I am an independent consultant focused on establishing trust in systems based on the trustworthiness characteristics of security, safety, reliability, resilience and privacy.

My current work includes creating a Trustworthiness framework at the Industrial Internet Consortium (IIC) as well as developing an IoT Security Maturity Model (SMM).

I am co-chairing the IIC Trustworthiness Task Group. We have just published our Industrial Internet of Things Trustworthiness Framework Foundations document. I have also co-authored papers for the Trustworthiness issue of the IIC Journal of Innovation , as well as white papers on Software Trustworthiness Best Practices, Managing and Assessing Trustworthiness for IIoT in Practice, and Key Safety Challenges for the IIoT. In addition, I am an author of the IIC Security Framework and of the IIC Vocabulary which have material related to this topic.

The IIC IoT Security Maturity Model (SMM) enables stakeholders to set a maturity target, assess the system of interest against this target, determine gaps and create a roadmap to address the gaps. The maturity model includes guidance on governance, enablement and hardening, thus addressing process, technology and operations concerns. It is suitable for industrial IoT and other systems. I am a co-author of the IIC Security Maturity Model (SMM): Description and Intended Use and also a co-author of the IIC Security Maturity Model (SMM) Practitioner’s Guide. I am currently working on industry profiles and mappings to standards such as ISA/IEC 62443.

I have served as a member of the OASIS Board of Directors in many roles including Board Chair, Treasurer and Chair of the Finance and Audit Committee, Chair of the Board Governance and IPR Committees, Vice-Chair, Board Secretary, Chair of the Staffing Committee, Chair of Strategy Committee, and Technical Advisory Board Liaison.

Accomplishments included developing the current OASIS IPR policy (including addition of RF and non-assert modes); updating the OASIS Bylaws; creating, reviewing and revising OASIS policies; revising the OASIS Process; developing governance for Open Projects, providing due diligence and guidance on OASIS finances and strategy; and generally working to improve the organization for members.

I have worked as a consultant for Fujitsu on several projects at the IIC, including the Security Maturity Model and Trustworthiness. I participated as an alternate on the IIC Steering Committee, on the OMG Architecture Board and on the OASIS Board of Directors on behalf of Fujitsu.

I have contributed to other security and identity management standardization activities in a variety of standards organizations such as chairing the W3C Devices and Sensors Working Group, co-chairing the Web Annotation Working Group and chairing the XML Security Working Group.

I have extensive security, privacy and distributed systems experience, having previously worked at Nokia, the OSF Research Institute, AT&T Bell Laboratories, BBN, and CertCo as well as at several smaller companies.

I have a general interest in innovative and emerging technologies.