Governing Board

Adrian Ludwig is the Chief Trust Officer at Atlassian. He is responsible for Atlassian’s security, risk & compliance and privacy practices. Adrian joined the company in May 2018 and previously held the role of Chief Information Security Officer where he oversaw Atlassian’s security team and initiatives. Prior to joining Atlassian, Adrian held a number of leadership positions where he was in charge of building out security capabilities at Nest, Macromedia, Adobe, and Android (Google).

Andrew is a seasoned web application security specialist and enterprise security architect. He is the Executive Director at OWASP, taking the Foundation through organizational change and taking our mission to the next level. Andrew has worked in the IT industry for over 25 years. Andrew has researched and developed the web application security and architecture fields since 1998.

Bob Callaway is the technical lead and manager of the supply chain integrity group in Google’s Open Source Security Team. He and his team directly contribute to critical secure supply chain projects and drive communication & adoption of best practices throughout the open source ecosystem. Bob is a member of the Technical Advisory Council for sigstore, a Linux Foundation / OpenSSF set of projects focused on improving transparency and UX of software supply chains. Before joining Google in 2021, Bob was a member of Red Hat’s Office of the CTO where he was responsible for emerging technology strategy with strategic partners (including IBM) and a principal architect at NetApp where he focused on contributions to OpenStack and storage automation projects. He holds a PhD in Computer Engineering from NC State University where he also serves as an adjunct assistant professor in the ECE department.

Brian is Co-founer and Chief Technology Officer at Sonatype. He has extensive open source experience as a member of the Apache Software Foundation and former Chair of the Apache Maven project. Brian was a direct contributor to the Maven ecosystem, including the maven-dependency-plugin and maven-enforcer-plugin. He has over 20 years of experience driving the vision behind, as well as developing and leading the development of software for organizations ranging from startups to large enterprises. Brian is a frequent speaker at national and regional events including Java User Groups and other development related conferences.

Chris Wright is senior vice president and chief technology officer (CTO) at Red Hat. Wright leads the Office of the CTO, which is responsible for incubating emerging technologies and developing forward-looking perspectives on innovations such as artificial intelligence, cloud computing, distributed storage, software defined networking and network functions virtualization, containers, automation and continuous delivery, and distributed ledger.

Clyde Rodriguez serves as Vice President of Security Engineering at Meta. He joined the company from Bank of America, where he was CTO, Cloud and Advanced Technology Group.

Eric Brewer is professor emeritus of computer science at the University of California, Berkeley and vice-president of infrastructure at Google. His research interests include operating systems and distributed computing. He is known for formulating the CAP theorem about distributed network applications in the late 1990s.

Erik sets the future direction for Ericsson’s technology leadership strategy in the areas of research and innovation. Erik’s role is to predict future technology trends so in order to help clients achieve competitive advantage with new technology. He draws upon a decades long career in technology strategy and industry activities. During his career, Erik worked in Silicon Valley, California, for seven years and this experience informs strategic decisions and investments in mobility, distributed cloud, machine intelligence and the Internet of Things.

Greg Lavender is Senior Vice President, Chief Technology Officer (CTO) and General Manager of the Software and Advanced Technology Group (SATG) at Intel Corporation. As CTO, he is responsible for driving Intel’s future technical innovation and research programs. He is also responsible for defining a singular artificial intelligence software stack to support Intel’s range of business and hardware offerings.

Guy Podjarny, or Guypo for short, is a web performance researcher and evangelist, constantly chasing the elusive instant web. Guy is the Chief Technology Officer (CTO) of Akamai’s Web Experience business unit, dealing with everything fast browsing and mobile. Guy was previously the co-founder and CTO of blaze.io, acquired by Akamai in 2012.

Ian Coldwater specializes in hacking and hardening Kubernetes, containers and cloud-native infrastructure. When they’re not busy being co-chair of Kubernetes SIG Security, they like to go roller skating, participate in Capture the Flag competitions, and eat a lot of pie. Ian lives in Minneapolis and tweets @IanColdwater.

