Dr. Bill Curtis, Executive Director, CISQ
Dr. Bill Curtis is CISQ’s Executive Director. Dr. Curtis led development of the Capability Maturity Model (CMM) at the Software Engineering Institute at Carnegie Mellon University. Dr. Curtis is an active participant in ISO JTC1 SC7 WG6 for Software and System Product Measures. In 2007, he was elected a Fellow of the IEEE for his career contributions to software process improvement and measurement. LinkedIn
Matthew Butkovic, Technical Director, Cyber Risk and Resilience Directorate Professional Experience
Matthew Butkovic is the technical director of the Cyber Risk and Resilience Directorate in the CERT Division of the Software Engineering Institute at Carnegie Mellon University (CMU). Butkovic performs critical infrastructure protection research and develops methods, tools, and techniques for evaluating capabilities and managing risk. This includes addressing the challenges of complex supply chains. Butkovic teaches graduate-level cybersecurity policy courses at the CMU Heinz College. He is also an instructor, focused on organizational resilience and supply chain risk management, for the CMU Heinz College CISO and CRO Executive Certificate Programs.
Butkovic has more than 20 years of managerial and technical experience in information technology—particularly information systems security, process design, and audit—in the banking and manufacturing sectors. Prior to joining the CERT Division in 2010, Butkovic was leading information security and business resilience efforts for a Fortune 500 manufacturing organization.
Butkovic is a Certified Information Systems Security Professional (CISSP) and Certified Information Systems Auditor (CISA). He earned degrees at the University of Pittsburgh (BA) and Pennsylvania State University (MS).
Company Information: The Software Engineering Institute is a federally funded research and development center sponsored by the Department of Defense and operated by Carnegie Mellon University. The SEI's headquarters are just off the main CMU campus in the Oakland section of Pittsburgh, PA.
Seth Carmody, Ph.D., Vice President, MedCrypt
Seth Carmody is the vice president of regulatory strategy at MedCrypt. Prior to MedCrypt, Dr. Carmody worked as the cybersecurity program manager and tech policy architect in the FDA's Center for Devices. Seth brings a decade of experience in guiding regulatory strategy for technology.
Bob Metzger heads the Washington, D.C. office of Rogers Joseph O'Donnell, PC
Robert S. Metzger is a shareholder specializing in government contracts, security and compliance matters. He co-chairs the Cybersecurity and Privacy Practice Group.
Bob Metzger heads the Washington, D.C. office of Rogers Joseph O'Donnell, PC. RJO has specialized in government contracts for over 40 years. Chambers USA 2021 placed RJO in "Band 2," among the "Elite" group of government contracts law firms nationwide, and the only "boutique" among the top seven firms.
Bob is recognized for subject area leadership in cyber, supply chain and related security matters. As a Special Government Employee of the Department of Defense, Bob was on the Defense Science Board task force that produced the "Cyber Supply Chain Report" (April 2017) whch subsequently received the SANS Institute "Difference Maker" award. He is a co-author of "Deliver Uncompromised," a Report released by The MITRE Corporation in August 2018 that is widely credited with significant influence on a broad range of security initiatives of the Department of Defense and federal civilian agencies. The Report team received a "Program Recognition Award" from MITRE in 2019. Bob was named a 2016 "Federal 100" awardee by Federal Computer Week which cited his "ability to integrate policy, regulation and technology" and said of him: "In 2015, he was at the forefront of the convergence of the supply chain and cybersecurity, and his work continues to influence the strategies of federal entities and companies alike."
Chambers USA 2021 ranked Bob in Band 2 for Government Contracts – Nationwide and said that he is "routinely called upon by clients in cybersecurity matters, assisting clients with high-stakes contract procurements, qui tam litigation and compliance issues." The Legal 500 (2020) describes him as having "developed an 'exceptional' reputation for litigation and bid protests, as well as cybersecurity-related issues." Who's Who Legal (2018) described Mr. Metzger as "shown by our research to be one of the leading [government contracts] practitioners worldwide" and has identified him as a "Global Elite Thought Leader" in 2018, 2019 and 2020 – one of five in the U.S. and 18 globally in 2020.
Mr. Metzger is a graduate of Georgetown University Law Center, where he was an Editor of the Georgetown Law Journal. Subsequently to graduation from law school, he was a Research Fellow at the Center for Science & International Affairs (presently, "Belfer Center") at the Harvard Kennedy School of Government. He is a widely published author and frequent speaker on cyber and supply chain security, as well as other subjects. He is presently a Vice-Chair of the Information Security Committee of the Science & Technology Section of the American Bar Association.
