Steven B. Lipner – Executive Director, SAFECode

Steven B. Lipner is a pioneer in cybersecurity with over 40 years’ experience as a general manager, engineering manager, and researcher. He retired in 2015 from Microsoft where he was the creator and long-time leader of Microsoft’s Security Development Lifecycle (SDL) team. While at Microsoft, Lipner also created initiatives to encourage industry adoption of secure development practices and the SDL, and served as a member and chair of the SAFECode board.

Lipner joined Microsoft in 1999 and was initially responsible for the Microsoft Security Response Center. In the aftermath of the major computer “worm” incidents of 2001, Lipner and his team formulated the strategy of “security pushes” that enabled Microsoft to make rapid improvements in the security of its software and to change the corporate culture to emphasize product security. The SDL is the product of these improvements.

At Mitretek Systems, Lipner served as the executive agent for the U.S. Government’s Infosec Research Council (IRC). At Trusted Information Systems (TIS), he led the Gauntlet Firewall business unit whose success was the basis for TIS’ 1996 Initial Public Offering. During his eleven years at Digital Equipment Corporation, Lipner led and made technical contributions to the development of numerous security products and to the operational security of Digital’s networks.

Throughout his career, Lipner has been a contributor to government and industry efforts to improve cybersecurity. He currently serves as the chair of the U.S. Government’s Information Security and Privacy Advisory Board (ISPAB). Lipner was one of the founding members of the board’s predecessor and is now serving his third term as a board member. He was elected in 2010 to the Information Systems Security Association Hall of Fame, in 2015 to the National Cybersecurity Hall of Fame and in 2017 as a Fellow of (ISC)2 and to the National Academy of Engineering. He holds an appointment as adjunct professor of computer science at the Institute for Software Research, School of Computer Science of Carnegie Mellon University and is named as coinventor on twelve U.S. patents.

John Heimann – Member Council Chair

John Heimann is Vice President, Security Program Management in Oracle’s Global Product Security organization. He is responsible for defining and overseeing development programs that improve the security assurance of Oracle’s products. Mr. Heimann has 27 years experience in security program and product management at Oracle. Prior to Oracle, he worked 14 years at BBN Corporation and GTE Government Systems Corporation, on secure network, cryptographic, and key management research, design, development, and vulnerability analysis programs for US Federal government customers. From 2009-2013, Mr. Heimann served on an advisory panel for the information assurance leadership in the US Federal government. Mr. Heimann has an AB in Physics, cum laude, from Harvard University.

Manuel Ifland – Member Council Vice Chair
Siemens Energy

Manuel Ifland works as Principal Industrial Cybersecurity Consultant in the central cybersecurity department of Siemens Energy in Erlangen, Germany. In his role, he supports product development and project business worldwide in questions related to cybersecurity regulation and legislation. His focus areas are secure product development processes and the IEC 62443 standard series. Manuel represents Siemens Energy in aspects of industrial and OT cybersecurity in external bodies such as the German Electro and Digital Industry Association (ZVEI), the Federation of German Industries (BDI), and the Software Assurance Forum for Excellence in Code (SAFECode). He is always passionate about increasing the cybersecurity of our critical infrastructure and has conducted risk analysis workshops, security assessments, and penetration tests in many different technological areas. Manuel is a Certified Information Systems Security Professional (CISSP) and holds a diploma in computer science from the Karlsruhe Institute of Technology (KIT) in Germany.

Eric Baize – Board Chairman
Vice President, Product & Application Security, Dell Technologies

Throughout his career, Eric Baize has been passionate about building security and privacy into systems and technology from design to deployment. He currently leads Dell’s Product & Application Security organization and serves as Chairman of SAFECode.

At Dell, Eric leads the organization responsible for driving enhanced security practices into the lifecycle of all Dell products and internally developed cloud and IT applications. His responsibilities include managing the Secure Development Lifecycle (SDL) and the Product Security Incident Response Team (PSIRT) for the company.

Eric joined Dell through its merger with EMC where he built the highly successful EMC Product Security Office from the ground up. He was also a member of the leadership team that drove EMC’s acquisition of RSA Security, and he helped lead RSA’s cloud and virtualization strategy. Prior to joining EMC in 2002, Eric held various positions for Groupe Bull in Europe and in the US.

Eric has served on the SAFECode Board of Directors since the organization was founded in 2007. He holds multiple U.S. patents, has authored international security standards and is a regular speaker at industry conferences.

Follow Eric Baize on Twitter: @ericbaize

Tony Rice – Board Treasurer

Tony Rice leads the assurance organization responsible for Microsoft security engineering policy and standards used in the development and operations of Microsoft products and cloud services. His responsibilities include managing Microsoft’s Security Development Lifecycle (SDL) and the Government Security Program; an assurance program designed to help national governments build Trust in Microsoft’s products and services. Tony is passionate about security and throughout his career he has been responsible for building security into technology. Since joining Microsoft, he has held multiple security focused positions including managing a consultancy practice in the UK and product security assurance in USA. Prior to joining Microsoft, Tony worked as an engineering leader for a UK Government department.


Megan Cannon – Senior Program Manager, SAFECode

Megan Cannon, Senior Program Manager, Virtual, inc., has worked with SAFECode since 2016, helping SAFECode achieve its mission by providing strategic guidance and operational support to the board of directors and technical leadership council. Before Virtual, Megan worked in higher education and theatre, where she helped children make healthy choices and see through media messages, assisted Batman with crime-fighting, and wrangled elves for Santa at Macy’s in NYC. Fun Fact about Megan, she can teach anyone to juggle!