|Josh Aas (‘oohse’) co-founded and currently runs Internet Security Research Group (ISRG), the nonprofit entity behind Let’s Encrypt, the world’s largest certificate authority helping to secure more than 290 million websites. He also spearheaded ISRG’s latest projects, one focused on bringing memory-safe code to security-sensitive software, called Prossimo, and Divvi Up, a privacy-respecting metrics service. Josh worked in Mozilla’s platform engineering group for many years, improving the Firefox web browser. He also worked for Mozilla in a senior strategy role, helping to find solutions for some of the Web’s most difficult problems. He has deep expertise in software security and ecosystem dynamics, as well as organizational leadership.
|Yasemin Acar an assistant professor at the George Washington University. Her research focus is on human factors in secure development, specifically: investigating how to help software developers implement secure software development practices. Her research has shown that working with developers on these issues can resolve problems before they ever affect end users. Her most recent work aims to support security and trust in open source software.
|Marc Alvidrez is an engineer and project lead at the U.S. Digital Service (USDS), where he has worked on a diverse set of projects that include the launch of covidtests.gov and improvements to the national Organ Procurement and Transplantation Network (OPTN). Coming to government after 25 years in industry, he was a member of the first generation of Site Reliability Engineers at Google. Most recently he worked at Loon where he was responsible for integrating, operating, and securing a stratospheric, balloon based communications platform capable of bringing LTE and Internet service to un(der)served communities around the world.
|Rhys Arkins is Vice President, Product Management at Mend. Rhys joined Mend (formerly WhiteSource) in 2019 through the acquisition of his startup, Renovate Bot, an Open Source dependency automation tool. Today Rhys maintains a focus on dependency management and automation to improve developer experience and application security. Rhys was awarded a University Medal for his studies in Information Technology at the University of Queensland, and now resides in Stockholm, Sweden.
|Anne Bertucio leads program development in Google’s Open Source Programs Office (OSPO). The Program Development Team helps teams at Alphabet develop, contribute to, and release open source software with an eye towards strategy, sustainability, and the spirit of the Open Source Definition. The Program Development Team works across domains, from cloud to data analytics to gaming to security. Security is a special focus for Anne, particularly open source vulnerability disclosure. She previously worked on Kubernetes and container security, and authored the paper Why Container Security Matters to Your Business. Before coming to Google, she was a staff member of the OpenStack Foundation (now known as the Open Infrastructure Foundation), where she was part of the inaugural core team of the Kata Containers project and on the OpenStack release management team. Anne has B.A.s in policy and ethics and worked in community and government relations in renewable energy before coming to tech.
|William Bartholomew (he/him) is a Principal Security Strategist in the Global Cybersecurity Public Policy team at Microsoft. His public policy advocacy benefits from over a decade of experience in designing, implementing, and operating software supply chains used by tens of thousands of developers. Prior to focusing on public policy, he held engineering and product management roles within Microsoft and GitHub that focused on delivering reliable and secure engineering systems for developers internally as well as for our customers. He brings his relentless focus on reducing friction to standards development, open source, and public- and private-sector working groups globally. When not working, he can be found tinkering with hardware and software, making espresso, and spending time with his family in the United States’ Pacific Northwest.
|Lars Bergstrom is a Director of Engineering at Google on the Android team, working on their platform programming languages, including Java, C/C++, and Rust. He also serves as Google’s Corporate Director to the Rust Foundation. Before Google, he was at Mozilla Research, initially contributing to the Servo browser project and directing the integration of Rust into Firefox and the partner ecosystem. Later, he led Mozilla’s AR and VR work, shipping software and building OEM relationships on many different devices. He is currently based out of Chicago, where he lives with his wife and son.
|Jon Boyens is the Deputy Chief of the Computer Security Division in the Information Technology Laboratory at the National Institute of Standards and Technology (NIST). His responsibilities include Cybersecurity Research and Development at NIST and Cybersecurity Standards and Guidelines for Federal Agency Security Programs.
|Georgia Bullen is the Executive Director at Simply Secure, a nonprofit leveraging design as a transformative practice to shift power in the tech ecosystem and change who technology serves. She brings over 15 years of experience in usability, design, technology, policy and research to her work, contributing to the internet health movement on issues such as security, privacy, open source, and equitable access to technology.
|Bob Callaway is the technical lead and manager of the supply chain integrity group in Google’s Open Source Security Team. He and his team directly contribute to critical secure supply chain projects and drive communication & adoption of best practices throughout the open source ecosystem. Bob is a member of the Technical Advisory Council for sigstore, a Linux Foundation / OpenSSF set of projects focused on improving transparency and UX of software supply chains. Before joining Google in 2021, Bob was a member of Red Hat’s Office of the CTO where he was responsible for emerging technology strategy with strategic partners (including IBM) and a principal architect at NetApp where he focused on contributions to OpenStack and storage automation projects. He holds a PhD in Computer Engineering from NC State University where he also serves as an adjunct assistant professor in the ECE department.
