 Erik Andersen
Editor of ITU-T X.509 | Independent consultant, Andersen's L-Service, Denmark
Erik Andersen was employed by IBM for 27 years and was in the early 1980th appointed by IBM to be the IBM representative in Danish Standards (OSI). Became chair of the Danish committee for Open Systems Interconnection standardization and participated in numerous international meetings within ISO/IEC and was quite active. After leaving IBM, continued to work for international standardization in European standardization arena. Was during four study periods rapporteur for the question, currently Question 11, that is responsible for the ITU.T X.500 series, which is collaborative work with ISO/IEC, which has published the series as ISO/IEC 9594-all parts. Has for 12 years or more been the project editor for the ITU-T X.500 series, also on the ISO/IEC side. Rec. ITU-T X.509, alias ISO/IEC 9594-8, is part of ITU-T X.500 series. X.509 being the framework for public-key infrastructure is an extremely important specification. |
 Abbie Barbir
ITU-T Study Group 17 Q10 Co-rapporteur | Senior Security Advisor, CVS Health, United States
Abbie Barbir serves as a Senior Security Advisor in the areas of identity management, mobile devices, and authentication at CVS Health Global Information Security. Barbir has extensive experience in identity and access management. He has worked with many standard organizations on developing next-generation authentication technologies. Currently, he represents CVS on the FIDO Board of Directors. Barbir holds a Ph.D. in computer engineering from Louisiana State University. In his more than 25 years in the software and security industry, he has been a Professor of Computer Science, an Application Developer, Data Compression and Encryption Inventor, Systems Architect, Security Architect, Engineering Manager, Consultant, Author and Inventor of numerous security algorithms and articles. |
 Steffen Fries
Principal Engineer Security, Siemens AG, Germany
Steffen Fries is working in the area of cybersecurity within Siemens Technology for more than 25 years. As principal engineer he mainly focuses on the analysis, design, and implementation of secure communication solutions for different verticals. This requires collaborating with system architects, implementers, and product management in order to design secure solutions. Within standardization, he is editor of and contributor to several IEC 62351 documents in the IEC TC for power system automation. Besides this he is active in IEEE to secure time synchronization for the precision time protocol IEEE 1588. In the IETF his main interest is in group key management as well as the management of certificates in PKIs.
|
Jin-Bae Hong
Deputy Minister, Ministry of Science and ICT, Korea (Rep. of)
Mr. Jin-Bae Hong is the Deputy Minister of the Office of Network Policy in the Ministry of Science and ICT of the Republic of Korea since February 2022. He began his career at the government office in 1995. Ever since then he has been working in the information and communication sector. He has devoted himself to establishing the network and security policies at the national level for the country. He was the Director of the Cyber Security Planning Division from March 2013 to March 2016, the Director-General of the Telecommunications Policy Bureau from December 2019 to April 2021, and the Director-General of the Cyber Security and Network Policy Bureau from April 2021 to February 2022 in the Ministry of Science and ICT. In 2021, he contributed himself to a great extent to set up the policy to create a safer environment for cyberspace, focusing on ransomware threat response, talent development, and industry promotion for cybersecurity, as well as strengthening response capabilities against cyber threats and resilience of the private sector. As an incumbent Deputy Minister of the Office of Network Policy, he is now responsible for coordinating overall national network and cybersecurity policy.
|
 Russell Housley
Founder of Vigil Security, LLC | Former IETF Chair (2007-2013)
Mr. Housley is an expert in security protocols, system engineering and system security architectures, and he has authored many Internet standards. He has over 30 years of communications and computer security experience, and he is the Founder of Vigil Security, LLC. He served as Chair of the Internet Engineering Task Force (IETF) from 2007 to 2013. He on the Internet Architecture Board (IAB) from 2007 to 2017, and he served as Chair of the IAB from 2013 to 2015. He was an IETF Security Area Director from 2003 to 2007. He also served in leadership positions of the Institute of Electrical and Electronics Engineers (IEEE), including the IEEE 802 Executive Committee in the early 1990s. Mr. Housley has authored several Internet security standards, including the Cryptographic Message Syntax, which provides the foundation for electronic mail security, and the Internet X.509 Certificate Profile, which provides the infrastructure to identify and authenticate websites and users. In the IEEE, he made significant technical contributions Local Area Network security standards, particularly IEEE 802.10 and IEEE 802.11i, which is implemented as Wi-Fi Protected Access (WPA and WPA2). He is coauthor of two technical books: Planning for PKI and Implementing Email and Security Tokens.
|
 Hoyt L Kesterson II
Senior Security & Risk Architect, Avertium, United States
Hoyt L Kesterson II is a Senior Security & Risk Architect with Terra Verde. He has more than 40 years of experience in information security. For 21 years he chaired the international standards group that created the X.509 public-key certificate, a fundamental component in digital signature and securing web transactions. He is a co-chair and founding member of the ABA’s Information Security Committee. He is a testifying expert. He is a PCI QSA who helps clients meet compliance requirements for ensuring that the integrity and confidentiality of payment card data are maintained. He holds the CISSP and CISA certifications.
