Steven B. Lipner is the executive director of SAFECode, a non-profit organization dedicated to increasing trust in information and communications technology products and services through the advancement of effective software assurance methods. As executive director, Lipner serves as an ex officio member of the SAFECode board. In addition to providing strategic and technical leadership, his responsibilities include representing SAFECode to IT user and development organizations, to policymakers, and to the media.
Lipner is a pioneer in cybersecurity with over forty years’ experience as a general manager, engineering manager, and researcher. He retired in 2015 from Microsoft where he was the creator and long-time leader of Microsoft’s Security Development Lifecycle (SDL) team. While at Microsoft, Lipner also created initiatives to encourage industry adoption of secure development practices and the SDL, and served as a member and chair of the SAFECode board.
Lipner joined Microsoft in 1999 and was initially responsible for the Microsoft Security Response Center. In the aftermath of the major computer “worm” incidents of 2001, Lipner and his team formulated the strategy of “security pushes” that enabled Microsoft to make rapid improvements in the security of its software and to change the corporate culture to emphasize product security. The SDL is the product of these improvements.
At Mitretek Systems, Lipner served as the executive agent for the U.S. Government’s Infosec Research Council (IRC). At Trusted Information Systems (TIS), he led the Gauntlet Firewall business unit whose success was the basis for TIS’ 1996 Initial Public Offering. During his eleven years at Digital Equipment Corporation, Lipner led and made technical contributions to the development of numerous security products and to the operational security of Digital’s networks.
Throughout his career, Lipner has been a contributor to government and industry efforts to improve cybersecurity. Lipner was one of the founding members of the U.S. Government Information Security and Privacy Advisory Board and served a total of over ten years in two terms on the board. He has been a member of nine National Research Council committees and is named as coinventor on twelve U.S. patents. He was elected in 2010 to the Information Systems Security Association Hall of Fame, in 2015 to the National Cybersecurity Hall of Fame and in 2017 to the National Academy of Engineering.
Throughout his career, Eric Baize has been passionate about building security and privacy into systems and technology from design to deployment. He currently leads Dell EMC’s Product Security Office and serves as Chairman of SAFECode.
At Dell EMC, Eric leads the team that sets the standards and practices for all aspects of product security for the product portfolio: Vulnerability response, secure development, consistent security architecture, and code integrity throughout the supply chain.
Eric joined Dell through its combination with EMC where he built EMC’s highly successful product security program from the ground up and was a founding member of the leadership team that drove EMC’s acquisition of RSA Security in 2006. He later led RSA’s strategy for cloud and virtualization. Prior to joining EMC in 2002, Eric held various positions for Groupe Bull in Europe and in the US.
Eric has been a member of the SAFECode Board of Directors since the organization was founded in 2007 and also serves on the BSIMM Board of Advisors. He holds multiple U.S. patents, has authored international security standards, is a regular speaker at industry conferences and has been quoted in leading print and online news media. Eric holds a Masters of Engineering degree in Computer Science from Ecole Nationale Supérieure des Télécommunications de Bretagne, France and is a Certified Information Security Manager.
Follow Eric Baize on Twitter: @ericbaize
Frances Paulisch drives cross-company initiatives related to software and to IT security for products and solutions. These activities include strategic topics, best practice sharing, reporting, and training. A main focus of her work is empowering cross-functional teams to work together well over the whole development lifecycle. In particular with a focus on how to realize not only the set of features but also other relevant attributes such as performance, security, scalability etc. At Siemens she has driven the development of a role-based “Software Curriculum” qualification program which is established as one of the global core learning programs at Siemens. Dr. Paulisch has over 20 years experience in software engineering and management areas.
She is also active member of the global software engineering community, playing an active role in various major software conferences such as the International Conference on Software Engineering. She is also Chair of the Advisory Board of the IEEE Software magazine.
She received her doctorate in software engineering at the University of Karlsruhe in Germany and her Masters in Computer Science at Purdue University.
David Lenoe is Director, Secure Software Engineering at Adobe. In his role, Lenoe manages the Product Security Incident Response Team (PSIRT) dedicated to responding to and communicating about security issues, as well as the Adobe Secure Software Engineering Team (ASSET) responsible for ensuring Adobe’s products are designed, engineered and validated using security best practices. Lenoe is also responsible for Adobe’s vulnerability information sharing via the Microsoft Active Protections Program (MAPP). Lenoe represents Adobe on SAFECode’s Board of Directors.
Lenoe joined Adobe as part of the Macromedia acquisition in 2004. At Macromedia, Lenoe held several management and engineering positions in the areas of product security, product management and quality assurance.
Lenoe earned a BA in Japanese language and literature from Connecticut College.
Adobe is changing the world through digital experiences. For more information, visit www.adobe.com.
Throughout his professional career, Souheil Moghnie has been working in the software security domain with hands-on experience on developing, testing, and managing security products. He joined Symantec corporation in 1999 and then worked at Microsoft for a few years before coming back to Symantec. Since 2012 Mr. Moghnie has been working as a Software Security Architect, Coach, and a Security Advisor within the Software Security Group at Symantec where he co-authored the company’s Secure Development Life Cycle, managed the last company-wide security audit, developed and pioneered security best practices, trained sr. engineers in various areas of software security, and much more.
In addition, Mr. Moghnie is also heading the Encryption Review Board and the Open Source Security Review Board at Symantec. He also provides instructor-led training within Symantec in the areas of Threat Modeling, Secure Development, Security Testing, and Security Awareness.
Finally, Mr. Moghnie has a Master’s degree in Computer Science from California State University, Northridge (CSUN), and a Bachelor of Science in Computer Science from University of California, Los Angeles (UCLA). He is also a Certified Information Systems Security Professional (CISSP).
David Doughty is the Director of Product Security Engineering at Intel Corporation. In 2003 he led the formation of Intel’s security assurance initiative. Mr. Doughty drove the creation of robust programs to prevent the introduction, detect the presence and respond to vulnerabilities in all Intel products and services. He is currently a board member of SAFECode, the Software Assurance Forum for Excellence in Code.
Prior to joining Intel in 1997, Mr. Doughty worked in the Design Automation Industry where he led the development of commercial and proprietary tools to support the design and validation of semiconductors.
Mr. Doughty earned his Bachelor’s degree in Computer Engineering from the University of California, San Diego.
As head of the Securability Center of Excellence and Product Vulnerability Response teams Anders Magnusson is responsible for managing all aspects of the Secure Software Development Lifecycle at CA Technologies – including securability training and testing, architecture reviews, usage of 3rd party components and vulnerability response activities.
During his tenure at CA Technologies, Anders has held a number of different roles and responsibilities. After his start as a pre-sales technician in Europe, he spent several years working as liaison between corporate management in US and technical managers in Europe, Asia and South America. He later leveraged this experience as a software architect, designing standards for product development as well as best practices for solutions spanning multiple products.
Anders developed and continues to manage the Foundational Requirements for CA Solutions which establish basic standards for all products – such as accessibility, scalability, securability and upgradeability. Anders is a member of the CA Council for Technical Excellence and has contributed as a principal author for publications such as CA Technology Exchange, CA Green publications and a multitude of Best Practices documents.
Glenn Pittaway has spent nearly two decades working in IT security. After studying Jurisprudence at Oxford, he moved into computing, joining Microsoft Limited in 1993, and Windows security Program Management in 1999. He joined Trustworthy Computing Security in 2007, to work on assurance and certification strategy. Glenn runs the Government Security Program and Microsoft Transparency Centers, and spends most of his time working through software security assurance concerns with Governments worldwide.