Skip to main content

Adrian Ludwig

Chief Trust Officer, Atlassian

Adrian Ludwig is the Chief Trust Officer at Atlassian. He is responsible for Atlassian’s security, risk & compliance and privacy practices. Adrian joined the company in May 2018 and previously held the role of Chief Information Security Officer where he oversaw Atlassian’s security team and initiatives. Prior to joining Atlassian, Adrian held a number of leadership positions where he was in charge of building out security capabilities at Nest, Macromedia, Adobe, and Android (Google).

Read More

Andrew Van Der Stock

Executive Director, OWASP Foundation

Andrew is a seasoned web application security specialist and enterprise security architect. He is the Executive Director at OWASP, taking the Foundation through organizational change and taking our mission to the next level. Andrew has worked in the IT industry for over 25 years. Andrew has researched and developed the web application security and architecture fields since 1998.

Read More

Arun Gupta

Vice President and General Manager, Open Ecosystem Initiatives, Intel Corporation

Arun Gupta is vice president and general manager of Open Ecosystem Initiatives at Intel Corporation. He is an open source strategist, advocate, and practitioner for nearly two decades. He has taken companies such as Apple, Amazon, and Sun Microsystems through systemic changes to embrace open source principles, contribute and collaborate effectively. As an elected chair of the Cloud Native Computing Foundation (CNCF) Governing Board, Arun works with CNCF leadership and member companies to grow cloud native ecosystem. He has delivered technical talks in 45+ countries, authored multiple books, and is a Docker Captain, Java Champion, and Java User Group leader. He also founded the Devoxx4Kids chapter in the U.S. and continues to promote technology education among children. Arun holds two patents on using XML and XSL for an efficient generation of test reports. Arun is an avid runner, and is easily accessible at @arungupta on Twitter.

Read More

Bob Callaway (TAC Chair)

Tech Lead & Manager, Google Open Source Security Team

Bob is the tech lead & manager of the supply chain integrity group in Google's Open Source Security Team. He and his team directly contribute to critical OSS secure software supply chain projects (including sigstore that he co-founded), as well as help drive adoption of best practices throughout the broader open source ecosystem.

Read More

Brian Fox

CTO, Sonatype

Brian is Co-founder and Chief Technology Officer at Sonatype. He has extensive open source experience as a member of the Apache Software Foundation and former Chair of the Apache Maven project. Brian was a direct contributor to the Maven ecosystem, including the maven-dependency-plugin and maven-enforcer-plugin. He has over 20 years of experience driving the vision behind, as well as developing and leading the development of software for organizations ranging from startups to large enterprises. Brian is a frequent speaker at national and regional events including Java User Groups and other development related conferences.

Read More

Clyde Rodriguez

Vice President of Engineering, Meta

Clyde Rodriguez serves as Vice President of Security Engineering at Meta. He joined the company from Bank of America, where he was CTO, Cloud and Advanced Technology Group.

Read More

Declan O’Donovan

VP, Security Architecture, IAM and Application Security, Morgan Stanley

Declan is the VP of Security Architecture, IAM and Application Security at Morgan Stanley.

Read More

Eric Brewer

VP of Infrastructure & Google Fellow, Google

Eric Brewer is professor emeritus of computer science at the University of California, Berkeley and vice-president of infrastructure at Google. His research interests include operating systems and distributed computing. He is known for formulating the CAP theorem about distributed network applications in the late 1990s.

Read More

Gareth Rushgrove

VP of Product, Snyk

Gareth Rushgrove is VP of Product at Snyk, focused on Application Security. He previously worked for the UK Government Cabinet Office, focused on infrastructure, operations and information security, and served on the UK Open Standard board. He has also worked in engineering at Puppet and product management at Docker, as well as being an active contributor, creator and maintainer of a long list of open source projects. When not working he can be found curating the Devops Weekly newsletter, hiking or reading a good book.

Read More

Ian Coldwater

Security Community Individual Representative

Ian Coldwater specializes in hacking and hardening Kubernetes, containers and cloud-native infrastructure. When they're not busy being co-chair of Kubernetes SIG Security, they like to go roller skating, participate in Capture the Flag competitions, and eat a lot of pie. Ian lives in Minneapolis and tweets @IanColdwater.

