I am an independent consultant focused on establishing trust in systems based on the trustworthiness characteristics of security, safety, reliability, resilience and privacy.

My current work is focused on developing profiles and mappings related to the IoT Security Maturity Model (SMM).

In addition to being a co-author of the IoT Security Maturity Model (SMM): Practitioner’s Guide, I am a co-creator of the fundamentals and advanced SMM training, a co-author of the IoT SMM: Retail Profile for Point-of-Sale Devices, the SMM Digital Twin Profile and the IoT Security Maturity Model: 62443 Mappings for Asset Owners, Product Suppliers and Service Providers white papers. I co-chair the joint ISA IIC Contributing group which has produced the 62443 Mappings and which is working on a NIST CyberSecurity Framework SMM mapping. I am also participating in the development of an SMM Mining Profile. My blog site has more details on this SMM work.

I have co-chaired the IIC Trustworthiness Task Group and have co-authored The Industrial Internet of Things Trustworthiness Framework Foundations document, IIC Journal of Innovation articles on Trustworthiness, as well as white papers on Software Trustworthiness Best Practices, Managing and Assessing Trustworthiness for IIoT in Practice, and Key Safety Challenges for the IIoT. In addition, I am a co-author of the IIC Security Framework and of an earlier draft of the IIC Vocabulary both of which have material related to this topic.

I have served as a member of the OASIS Board of Directors in many roles including Board Chair, Treasurer and Chair of the Finance and Audit Committee, Chair of the Board Governance and IPR Committees, Vice-Chair, Board Secretary, Chair of the Staffing Committee, Chair of Strategy Committee, and Technical Advisory Board Liaison. Accomplishments included developing the current OASIS IPR policy (including addition of RF and non-assert modes) updating the OASIS Bylaws; creating, reviewing and revising OASIS policies; revising the OASIS Process; developing governance for Open Projects, providing due diligence and guidance on OASIS finances and strategy; and generally working to improve the organization for members.

I have worked previously as a consultant for Fujitsu on several projects at the IIC, including the Security Maturity Model and Trustworthiness. I participated as an alternate on the IIC Steering Committee, on the OMG Architecture Board and on the OASIS Board of Directors on behalf of Fujitsu.

I have contributed to other security and identity management standardization activities in a variety of standards organizations such as chairing the W3C Devices and Sensors Working Group, co-chairing the Web Annotation Working Group and chairing the XML Security Working Group.

I have extensive security, privacy and distributed systems experience, having previously worked at Fujitsu, Nokia, the OSF Research Institute, AT&T Bell Laboratories, BBN, and CertCo as well as at several smaller companies.

I have a general interest in innovative and emerging technologies.