|Mel Chua is a contagiously enthusiastic hacker, scholar, and perpetual motion machine. She is an auditory low-pass filter and multimodal polyglot and a PhD candidate at Purdue University’s School of Engineering Education. Mel received her B.S. in Electrical and Computer Engineering from Olin College of Engineering and spent several years in the open source software and hardware industry before returning to academia. Mel’s research focuses on faculty development, learning in hacker/maker communities, embodied qualitative research methodologies, and prototyping alternate ontologies of curricular culture in engineering education.
|Lin Clark is a Senior Principal Engineer and Acting Director of the WebAssembly team at Fastly. She is also the chair of the W3C’s WebAssembly System Interface (WASI) subgroup. In her 15+ years in open source, she has been a maintainer on Firefox developer tools, worked as an early employee at npm, and has been a core module maintainer on Drupal, among other things. She also has a long running series of explainers called Code Cartoons which have explored many security topics, from DNS over HTTPS to the capability-based security model of WASI.
|Dr. Denae Ford is a Senior Researcher at Microsoft Research in the SAINTES group and an Affiliate Assistant Professor in the Human Centered Design and Engineering Department at the University of Washington. Her research lies at the intersection of Human-Computer Interaction and Software Engineering. In her work she identifies and dismantles cognitive and social barriers by designing mechanisms to support software developer participation in online socio-technical ecosystems. She is best known for her research on just-in-time mentorship as a mode to empower welcoming engagement in collaborative Q&A for online programming communities including open-source software and work to empower marginalized software developers in online communities.
|Dr. Sol Greenspan serves as the program director for Software Engineering research and also manages the Software Security portfolio for the Secure and Trustworthy Cyberspace program. He leads a relatively new program on Designing Accountable Software Systems and also leads the Trustworthy AI theme of the National AI Research Institutes program. Prior to NSF, Dr. Greenspan conducted R&D in industrial research labs (Bell Laboratories, GTE Laboratories, Schlumberger-Doll Research) and has also taught and performed research at several universities. Dr. Greenspan received his Ph.D. degree in Computer Science from the University of Toronto for work in the intersection of Artificial Intelligence and Software Engineering. His M.S. in Computer Science is from Rutgers University, where he did an early project on machine learning, previously earning a B.S. in Mathematics from the University of Michigan.
|Luke Hinds works within the Emerging Technologies group in Red Hat’s CTO office, where he leads a team working on open source security. Luke is the founder of project sigstore and has held numerous community roles, such as the Kubernetes Security Response Team, elected member of the Open Source Security Foundation Technical Advisory Council and is a board member of the confidential computing foundation
|Justin Hutchings is the Director of Product Management for Supply Chain Security at GitHub where he works on products like Dependabot and the GitHub Advisory Database. He has extensive experience in open source and standards development and has contributed to initiatives in the Open Software Security Foundation (OpenSSF), Open Connectivity Foundation, IEEE, and USB-IF. Prior to joining GitHub, he was a product manager at Microsoft where he built developer platforms as part of Azure Identity, Microsoft Research, and Windows. Justin earned his BS in Software Engineering and Computer Science from Rose-Hulman Institute of Technology.
|Dustin Ingram is a software engineer on Google’s Open Source Security Team, where he works on improving the security of open-source software that Google & the rest of the world relies on. He’s also a director of the Python Software Foundation, and maintainer of the Python Package Index.
|Greg Kroah-Hartman is among a distinguished group of software developers who maintain Linux at the kernel level. In his role as a Linux Foundation Fellow, he continues his work as the maintainer for the Linux stable kernel branch and a variety of subsystems while working in a fully neutral environment. He also works closely with Linux Foundation members and projects, and on key initiatives to advance Linux.
|Dr. Uma Karmarkar is an Assistant Professor with a dual appointment between the Rady School of Management and the School of Global Policy and Strategy at the University of California, San Diego. Prior to this, she was a member of the Marketing Unit faculty at the Harvard Business School and affiliated with the Harvard Center for Brain Science. She holds dual PhDs in neuroscience and consumer behavior. Dr. Karmarkar is a neuroeconomist whose research draws on neuroscience, psychology, behavioral economics and marketing to develop interdisciplinary frameworks of applied decision-making. Reflecting this background, her work has been published in academic journals ranging from Neuron to Management Science, and covered by popular media outlets including Scientific American, The Economist, and The New York Times.