|
 Phyllis Lee
Senior Director, Center for Internet Security
Phyllis Lee is the Senior Director of Controls at the Center for Internet Security (CIS). She has over 25 years of experience in information assurance and has performed vulnerability assessments, virtualization research and worked in security automation. Prior to joining CIS, Ms. Lee worked at the National Security Agency (NSA) focusing on the intersection between malware and virtualization, which included collaboration with MIT Lincoln Labs. She also participated in a variety of security automation standardization efforts and led the security automation strategy for the NSA Information Assurance Directorate (IAD). Ms. Lee graduated from Johns Hopkins University with a Master of Science in Computer Science.
|
 Jean-Paul Lemaire
ITU-T Q11/17 Rapporteur | ISO/IEC/JTC1/SC 6/WG 10 Convenor
Jean-Paul Lemaire worked between 1978 and 1996 as civil servant in University Paris Diderot in charge of systems, networks and security. Since 1998, he is involved in standardization of ASN.1 then also Directory. Since 2017, he is Rapporteur of Q11/17 (Generic technologies to support secure applications) and, also Convenor of ISO/IEC/JTC 1/SC 6/ WG10 (Directory, ASN.1 and registration). He is also lecturer in Gustave Eiffel University (France) and works also as consultant in development of applications related to security.
|
 François Lorek
Founder of
TRAX, Digital Compliance Agency | Associate director |
ISO/IEC JTC1 SC27 WG4 Vice convenor, France
François LOREK is a seasoned expert in Cyber security and risk forecasting with emerging new technologies, relying on strong engineering backgrounds in IT & IT security. His professional career was dedicated to IT consulting activities, including ISO standards lead auditing expertise, whilst dispensing advice to match compliance, business stakes with operational efficiency. He has been actively involved in standardization work for more than 12 years, at French, European and international level. Indeed, he is since 2010 member of SC27 french mirror committee as well as 10+ other
Afnor’s standardization mirror committees. Since 2015, he is vice convenor of
ISO/IEC JTC1 SC27 WG4 “Security Controls & Services” as well as vice convenor since 2021 for both ad hoc groups “Internet of Things & Digital Twins” and “Artificial Intelligence & Big Data”. At European level, he is actively involved in
CEN-CENELEC JTC013 “Cybersecurity and Dataprotection” and
CEN-CENELEC JTC021 “Artificial Intelligence” since their creation. He first worked for two renowned IT consulting firms (SEMA Group, Altran Group), prior to co-founding Synertal, using ISO standards to enhance corporate performance through IT leverage and risk mitigation. In 2012, he created his own company LOREK Consulting and co-founded TRAX ( www.trax.solutions) in 2015, a Digital Compliance Agency to provide compliance, expertise and intelligence services in IT security management. He is the youngest French chartered practitioner and one the most experienced French auditors for ISO 27001, also 9001 & 20000-1 accredited, is officially commissioned by major international certification bodies for which he completed 600+ days for IT security audits worldwide in more than 50 countries. |
 Lia Molinari
ITU-T Study Group 17 WP3 Vice-Chair
Since 1988, Professor at National University of La Plata (UNLP), Argentina, in the subjects Operating Systems, IT Governance and Auditing, and Security Management. Member of the Cybersecurity Team of the UNLP. She has a Phd in Administration Science and a Master in Data Networks. She is currently Director of Information Security in the Federal Administration of Public Revenue (Administración Federal de Ingresos Públicos, AFIP). She was coordinator of CERT.ar, the national governmental CERT (December 2021 – March 2022). She was Director of On line Government of the Provincial Government of Buenos Aires, in charge of digital interaction with citizens in pandemic situation (December 2019 – November 2021). She was Vicedean of the Computer Science School, UNLP (2014-2018). Member of Argentine Standardization and Certification Institute (IRAM), the only representative of ISO for Argentina. She has the following professional certifications:
- Certified ISO/IEC 27032 Lead Cybersecurity Manager.
- Certified Lider Auditor IRCA de ISO 27001.
- Certified CISA (Certified Information Systems Auditor). ISACA. Until 2019.