Jamie is responsible for the strategy and development of IBM Systems, including Quantum, Power, Z and Storage systems. She sets and executes the innovation strategy for the unit and lead the development of IBM offerings, as well as the end to end client support. Jamie also manages the Enterprise Security function of IBM including the CISO office, cybersecurity and product security functions.

Jennifer Fernick is a computer scientist and the SVP & Global Head of Research at NCC Group, a major information assurance firm, and is a founding Governing Board member of the Open Source Security Foundation. Most recently, she was Director, Information Security at a large global financial institution, after a tenure as their Senior Cryptographic Security Architect. She spent four years as a PhD researcher at the University of Waterloo, as a member of the Institute for Quantum Computing and the Centre for Applied Cryptographic Research, where her research focused on cryptography & quantum algorithms. Jennifer was a part of the 2018 cohort of the Berkman Assembly at Harvard University and MIT Media Lab, and was a 2019 Technologist Fellow at the National Security Institute at George Mason University. Her career has included designing and building satellite systems, working on bleeding edge cryptography research, building secure systems at massive scale, running incident response events for core pieces of critical infrastructure, and leading the development of global technology standards. She holds a Master of Engineering degree in Systems Design Engineering from the University of Waterloo, and an Honours Bachelor of Science in Cognitive Science & Artificial Intelligence from the University of Toronto. Jennifer spent multiple years as CFP Chair of Crypto & Privacy Village at DEF CON, and has served on the review boards of venues including USENIX CSET, USENIX Enigma, USENIX WOOT, multiple NeurIPS workshops, and IEICE Transactions Japan, and regularly speaks at major technology conferences including European Conference on Machine Learning, RSA, CFI-CIRT, DEF CON, O’Reilly Artificial Intelligence, the Linux Foundation Member Summit, and Black Hat USA.

John is the Senior Vice President of Application Architecture at Fidelity.

John Heimann is Vice President, Security Program Management in Oracle’s Global Product Security organization. He leads a team responsible for defining Oracle’s software security assurance standards and processes in Oracle’s customer products and services, and for ensuring compliance with those standards and processes in Oracle development. Prior to Oracle, he worked on secure network, cryptographic, and key management research and development projects for US Defense and Intelligence Community customers. Mr. Heimann served on an advisory panel for the information assurance leadership at the US Department of Defense from 2009-2013. Mr. Heimann has an AB in Physics, cum laude, from Harvard University.

John is the Global CTO of Dell Technologies. Previously he was Global CTO DellEMC, Global CTO EMC Corporation, SVP/GM Huawei, Global CTO of Nortel, Enterasys and Cabletron Systems and Broadcom ENG.

Johnathan Hunt is the VP of Information Security at GitLab, Inc. With over 20 years in the infosec and cybersecurity space, Johnathan has worked across several verticals including SaaS, financial, telecommunications, healthcare,and more. Johnathan is particularly passionate about bug bounty, supply chain security and DevSecOps.  He has served on the advisory board for Bugcrowd and submitted and presented position papers on supply chain and devsecops at NIST workshops.  He has presented at conferences such as Blackhat and Cyber Defense, is a regular media and podcast guest, and maintains a Tech Beacon contributed article series focused on timely security topics.  He holds numerous security certifications, has a master’s degree in information systems and is completing a MBA at Harvard University.

Dr. Kai Chen, Chief Security Strategist, Strategy Department of Huawei Technologies Co., Ltd., is responsible for Huawei cybersecurity strategy development and implementation focusing on cybersecurity governance, standardization, and ecosystem development. He has over 20 years work experience in applied cryptography, information and network security technical research, standard development, policy and regulation fields; published over 20 research papers and delivered speeches in security related conferences and seminars; developed or co-developed over 10 security standards in wireless communication, DRM and trusted computing; and led several information security policy and legislation research projects. He co-founded the GCRF (Great China Regional Forum) of TCG (Trusted Computing Group) and served as co-chair of the GCRF from 2008 through 2015 driving the TPM2.0 standard development and industrialization; co-founded the China Information Security Law Conference; initiated the Cloud Security Service Management and Hybrid Cloud Security research groups at Cloud Security Alliance (CSA) and chairs the Cloud Security Service Management WG. Before joining Huawei, he worked at Microsoft, Intel China, Bell Labs Research China, and Lucent Technologies. He is the senior member of the China Computer Federation and Chinese Association for Cryptologic Research. Kai holds a Bachelor Degree in Management Engineering, Masters Degree in Computer Science, and Doctorate Degree in Cryptography.