Read More

Jamie Thomas

OpenSSF Board Chair and General Manager, Systems Strategy and Development, IBM

Jamie is responsible for the strategy and development of IBM Systems, including Quantum, Power, Z and Storage systems. She sets and executes the innovation strategy for the unit and lead the development of IBM offerings, as well as the end to end client support. Jamie also manages the Enterprise Security function of IBM including the CISO office, cybersecurity and product security functions.

Read More

Jennifer Fernick

NCC Group

Jennifer Fernick is a computer scientist and the SVP & Global Head of Research at NCC Group, a major information assurance firm, and is a founding Governing Board member of the Open Source Security Foundation. Most recently, she was Director, Information Security at a large global financial institution, after a tenure as their Senior Cryptographic Security Architect.

Read More

Jinguo Cui

Executive Director of Open Source Security and Infrastructure, Huawei

Jinguo Cui serves as a leader of open source security and infrastructure strategies and ecosystem development in Huawei. He devotes long-term efforts to the software development, planning and software supply chain security. He is also an executive member of CCF Open Source Development Committee and AII Open Source SIG.

Read More

John Heimann

Vice President, Security Programs, Oracle

John Heimann is Vice President, Security Program Management in Oracle's Global Product Security organization. He leads a team responsible for defining Oracle's software security assurance standards and processes in Oracle's customer products and services, and for ensuring compliance with those standards and processes in Oracle development.

Read More

John Roese

Global Chief Technology Officer Products and Operations, Dell Technologies

John is the Global CTO of Dell Technologies. Previously he was Global CTO DellEMC, Global CTO EMC Corporation, SVP/GM Huawei, Global CTO of Nortel, Enterasys and Cabletron Systems and Broadcom ENG.

Read More

Jonathan Meadows

Head of Cloud Cybersecurity Engineering and Software Supply Chain Security at Citibank

Jonathan has extensive software engineering experience in the financial services industry coupled with an in-depth knowledge of Cybersecurity. He is working closely with other industry leaders in the field of Software Supply Chain Security. He is a keen advocate of DevSecOps culture with heavy use of threat modelling, codified security controls and automated security testing. Jonathan also started the CNCF Financial Services user group and ran their recent Kubernetes Threat Model project. He actively contributes to the community as board member for the Open Source Security Foundation (OSSF), he is the creator of the CNCF Software Supply Chain Working Group and is the co-author of the CNCF Supply Chain best practices. His current role at Citibank coupled with being a Citi Tech Fellow means that Jonathan is at the forefront of cloud native technology for the bank as he collaborates with peers in other organisations to push the industry forward.

Read More

Kit Colbert

Chief Technology Officer, VMware

Kit is a a passionate technologist and executive who loves solving hard technical problems while bringing new, innovation products to market.

Read More

Mark Russinovich

Azure CTO and Technical Fellow, Microsoft

Mark Russinovich is Chief Technology Officer of Microsoft Azure, where he oversees the technical strategy and architecture of Microsoft’s cloud computing platform. He is a widely recognized expert in distributed systems, operating system internals, and cybersecurity. He is the author of the Jeff Aiken cyberthriller novels, Zero Day, Trojan Horse, and Rogue Code, and co-author of the Microsoft Press Windows Internals books.

Read More

Mark Ryland

Director, Office of the CISO AWS Security

Mark works for the Chief Information Security Officer of AWS, leading a team of cloud security experts who interface with customers, partners, and internal stakeholders around security in the AWS cloud, and information security more generally.

Read More

Mike Hanley

Chief Security Officer, GitHub

Mike is the Chief Security Officer at GitHub.

Read More

Per Beming

VP and Head of Standards & Industry Initiatives

Per Beming is Vice President and Head of Standards & Industry Initiatives based in Stockholm and reporting to Ericsson Group CTO. In this capacity he drives the technology leadership work in Standardization, and industry initiatives, including open source, for the Ericsson Group. In previous roles Beming was responsible for Radio’s 5G program targeting 5G RAN products and demos, in addition to driving the architecture at Business Area Networks. Beming has been Director of RBS Systems at Development Unit Radio, Business Unit Networks. Beming has also held a role of Expert in Radio Access Architecture at Ericsson Research and being the head of Ericsson’s delegation to 3GPP RAN for WCDMA, HSPA and LTE standardization. Beming joined Ericsson Research in 1994 and holds an M.Sc. in Applied Physics and Electrical Engineering (1994).

