the technology leadership work in Standardization, and industry initiatives, including open source, for the Ericsson Group. In previous roles Beming was responsible for Radio’s 5G program targeting 5G RAN products and demos, in addition to driving the architecture at Business Area Networks. Beming has been Director of RBS Systems at Development Unit Radio, Business Unit Networks. Beming has also held a role of Expert in Radio Access Architecture at Ericsson Research and being the head of Ericsson’s delegation to 3GPP RAN for WCDMA, HSPA and LTE standardization. Beming joined Ericsson Research in 1994 and holds an M.Sc. in Applied Physics and Electrical Engineering (1994).

Scott Schenkein is the lead engineer for Capital One’s cybersecurity practice.  He has experience leading engineering organizations across retail, finance, and cyber security.  His specializations include data engineering, cloud, cryptography, devops, mentoring, and enterprise collaboration best practices.  Outside of work, Scott enjoys time with family, is an avid musician, and enjoys cycling and hiking.

Tracy is a recognized authority in software supply chain security and DevSecOps, with expertise in managing complex, decoupled architectures. She serves on the OpenSSF Governing Board as a General Member Representative and on the Technology Oversight Committee at the Continuous Delivery Foundation (CDF). Earlier in her career, she was a founding Board Member of the Eclipse Foundation, collaborating with IBM to foster its ecosystem.

Named one of TechBeacon’s Top 100 DevOps Visionaries, Tracy is a sought-after speaker at prominent industry events such as CDCon, Open Source Summit, and TechStrong TV. She hosts TechStrong Women TV, highlighting the accomplishments of women in technology, and frequently contributes to expert panels for organizations like JFrog, TechStrong, and the Linux Foundation. Her insights have been featured in various technical publications focusing on DevOps and open-source security.

Before her current role, Tracy was the COO and co-founder of OpenMake Software, a build acceleration and audit tool adopted by over 400 enterprise development teams. She was also recognized as a Women in Technology (WIT) Honoree for her significant contributions to the DevOps field.

Vincent Danen is the Vice President of Product Security at Red Hat, which is responsible for security and compliance activities for all Red Hat products and services. Vincent has been involved with open source and software security for over 20 years, leading security teams and participating in open source communities and development.