Kit is a a passionate technologist and executive who loves solving hard technical problems while bringing new, innovation products to market.

Mark Russinovich is Chief Technology Officer of Microsoft Azure, where he oversees the technical strategy and architecture of Microsoft’s cloud computing platform. He is a widely recognized expert in distributed systems, operating system internals, and cybersecurity. He is the author of the Jeff Aiken cyberthriller novels, Zero Day, Trojan Horse, and Rogue Code, and co-author of the Microsoft Press Windows Internals books. Russinovich joined Microsoft in 2006 when Microsoft acquired Winternals Software, the company he cofounded in 1996, as well as Sysinternals, where he authors and publishes dozens of popular Windows administration and diagnostic utilities. He is a featured speaker at major industry conferences, including Microsoft Ignite, Microsoft //build, RSA Conference, and more.

Mark works for the Chief Information Security Officer of AWS, leading a team of cloud security experts who interface with customers, partners, and internal stakeholders around security in the AWS cloud, and information security more generally.

Mike is the Chief Security Officer at GitHub.

Neil is a proven technology leader with 20+ year career history of a strong delivery track record whilst maintaining a heavy focus on people and team performance in order to maintain engagement and achieve business outcomes & goals. Successful manager of large teams, spanning multiple locations and geographies across the globe.

Pedro Canahuati is the chief technology officer (CTO) of 1Password. He ensures 1Password is building robust, reliable products and services that serve the families and businesses that entrust their data to them. Prior to 1Password, Pedro spent 12 years at Facebook where he held a number of roles committed to scaling its global infrastructure and ensuring 24×7 availability by developing a new industry standard for operations @ scale named Production Engineering. Most recently, as the VP of Engineering for Security and Privacy at Facebook his role focused on protecting users and their data.

Rao Lakkakula is an Executive Director leading Application and Mobile Security Engineering groups at JPMorgan Chase. His teams focus on enabling developers to securely build their applications.  Rao has 20 years of expertise in a unique combination of security, software development, and services experience with roles spanning from strategy, engineering, risk management, and business intelligence in global Fortune 500 companies. Rao joined JPMorgan in 2018. Prior to joining JPMorgan, he was Director of Product Security for Climate Corporation, the digital farming arm of Bayer. Before that, Rao spent almost a decade at Amazon leading engineering teams in security space. He currently holds 12 US Patents and a Master of Science degree from Louisiana State University.

Stephen Chin is VP of Developer Relations at JFrog, chair of the CDF governing board, member of the CNCF governing board, and author of The Definitive Guide to Modern Client Development, Raspberry Pi with Java, Pro JavaFX Platform, and the upcoming DevOps Tools for Java Developers title from O’Reilly. He has keynoted numerous conferences around the world including swampUP, Devoxx, JNation, JavaOne, Joker, and Open Source India. Stephen is an avid motorcyclist who has done evangelism tours in Europe, Japan, and Brazil, interviewing hackers in their natural habitat. When he is not traveling, he enjoys teaching kids how to do embedded and robot programming together with his daughters.

Tracy Ragan is a well-known DevOps and SBOM evangelist. She served as a Board Member Representative for the Continuous Delivery Foundation for 3 years and was a founding Board Member of the Eclipse Foundation. She is the CEO of DeployHub and the Community Manager for Ortelius.io, an Open-Source project incubating at the Continuous Delivery foundation.

Vijoy believes there is a critical need to build large scale software that can model, deploy, configure and verify, monitor and analyze cloud / enterprise infrastructure in an intent-driven manner. He is focused on technical strategy and execution leadership for cloud-scale distributed systems, and enterprise-grade infrastructure with good grasp of the interplay between business applications and the infrastructure.