Read More

Rao Lakkakula

JPMorgan Chase

Rao Lakkakula is an Executive Director leading Application and Mobile Security Engineering groups at JPMorgan Chase. His teams focus on enabling developers to securely build their applications. Rao has 20 years of expertise in a unique combination of security, software development, and services experience with roles spanning from strategy, engineering, risk management, and business intelligence in global Fortune 500 companies.

Read More

Scott Roberts

Cloud CISO, Coinbase

Scott Roberts is the CISO for Coinbase Cloud, the gateway to Web3 for both developers and users at Coinbase. Scott joined Cloud in March of 2022 to lead the security, risk, compliance and privacy practices. He previously held the role of Director of Android and Pixel Security Assurance at Google where he was responsible for securing one of the largest and most widely used open source projects in the world, with over three billion users. Prior to joining Google, Scott held product leadership roles at Amazon Web Services and Microsoft, including leadership roles in the Microsoft Security Response Center (MSRC) and within the Microsoft Security Development Lifecycle (SDL) program.

Read More

Stephen Augustus

Head of Open Source, Cisco

Stephen is the Head of Open Source at Cisco, working within the Strategy, Incubation, & Applications (SIA) organization. Across the wider LF (Linux Foundation) ecosystem, Stephen has the pleasure of serving as a member of the OpenSSF Governing Board, the Kubernetes Steering Committee, and the TODO Group Steering Committee. Previously, he was one of the Program Chairs for KubeCon / CloudNativeCon, the cloud native community’s flagship conference. He is currently a Chair for Kubernetes' SIG Release, and a maintainer for the Scorecard and Dex projects. In 2020, Stephen co-founded the Inclusive Naming Initiative, a cross-industry group dedicated to helping projects and companies make consistent, responsible choices to remove harmful language across codebases, standards, and documentation. He has previously held positions at VMware (via Heptio), Red Hat, and CoreOS. Stephen is based in New York City.

Read More

Stephen Chin

VP of Developer Relations, JFrog

Stephen Chin is VP of Developer Relations at JFrog, chair of the CDF governing board, member of the CNCF governing board, and author of The Definitive Guide to Modern Client Development, Raspberry Pi with Java, Pro JavaFX Platform, and the upcoming DevOps Tools for Java Developers title from O'Reilly. He has keynoted numerous conferences around the world including swampUP, Devoxx, JNation, JavaOne, Joker, and Open Source India. Stephen is an avid motorcyclist who has done evangelism tours in Europe, Japan, and Brazil, interviewing hackers in their natural habitat. When he is not traveling, he enjoys teaching kids how to do embedded and robot programming together with his daughters.

Read More

Subha Tatavarti

CTO, Wipro

Subha has over two decades of rich experience in the IT Industry spanning across product development, delivery, lifecycle management, cloud computing services, data technology and analytics. Subha joined Wipro from Walmart, where she led product, technology development and commercialization of Enterprise Infrastructure along with Security, Data Science and Edge platforms. Prior to Walmart, Subha headed the Product, Data & Infrastructure Platform, at PayPal. Her focus was to drive transformation through scalable, API-driven interoperable platforms. Her portfolio of products included Machine Learning/ Artificial Intelligence (ML/AI) platforms powered by Notebooks, Data Integration platform, Data Catalog and Data ALM.

Read More

Tracy Ragan

CEO and Co-Founder, DeployHub

Tracy Ragan is a well-known DevOps and SBOM evangelist. She served as a Board Member Representative for the Continuous Delivery Foundation for 3 years and was a founding Board Member of the Eclipse Foundation. She is the CEO of DeployHub and the Community Manager for, an Open-Source project incubating at the Continuous Delivery foundation.

Read More

Vincent Danen

Vice President of Product Security, Red Hat

Vincent Danen is the Vice President of Product Security at Red Hat, which is responsible for security and compliance activities for all Red Hat products and service. Vincent has been involved with open source and software security for over 20 years, leading security teams and participating in open source communities and development.

Read More