Governing Board

Adolfo is a software engineer focused on making open source more reliable and secure. His work centers on hardening the software supply chain for Kubernetes and other cloud native projects, building systems and tools that make security practical and transparent to developers. He contributes to security specifications for SBOMs, attestations, and vulnerability data, and helps maintain some of the technical initiatives within the OpenSSF.

Brian Fox, CTO and co-founder of Sonatype, is a Governing Board Member for the Fintech Open Source Foundation (FINOS), a member of the Apache Software Foundation and the Monetary Authority of Singapore Cyber and Technology Resilience Experts (CTREX) Panel, and former Chair of the Apache Maven project. Working with OpenSSF, Brian helped create The Open Source Consumption Manifesto, urging organizations to elevate awareness of open source usage. Within the Atlantic Council’s Open Source Policy Network, Brian actively helps shape cybersecurity strategy, offering valuable insights on critical documents, such as ONCD’s recent National Cyber Security Strategy. Brian has over 20 years of experience driving the vision behind, as well as developing and leading the development of software for organizations ranging from startups to large enterprises.

With two decades of experience in Information Security and Compliance, Emilio has worked at large enterprises, medium-sized companies, and governmental organizations. Previously, Emilio served as the VP of Information Security for Hulu, where he played a pivotal role in setting up key security functions. Prior to that, Emilio worked for PlayStation, where he built and ran the software security teams. Emilio’s unique approach to security and compliance has always prioritized partnerships and people—hiring the right talent to build the processes, procedures, and technologies that unite Security, Engineering, and Operations teams. Emilio holds a bachelor’s degree in Computer Science from the University of Puerto Rico.

Eric Brewer is professor emeritus of computer science at the University of California, Berkeley and vice-president of infrastructure at Google. His research interests include operating systems and distributed computing. He is known for formulating the CAP theorem about distributed network applications in the late 1990s.

Jamie Thomas has a history of setting innovation agendas that provide business solutions to clients worldwide. She has extensive organizational experience with R&D and client support transformation. She currently serves as IBM’s Chief Client Innovation Officer and the IBM Enterprise Security Executive.

Jinguo Cui serves as a leader of open source security and infrastructure strategies and ecosystem development in Huawei. He devotes long-term efforts to the software development, planning and software supply chain security. He is also an executive member of CCF Open Source Development Committee and AII Open Source SIG.

John is the Global CTO of Dell Technologies. Previously he was Global CTO DellEMC, Global CTO EMC Corporation, SVP/GM Huawei, Global CTO of Nortel, Enterasys and Cabletron Systems and Broadcom ENG.

Kelly leads design and implementation of training, tooling, and processes as a cloud infrastructure security engineer at Apple. She combines decades of work spanning intelligence and investigations, software development, and penetration testing with a passion for empathetic engagement and honest communication to holistically reduce risk across the software development lifecycle. Kelly spent years intervening in illegal poaching operations aboard Sea Shepherd ships, working with confidential sources and evading high-tech tracking by nation-state actors, whalers in Antarctica, and pirates in Somali waters. She misses ocean sunsets, but relishes a life without seasickness.

Mark Russinovich is Chief Technology Officer of Microsoft Azure, where he oversees the technical strategy and architecture of Microsoft’s cloud computing platform. He is a widely recognized expert in distributed systems, operating system internals, and cybersecurity. He is the author of the Jeff Aiken cyberthriller novels, Zero Day, Trojan Horse, and Rogue Code, and co-author of the Microsoft Press Windows Internals books. Russinovich joined Microsoft in 2006 when Microsoft acquired Winternals Software, the company he cofounded in 1996, as well as Sysinternals, where he authors and publishes dozens of popular Windows administration and diagnostic utilities. He is a featured speaker at major industry conferences, including Microsoft Ignite, Microsoft //build, RSA Conference, and more.

Mark works for the Chief Information Security Officer of AWS, leading a team of cloud security experts who interface with customers, partners, and internal stakeholders around security in the AWS cloud, and information security more generally.

Megan is a maintainer of the OpenSSF Global Cyber Policy Workgroup, leading the Awareness work stream, working with open source projects, enterprises, and foundations to raise understanding of the EU Cyber Resilience Act (CRA) and its impact on the ecosystem. We collaborate as a community to develop educational resources and tooling, coordinating with LF Europe, and engaging directly with the European Commission to provide community-informed feedback that influences standards and policy.

In her role as Director of Software Communities at Arm, she leads upstream engagement across major open source ecosystems, aligning business and community objectives to strengthen long-term sustainability. She also serves as Board Member & Advocacy Chair for the Yocto Project, UXL Foundation Steering Committee Member and OSPO SIG Lead, and Board Member for the Zephyr Project, bringing extensive governance and cross-foundation leadership experience.

Having previously worked with AWS and the Linux Foundation, Megan understands the intersection of policy, enterprise, and open collaboration.

