I am an independent consultant focused on establishing trust in systems based on the trustworthiness characteristics of security, safety, reliability, resilience and privacy.

My current work includes creating a Trustworthiness framework at the Industrial Internet Consortium (IIC) as well as developing an IoT Security Maturity Model (SMM).

I am co-chairing the IIC Trustworthiness Task Group and have co-authored papers for the Trustworthiness issue of the IIC Journal of Innovation , as well as white papers on Software Trustworthiness Best Practices, Managing and Assessing Trustworthiness for IIoT in Practice, and Key Safety Challenges for the IIoT. In addition, I am an author of the IIC Security Framework and of the IIC Vocabulary which have material related to this topic.

The IIC IoT Security Maturity Model (SMM) enables stakeholders to set a maturity target, assess the system of interest against this target, determine gaps and create a roadmap to address the gaps. The maturity model includes guidance on governance, enablement and hardening, thus addressing process, technology and operations concerns. It is suitable for industrial IoT and other systems. I am a co-author of the IIC Security Maturity Model (SMM): Description and Intended Use and also a co-author of the IIC Security Maturity Model (SMM) Practitioner’s Guide. I am also developing training on the topic with the team.

I am active on the OASIS Board of Directors as Treasurer and Chair of the OASIS Board Finance and Audit Committee as well as the Chair of the OASIS Board Governance and IPR Committee. Previously I was OASIS Chair of the Board, Vice-Chair, and chair of the Staffing and Strategy Board Committees.

I previously worked as a consultant for Fujitsu on several projects at the IIC, including the Security Maturity Model and Trustworthiness. I participated as an alternate on the IIC Steering Committee, on the OMG Architecture Board and on the OASIS Board of Directors on behalf of Fujitsu. I am now continuing on the OASIS Board of Directors and at the IIC on Trustworthiness as an individual. I am currently working with Microsoft on the IIC IoT Security Maturity Model.

I have contributed to other security and identity management standardization activities in a variety of standards organizations. Earlier I chaired the W3C Devices and Sensors Working Group, co-chaired the Web Annotation Working Group and chaired the XML Security Working Group.

I have extensive security, privacy and distributed systems experience, having previously worked at Nokia, the OSF Research Institute, AT&T Bell Laboratories, BBN, and CertCo as well as at several smaller companies.

I have a general interest in innovative and emerging technologies.