|Per Larsen leads a security consultancy (Immunant, Inc.) focusing on hardening systems software against memory corruption vulnerabilities. He is particularly interested in compile- and runtime techniques that drive up the cost of exploitation as well as efforts to migrate privileged, low-level code to safe and modern languages such as Rust. He is responsible for the C2Rust effort which aims to automate safety-enhancing source code translation.
|Joshua Lock is a Staff 2 Open Source Engineer in VMware’s Open Source Program Office where he works on software supply chain security standards and tools. He is a steering committee member and maintainer for the Supply chain Levels for Software Artifacts (SLSA) project, an editor of The Update Framework (TUF) specification and maintainer of python-tuf and go-tuf implementations, and a root key holder for and contributor to Sigstore. Joshua has a long history of contributing to open-source software. His noted works to date are on build tools (Yocto Project, OpenEmbedded), CI/CD systems, Linux distributions (MeeGo, Moblin, Tizen), UX for clamshell and tablet devices (GNOME), and more that he can’t remember.
|Bob Lord joined the Cybersecurity and Infrastructure Security Agency (CISA) as a Senior Technical Advisor in April 2022. Previously he was the Chief Security Officer at the Democratic National Committee where he brought more than 20 years of experience in the information security space to the committee, state parties, and campaigns. Before that he was Yahoo’s Chief Information Security Officer, covering areas such as risk management, product security, security software development, e-crimes and APT programs. He was the Chief Information Security Officer in Residence at Rapid 7, and before that headed up Twitter’s information security program as its first security hire.
|Anil Madhavapeddy is Professor of Planetary Computing at the Department of Computer Science & Technology at the University of Cambridge. His research covers the intersection of large-scale systems and robust programming methods such as functional programming. He has worked on open-source systems since the 90s, and has been a maintainer on OpenBSD, Docker, Xen and OCaml (where he co-developed the opam package manager). He is a founding director of the Cambridge Centre for Carbon Credits, which aims to halt tropical deforestation by developing a robust carbon offset mechanism using global satellite data.
|Nicholas Matsakis is a Senior Principal Engineer at AWS and co-lead of the Rust language design team. He has been working on Rust since 2011, with a focus on its type system and compiler implementation. He did his undergraduate study at MIT, graduating in 2001, and later obtained a Ph.D. in 2011, working with Thomas Gross at ETH Zurich.
|Shane Miller is chair of the Rust Foundation, a founding member of the Rust Foundation board of directors, and the leader of Rust open source at Amazon Web Services (AWS). The Rust programming language combines the performance and resource efficiency of systems programming languages like C with memory safety, eliminating a substantial class of high severity security issues. During Shane’s tenure as a Rust leader, the community has nearly quadrupled (from 600,000 to 2.2MM developers worldwide). Over the last three decades, Shane’s held diverse roles, including principal engineer, university faculty, and political consultant. Shane’s engineering experience includes insurance, globalization, machine learning, cryptography, programming languages, and open source. She holds B.S. and M.S. degrees in pure mathematics.
|Daniela Oliveira is a Program Director at the NSF Computer and the Directorate of Information Science and Engineering (CISE), Division of Computer and Network Systems (CNS), Secure and Trustworthy Cyberspace (SaTC), where she focuses on the Systems portfolio. She received her B.Sc. and M.Sc. degrees in Computer Science from the Federal University of Minas Gerais in Brazil. She then earned her Ph.D. in Computer Science from the University of California at Davis. She is on rotation from the University of Florida, where she is an Associate Professor at the Department of Electrical and Computer Engineering, where she specializes on socio-technical aspects of cyber security systems research, including malware analysis and detection, cyber social engineering (phishing and mis/disinformation), and developer blindspots while coding. Daniela Oliveira received a National Science Foundation CAREER Award in 2012 for her innovative research into operating systems’ defense against attacks using virtual machines, the 2014 Presidential Early Career Award for Scientists and Engineers (PECASE) from President Obama, and the 2017 Google Security, Privacy and Anti-Abuse Award. She is a National Academy of Sciences Kavli Fellow and a National Academy of Engineers Frontiers of Engineering Symposium Alumni. Her research has been sponsored by the National Science Foundation (NSF), the Defense Advanced Research Projects Agency (DARPA), the National Institutes of Health (NIH), the MIT Lincoln Laboratory, and Google. While serving the NSF she received the 2022 Director’s Award for Superior Accomplishment (Group) for contributions to the Resilient and Intelligent NextG Systems (RINGS) program.