Hasan Yasar, Technical Director, Adjunct Faculty Member firstname.lastname@example.org
Hasan Yasar is the Technical Director of Continuous Deployment of Capability group in Software Engineering Institute, CMU. Hasan leads an engineering group to enable, accelerate and assure Transformation at the speed of relevance by leveraging, DevSecOps, Agile, Lean AI/ML and other emerging technologies to create a Smart Software Platform/Pipeline. Hasan has more than 25 years' experience as senior security engineer, software engineer, software architect and manager in all phases of secure software development and information modeling processes. He is also Adjunct Faculty member in CMU Heinz Collage and Institute of Software Research where he currently teaches "Software and Security" and "DevOps: Engineering for Deployment and Operations"
Joe Jarzombek, Director for Government and Critical Infrastructure Programs, Synopsys
Joe Jarzombek is Director for Government and Critical Infrastructure Programs at Synopsys. For 10+ years, Mr. Jarzombek was Director for Software and Supply Chain Assurance at the U.S. Department of Homeland Security. He is an expert in software assurance and supply chain risk management. LinkedIn
Robert Martin, CSSLP and Senior Principal Engineer at MITRE
Robert spends the majority of his time working with industry on the CWE and CAPEC security standardization initiatives and with the Industrial Internet Consortium. For the past 24 years, Martin's efforts focused on the interplay of risk management and cybersecurity. Martin is a frequent international speaker on the various security and quality issues surrounding technology systems, has published numerous papers on these topics, authored over a dozen ITU-T X-series Recommendations, and chairs the OMG Structured Assurance Cases Metamodel Task Force. Martin joined MITRE in 1981 with a B.S. and M.S. in EE from RPI, later earning an MBA from Babson College. He is a member of the ACM, AFCEA, NDIA, the Open Group, and the IEEE Computer Society.
Richard Knaster, Vice President and Chief Scientist for Value Stream Management at Digital.ai.
Richard has more than 30 years' experience in software and systems development and IT. Before joining Digital.ai, Richard was a SAFe methodologist, and principal consultant at Scaled Agile, Inc. Prior to that Richard was Chief Agile Methodologist at IBM and has held several executive roles in IT and software development (CIO, CTO, VP Development). He has been leading large-scale Agile transformations for well over 15 years and is passionate about helping organizations create a better work environment to deliver value, improve quality and flow, and be more engaging and fun. Richard has written 5 books on SAFe and recently published an eBook on Value Stream Management.
Marc Peters, Distinguished Engineer, CTO for Energy, Environment & Utilities EMEA, IBM
Robert Aiello, CTO, Principle Consultant at Aiello Consulting
Allan Friedman, Senior Advisor & Strategist, CISA
Sammy Migues, Principal scientist, the Synopsys Software Integrity Group
He is a principal scientist within the Synopsys Software Integrity Group where he studies evolving application security market needs, creates solutions for the hard problems, and leads organizations through transformational improvements. Over the past 15 years, Sammy focused on computer-based and instructor-led training, smart grid, supply chain security, metrics, software security initiative maturity, and management consulting. Sammy is a co-creator and the maintainer of the Building Security In Maturity Model (BSIMM), the only study of its kind to capture the actual software security practices in over 200 firms around the globe. Sammy also co-authored the Synopsys CISO Report, a review of approaches to the CISO role, and the BSIMMsc, an application of the BSIMM for supply chain security.
Leo Zhadanovsky, Chief Technologist for Education at Amazon Web Services
He is the Chief Technologist for Education at Amazon Web Services, spends his days (and occasional nights!) helping customers best leverage AWS services in order to help them build highly-available, scalable and elastic architectures to fulfill their business needs. As a speaker, Leo has delivered talks at conferences around the world, including Re:Invent, OmniTI Surge, and PuppetConf. Previously the Director of Systems Engineering at the Democratic National Committee, he's also run the DNC's on-premise and cloud infrastructure, in use by the Obama campaign, state and local Democratic parties. This infrastructure was used to support hundreds of millions of dollars in online donations, and withstood significant amounts of election day traffic. In his free time, he enjoys traveling the world, going for a bike ride, and trying out new restaurants in whatever city he finds himself in.
Ruth Lennon, Director, Craobh Technology Consulting
Ruth Lennon is the director of Craobh Technology Consulting providing tailored solutions to industry problems. Ruth's focus is on the promotion of secure DevOps strategies. Over the past 20 years she has been a member of many technical panels and ISO committees including chairing the NSAI/TC 2/SC 11 on cloud and distributed systems. Ruth is a member of the working group which developed the IEEE 2675 DevOps standard. Ruth's goal in DevOps is to ensure that security and performance are seen as core to development projects just as it is in configuration projects. Ruth is a senior member of the ACM and IEEE as well as the Chair of the ACM-W Europe.