Governing Board

Andrew is a seasoned web application security specialist and enterprise security architect. He is the Executive Director at OWASP, taking the Foundation through organizational change and taking our mission to the next level. Andrew has worked in the IT industry for over 25 years. Andrew has researched and developed the web application security and architecture fields since 1998.

Arun Gupta is vice president and general manager of Open Ecosystem Initiatives at Intel Corporation. He is an open source strategist, advocate, and practitioner for nearly two decades. He has taken companies such as Apple, Amazon, and Sun Microsystems through systemic changes to embrace open source principles, contribute and collaborate effectively. As an elected chair of the Cloud Native Computing Foundation (CNCF) Governing Board, Arun works with CNCF leadership and member companies to grow cloud native ecosystem. He has delivered technical talks in 45+ countries, authored multiple books, and is a Docker Captain, Java Champion, and Java User Group leader. He also founded the Devoxx4Kids chapter in the U.S. and continues to promote technology education among children. Arun holds two patents on using XML and XSL for an efficient generation of test reports. Arun is an avid runner, and is easily accessible at @arungupta on Twitter.

Brian is Co-founer and Chief Technology Officer at Sonatype. He has extensive open source experience as a member of the Apache Software Foundation and former Chair of the Apache Maven project. Brian was a direct contributor to the Maven ecosystem, including the maven-dependency-plugin and maven-enforcer-plugin. He has over 20 years of experience driving the vision behind, as well as developing and leading the development of software for organizations ranging from startups to large enterprises. Brian is a frequent speaker at national and regional events including Java User Groups and other development related conferences.

Christopher Robinson (aka CRob) is the Director of Security Communications at Intel Product Assurance and Security. With 25 years of Enterprise-class engineering, architectural, operational and leadership experience, Chris has worked at several Fortune 500 companies with experience in the Financial, Medical, Legal, and Manufacturing verticals, and spent 6 years helping lead the Red Hat Product Security team as their Program Architect.

Declan is the VP of Security Architecture, IAM and Application Security at Morgan Stanley.

Eric Brewer is professor emeritus of computer science at the University of California, Berkeley and vice-president of infrastructure at Google. His research interests include operating systems and distributed computing. He is known for formulating the CAP theorem about distributed network applications in the late 1990s.

Jamie Thomas has a history of setting innovation agendas that provide business solutions to clients worldwide. She has extensive organizational experience with R&D and client support transformation. She currently serves as General Manager, IBM Technology Lifecycle Services and IBM Enterprise Security.

In this role, Jamie oversees IBM Technology Lifecycle Services including the delivery of client support and services, providing clients with predictive, preventative, and technical support solutions focused on IBM Logo as well as multi-vendor infrastructure support. Jamie’s team partners with worldwide, leading technology providers to provide exceptional compute, storage and networking capability. She serves all of IBM as leader of the IBM Enterprise Security team, which protects IBM and IBM’s clients in an ever-changing and challenging cybersecurity environment by driving security and privacy by design into all of IBM’s offerings and providing industry regulatory and compliance leadership. Jamie serves as the board chair for the Open Source Security Foundation (OpenSSF), focused on addressing hardware and software open-source supply chain security.

Jinguo Cui serves as a leader of open source security and infrastructure strategies and ecosystem development in Huawei. He devotes long-term efforts to the software development, planning and software supply chain security. He is also an executive member of CCF Open Source Development Committee and AII Open Source SIG.

John Heimann is Vice President, Security Program Management in Oracle’s Global Product Security organization. He leads a team responsible for defining Oracle’s software security assurance standards and processes in Oracle’s customer products and services, and for ensuring compliance with those standards and processes in Oracle development. Prior to Oracle, he worked on secure network, cryptographic, and key management research and development projects for US Defense and Intelligence Community customers. Mr. Heimann served on an advisory panel for the information assurance leadership at the US Department of Defense from 2009-2013. Mr. Heimann has an AB in Physics, cum laude, from Harvard University.

John is the Global CTO of Dell Technologies. Previously he was Global CTO DellEMC, Global CTO EMC Corporation, SVP/GM Huawei, Global CTO of Nortel, Enterasys and Cabletron Systems and Broadcom ENG.

Jonathan has extensive software engineering experience in the financial services industry coupled with an in-depth knowledge of Cybersecurity. He is working closely with other industry leaders in the field of Software Supply Chain Security. He is a keen advocate of DevSecOps culture with heavy use of threat modelling, codified security controls and automated security testing. Jonathan also started the CNCF Financial Services user group and ran their recent Kubernetes Threat Model project. He actively contributes to the community as board member for the Open Source Security Foundation (OSSF), he is the creator of the CNCF Software Supply Chain Working Group and is the co-author of the CNCF Supply Chain best practices. His current role at Citibank coupled with being a Citi Tech Fellow means that Jonathan is at the forefront of cloud native technology for the bank as he collaborates with peers in other organisations to push the industry forward.

Kelly leads design and implementation of training, tooling, and processes as a cloud infrastructure security engineer at Apple. She combines decades of work spanning intelligence and investigations, software development, and penetration testing with a passion for empathetic engagement and honest communication to holistically reduce risk across the software development lifecycle. Kelly spent years intervening in illegal poaching operations aboard Sea Shepherd ships, working with confidential sources and evading high-tech tracking by nation-state actors, whalers in Antarctica, and pirates in Somali waters. She misses ocean sunsets, but relishes a life without seasickness.