- Certified CISM (Certified Information Security Management). ISACA. Until 2019.
|
 Kirsty Paine
Strategic Advisor, Technology & Innovation, Splunk
Kirsty helps organisations to achieve their strategic goals with data, and accelerate their strategic journey (or get it started). She has spent nearly a decade working in cyber security, engaging internationally with industry and specialising in security, privacy and internet standards. Kirsty's long-standing mantra is simple and straightforward: "Make Good Choices". She's a firm believer that the right data - and asking the right questions - always helps to make better decisions.
|
 Jos Purvis
Security Architect, Cisco Systems
A 25-year IT and information security technologist, Jos Purvis has been with Cisco’s Cryptographic Services team for 15 years as a Security Architect for cryptographic controls. His primary work at the moment focuses on Cisco’s trusted root store and PKI security standards; in his past work with Cisco he co-authored the IPC-1071 standard on intellectual property protection in PCB manufacturing. In addition to his work with Cisco, Jos also holds adjunct faculty/instructor positions in computer/information science with North Carolina State University, UNC-Chapel Hill, and Boston University, teaching classes in security risk assessment, cryptographic applications, and programming. For the last six years, he has served as Cisco’s representative to the CA/Browser Forum, where he is currently the chair of the Server Certificate Working Group and the Forum Infrastructure Subcommittee. He graduated from Boston University with a Master of Science in Computer Information Systems, and holds the CISA and CISSP certifications.
|
Anthony Michael Rutkowski
CEO, Netmagic Associates LLC
Tony Rutkowski is an engineer-lawyer with an extremely diverse, sixty-year professional career spanning the telecommunication, mobile, internet, satellite, and broadcasting fields in the U.S. and Europe where he has shaped major technical and legal developments in senior governmental, company, and academic leadership positions at international, national, and local levels. Over the past two decades, his roles have been focused on significant international and U.S. Federal network security initiatives relating to cybersecurity, infrastructure protection, extraterritorial security law, and lawful interception for new networks and services. Currently, as the CEO of Netmagic Associates LLC, he provides technical and regulatory analytical and consulting services to a few entities that include the Center for Internet Security. He engages actively in a broad array of governmental and industry security forums – largely internationally. Over the past several years, he has assumed rapporteur responsibilities in the ETSI Cyber Security Technical Committee for a number of major specifications and reports and served as an ENISA consultant. Over the past 20 years, he assumed rapporteur responsibilities in the ETSI Lawful Interception Technical Committee and chair of the OASIS LegalXML LI Technical Committee. He continues to serve as the liaison among multiple international network security bodies. He also writes extensively in multiple professional publications and speaks on network security related developments and history. |
Reinhard Scholl
Deputy Director, Telecommunication Standardization Bureau, ITU
Dr. Reinhard Scholl is Deputy to the Director of the Telecommunication Standardization Bureau (TSB) since September 2002. Previously he has been with Siemens in Munich, Germany and with ETSI (European Telecommunications Standards Institute). He has also served on the ICANN Board. He received a Ph.D. in physics from the University of Illinois, USA.
|
 Doug Steedman
CCITT Special Rapporteur of Question 35/ VII, Directory Systems (1985-1988) I Software Engineer, Google Inc
Doug Steedman was the CCITT Special Rapporteur for Directory Systems during 1985-1988, leading the international group that produced the first versions of the X.500 standards (including X.509). He was also the editor for those documents. Doug was also one of the creators of ASN.1. After his standardization work, during which he represented Bell-Northern Research in Canada, he returned to software engineering, joining General Magic in California to work on the Telescript language for Mobile Agents. Subsequently he worked on security for WebTV Networks and Microsoft. Currently Doug is a software engineer at Google Inc in San Francisco
|
 William Whyte
Senior Director, Technical Standards, Qualcomm Technology Inc.
William Whyte is Senior Director, Technical Standards at Qualcomm Technology Inc., following the acquisition by Qualcomm of OnBoard Security where he was CTO. William is one of the world’s leading experts in the design and deployment of security for connected vehicle and general mobile ad hoc networking systems. He is the editor of IEEE 1609.2, the baseline standard used worldwide for connected vehicle communications security, and of its related and successor standards. He was a key contributor to the design of the Security Credential Management System for Connected Vehicle in the US and lead security consultant on the New York City Connected Vehicle Pilot Deployment. His technical background is in cryptography and, before that, in theoretical physics, in which he has a B.A. from Trinity College Dublin and a D. Phil from Oxford University, England.
|
 Xiaoya Yang
ITU-T Study Group 17 Counselor
Xiaoya Yang serves as the Counselor of ITU-T Study Group 17 ‘security’ since 2017. With 20+ years of professional experience in telecommunication regulation, legislation and international standardization and coordination, she was the Head of the WTSA Programmes Division in the Telecommunication Standardization Bureau of the International Telecommunication Union (ITU-TSB) from 2010 to 2016, Co-counsellor of ITU-T Study Group 2 on 'Operational aspects of service provision and telecommunications management' and Study Group 3 on 'Tariff and accounting principles including related telecommunication economic and policy issues' from 2009 to 2010; Counselor of ITU-T Study Group 17 on 'Telecommunication security' from 2007 to 2008; and Workshop Project Coordinator from 2004 to 2006. Before joining ITU, she worked in the Ministry of Information Industry of China from 1998 to 2004. There she was the Division Director responsible for regulation of Internet and information security. From 1997 to 1998 she worked in China Telecom as a network engineer and service manager in their Internet service department. She has a M.S. in Computer Science from Tsinghua University, China and a MBA from Polytechnic University, Hong Kong.
|