Megan aims to represent general members by promoting transparency, inclusivity, and measurable progress in global open source security.

Michael Lieberman is co-founder and CTO of Kusari. His passion is in applying his expertise to use cases where privacy and security are paramount. Mostly recently he has been focused on work within the software supply chain security space. He is also highly committed to open-source, having co-created projects like GUAC and FRSCA, along with having co-lead white papers like the CNCF’s Secure Software Factory Reference Architecture. He is an OpenSSF SLSA steering committee member, tech lead for the CNCF Security Technical Advisory Group (STAG), and formerly co-chaired the CNCF FinServ User Group. His career has led him from startups to multinational financial institutions and everything in between.

Per Beming is Vice President and Head of Standards & Industry Initiatives based in Stockholm and reporting to Ericsson Group CTO. In this capacity he drives the technology leadership work in Standardization, and industry initiatives, including open source, for the Ericsson Group. In previous roles Beming was responsible for Radio’s 5G program targeting 5G RAN products and demos, in addition to driving the architecture at Business Area Networks. Beming has been Director of RBS Systems at Development Unit Radio, Business Unit Networks. Beming has also held a role of Expert in Radio Access Architecture at Ericsson Research and being the head of Ericsson’s delegation to 3GPP RAN for WCDMA, HSPA and LTE standardization. Beming joined Ericsson Research in 1994 and holds an M.Sc. in Applied Physics and Electrical Engineering (1994).

Executive Director – Cloud, Platform Security and Developer Enablement

Roy Crowder is a cybersecurity leader with over two decades of experience protecting some of the world’s most complex digital environments. As head of Developer Enablement at Morgan Stanley, he leads a global development team focused on building secure, scalable systems that detect and defend against cyber threats.

Roy is the inventor of a patented cybersecurity control framework and has spearheaded innovations such as a cloud-native threat detection platform and AI-powered automation to improve response times and reduce risk. He also champions diversity in tech, developing programs to recruit and mentor the next generation of cybersecurity talent.

With a career grounded in engineering and a vision for a safer digital future, Roy brings a unique blend of technical expertise, strategic thinking, and leadership to every challenge he tackles.

Scott Schenkein is the lead engineer for Capital One’s cybersecurity practice.  He has experience leading engineering organizations across retail, finance, and cyber security.  His specializations include data engineering, cloud, cryptography, devops, mentoring, and enterprise collaboration best practices.  Outside of work, Scott enjoys time with family, is an avid musician, and enjoys cycling and hiking.

Vincent Danen is the Vice President of Product Security at Red Hat, which is responsible for security and compliance activities for all Red Hat products and services. Vincent has been involved with open source and software security for over 20 years, leading security teams and participating in open source communities and development.

Xavier René-Corail is the Senior Director of the GitHub Security Lab. His mission is to inspire the open source community, security researchers, and developers to secure open source software through better security practices. Prior to GitHub, Xavier was the Head of Developer Advocacy at Semmle, acquired by GitHub in 2019, and an engineering manager at Murex, where he drove the deployment of development best practices including XP, TDD, Agile, DevOps, open source policy, and secure coding.

Stephen is a Black engineering and community leader in open source, based in New York City.

He currently works as a Technical Architect in the Office of the CTO at Bloomberg.

Stephen participates in project-level steering committees (Kubernetes, OpenSSF Scorecard, TODO Group) and helps maintain a few codebases around open source projects you may have heard of.

Additionally, he serves as an advisor and investor for startups in the open source ecosystem.

Within the Open Source Security Foundation (OpenSSF), he is a member of the Technical Advisory Council, which governs the foundation’s technical initiatives. He is also a maintainer of OpenSSF Scorecard, a project that helps assess the security posture of open source projects.

For Kubernetes, Stephen serves as a Steering Committee member and a chair of SIG Release. He has co-founded transformational elements of the project, including the KEP (Kubernetes Enhancements Proposal) process, the Release Engineering subproject, and Working Group Naming. He has previously served as a chair of both SIG PM and SIG Azure.

Across the wider Cloud Native Computing Foundation (CNCF) ecosystem, he is a former TAG Contributor Strategy Chair, Dex maintainer, and Program Chair for KubeCon / CloudNativeCon, the cloud native community’s flagship conference.

Stephen is a prolific contributor to CNCF projects, and is amongst the top 100 (as of writing) code/content committers since the inception of the foundation.

In 2020, Stephen co-founded the Inclusive Naming Initiative, a cross-industry group dedicated to helping projects and companies make consistent, responsible choices to remove harmful language across codebases, standards, and documentation.

He was previously Head of Open Source at Cisco and has held positions at VMware (via Heptio), Red Hat, and CoreOS. He has also participated in foundation-level governing boards (OpenSSF, CNCF, OpenAPI Initiative).