|Deborah Shands is a security researcher and senior computer scientist at SRI International, where she currently focuses on security and privacy for digital credential wallets and decentralized identities. Prior to joining SRI, she assessed security architectures and designs for space systems at The Aerospace Corporation and served as a Program Director for the National Science Foundation. Her research has focused on the security of distributed computing environments, including scalable security administration for distributed systems, mission-oriented access control in coalition environments, as well as trust establishment for system component integration.
|Deian Stefan is an Associate Professor of Computer Science and Engineering at UC San Diego, where he co-leads the Security and Programming Systems groups. His research lies at the intersection of security and programming languages, with a particular focus on building secure systems that can be deployed in production. Deian is on the Bytecode Alliance board of directors, serves on several industry security working groups, and co-founded two companies (Intrinsic (acquired by VMWare) and Cubist). His work has been recognized by multiple awards, including distinguished paper awards, the NSF CAREER award, and the Sloan Fellowship.
|Camille Stewart is the inaugural Deputy National Cyber Director for Technology and Ecosystem Security in the Executive Office of the President for the Biden-Harris Administration. Prior to taking this role Camille was a security leader at Google. She was the Global Head of Product Security Strategy at Google advising Google’s product leads on federated security and risk. She also led security, privacy, election integrity, and dis/mis-information for Google’s mobile business as the Head of Security Policy for Google Play and Android. Prior to Google, Camille was a manager in Deloitte’s Cyber Risk practice working on cybersecurity, election security, tech innovation, and risk issues for DHS, DOD, and other federal agencies. Camille is the former Senior Policy Advisor for Cyber, Infrastructure & Resilience Policy at the Department of Homeland Security. Appointed by President Obama, Camille contributed to a number of federal cyber policies such as Presidential Policy Directive 41 (PPD -41) on United States Cyber Incident Coordination and Cybersecurity National Action Plan (CNAP). Camille focused on a number of domestic and international cyber and technology policy issues, earning recognition from President Obama for her contributions to expanding cybersecurity cooperation with DHS’s Israeli counterparts. Prior to working at DHS, Camille spent five years as the Senior Manager, Legal Affairs at Cyveillance, Inc., a cybersecurity company focused on open source threat intelligence and incident response (now ZeroFOX). While there, Camille navigated legal and policy challenges for cyber-related issues such as data privacy, incident response, Internet governance, cyber security, new gTLDs, social media law & policy, and intellectual property (IP) protections online for Global 2000 companies. In this role, Camille managed a team of cyber intelligence analysts in the SOC, revamped the brand protection service offerings, managed the company’s policy and IP portfolio, and built new incident response service offerings. Camille also spent time working for Rep. Marcia Fudge and Rep. Emanuel Cleaver II. Camille is passionate about making technology and IP issues accessible to entrepreneurs and the less than technically savvy. To that end, she founded a legal consultancy and startup incubator, MarqueLaw, PLLC, and the blog TheDigitalCounselor.com.
|David Tarditi is Vice President of Engineering at CertiK, a blockchain security company. At CertiK, he leads work on tools for securing blockchain programs and smart contracts. Prior to joining CertiK, he had a 25-year career at Microsoft. His last role was leading the development of a secure IoT operating system. Other roles included researcher, development manager, development lead, and research group manager. David has worked on compilers, programming languages, operating systems, and security. He is an expert at building software development tools for enabling the development of secure software. He created the Checked C extension for C, which enables more secure C code to be written. He led the creation of an ahead-of-time compiler for C# so that C# could be used for systems software development. David has a bachelor’s degree in engineering from Princeton University and a Ph.D. in Computer Science from Carnegie Mellon University.
|Marshall Van Alstyne (@InfoEcon) is coauthor of the international bestseller Platform Revolution. He is one of the world’s foremost experts on network business models and is the Questrom Chair Professor of Management at Boston University. He is a frequent speaker, board advisor, and consultant to startups and global firms. In 2019, Thinkers 50 named him one of the top management thinkers globally. His research has received more than 20,000 citations, a dozen academic awards, and appeared in such places as Science, Nature and Strategic Management Journal. Interviews appear regularly across Bloomberg, The Economist, The New York Times, The Wall Street Journal and National Public Radio. He studied computer science at Yale and information economics at MIT. He holds multiple patents; was among the first to measure the dollar value of social networks. Marshall is a husband and dad, who loves dogs, exercise, travel, and questions of governance.
|Dr. Sam Weber has worked in government, academia and industry. Currently he is a Program Officer at the Office of Naval Research and has been a Program Director at the National Science Foundation. Previously he has been a faculty member at Cornell University and the University of Pennsylvania, and a Research Staff Member at IBM’s TJ Watson Research Center.