Luke has held numerous community roles, such as a member of the Kubernetes Security Vulnerability response team and as an elected Project Team Lead for the OpenStack Security Group. Luke is a former member of the OpenSSF TAC. He started project sigstore and is well known for building other security projects such as the Keylime project, now in the CNCF.

Mark Russinovich is Chief Technology Officer of Microsoft Azure, where he oversees the technical strategy and architecture of Microsoft’s cloud computing platform. He is a widely recognized expert in distributed systems, operating system internals, and cybersecurity. He is the author of the Jeff Aiken cyberthriller novels, Zero Day, Trojan Horse, and Rogue Code, and co-author of the Microsoft Press Windows Internals books. Russinovich joined Microsoft in 2006 when Microsoft acquired Winternals Software, the company he cofounded in 1996, as well as Sysinternals, where he authors and publishes dozens of popular Windows administration and diagnostic utilities. He is a featured speaker at major industry conferences, including Microsoft Ignite, Microsoft //build, RSA Conference, and more.

Mark works for the Chief Information Security Officer of AWS, leading a team of cloud security experts who interface with customers, partners, and internal stakeholders around security in the AWS cloud, and information security more generally.

Mike is the Cyber Chief Technology Officer for Capital One, responsible for setting cyber technology direction through strategic initiatives on new tech and leadership of the cyber product management and architecture teams. Previously Mike held the role of VP Security Research at Fastly where his team focused on researching the latest attack and defensive methodologies in the application security space.

Prior to Fastly, Mike was VP of Security at Lumen Technologies where he led security product engineering, operations, and the Black Lotus Labs threat intelligence team. Mike has spent his career focused on creating secure and scalable technology for his customers.

In his free time, Mike enjoys time with his family, photography, home automation, and being outdoors

Mike is the Chief Security Officer at GitHub.

Per Beming is Vice President and Head of Standards & Industry Initiatives based in Stockholm and reporting to Ericsson Group CTO. In this capacity he drives the technology leadership work in Standardization, and industry initiatives, including open source, for the Ericsson Group. In previous roles Beming was responsible for Radio’s 5G program targeting 5G RAN products and demos, in addition to driving the architecture at Business Area Networks. Beming has been Director of RBS Systems at Development Unit Radio, Business Unit Networks. Beming has also held a role of Expert in Radio Access Architecture at Ericsson Research and being the head of Ericsson’s delegation to 3GPP RAN for WCDMA, HSPA and LTE standardization. Beming joined Ericsson Research in 1994 and holds an M.Sc. in Applied Physics and Electrical Engineering (1994).

Rao Lakkakula is an Executive Director leading Application and Mobile Security Engineering groups at JPMorgan Chase. His teams focus on enabling developers to securely build their applications.  Rao has 20 years of expertise in a unique combination of security, software development, and services experience with roles spanning from strategy, engineering, risk management, and business intelligence in global Fortune 500 companies. Rao joined JPMorgan in 2018. Prior to joining JPMorgan, he was Director of Product Security for Climate Corporation, the digital farming arm of Bayer. Before that, Rao spent almost a decade at Amazon leading engineering teams in security space. He currently holds 12 US Patents and a Master of Science degree from Louisiana State University.

Stephen is the Head of Open Source at Cisco, working within the Strategy, Incubation, & Applications (SIA) organization.

For Kubernetes, he has co-founded transformational elements of the project, including the KEP (Kubernetes Enhancements Proposal) process, the Release Engineering subproject, and Working Group Naming. Stephen has also previously served as a chair for both SIG PM and SIG Azure.

He continues his work in Kubernetes as a Steering Committee member and a Chair for SIG Release.

Across the wider LF (Linux Foundation) ecosystem, Stephen has the pleasure of serving as a member of the OpenSSF Governing Board and the TODO Group Steering Committee.

Previously, he was a CNCF (Cloud Native Computing Foundation) TAG Contributor Strategy Chair and one of the Program Chairs for KubeCon / CloudNativeCon, the cloud native community’s flagship conference.

He is a maintainer for the Scorecard and Dex projects, and a prolific contributor to CNCF projects, amongst the top 40 (as of writing) code/content committers, all-time.

In 2020, Stephen co-founded the Inclusive Naming Initiative, a cross-industry group dedicated to helping projects and companies make consistent, responsible choices to remove harmful language across codebases, standards, and documentation. He leads the Community/Open Source workstream and maintains the initiative’s infrastructure.

He has previously held positions at VMware (via Heptio), Red Hat, and CoreOS.

Stephen is based in New York City.

Stephen Chin is VP of Developer Relations at JFrog, chair of the CDF governing board, member of the CNCF governing board, and author of The Definitive Guide to Modern Client Development, Raspberry Pi with Java, Pro JavaFX Platform, and the upcoming DevOps Tools for Java Developers title from O’Reilly. He has keynoted numerous conferences around the world including swampUP, Devoxx, JNation, JavaOne, Joker, and Open Source India. Stephen is an avid motorcyclist who has done evangelism tours in Europe, Japan, and Brazil, interviewing hackers in their natural habitat. When he is not traveling, he enjoys teaching kids how to do embedded and robot programming together with his daughters.

Vincent Danen is the Vice President of Product Security at Red Hat, which is responsible for security and compliance activities for all Red Hat products and services. Vincent has been involved with open source and software security for over 20 years, leading security teams and participating in open source communities and development.