I am an independent consultant focused on establishing trust in systems based on the trustworthiness characteristics of security, safety, reliability, resilience and privacy.

My current work includes developing and promoting an understanding of Trustworthiness at the Industry IoT Consortium (IIC) as well as developing an IoT Security Maturity Model (SMM).

I am co-chairing the IIC Trustworthiness Task Group and have co-authored The Industrial Internet of Things Trustworthiness Framework Foundations document, IIC Journal of Innovation articles on Trustworthiness, as well as white papers on Software Trustworthiness Best Practices, Managing and Assessing Trustworthiness for IIoT in Practice, and Key Safety Challenges for the IIoT. In addition, I am a co-author of the IIC Security Framework and of an earlier draft of the IIC Vocabulary both of which have material related to this topic.

In addition to being a co-author of the IoT Security Maturity Model (SMM): Practitioner’s Guide, I am a co-creator of the fundamentals and advanced SMM training, a co-author of the IoT SMM: Retail Profile for Point-of-Sale Devices, an upcoming SMM Digital Twin Profile and the IoT Security Maturity Model: 62443 Mappings for Asset Owners and Product Suppliers white papers. I co-chair the joint ISA IIC Contributing group which has produced the 62443 Mappings and which is working on further mapping updates. My blog site has more details on this SMM work.

I have served as a member of the OASIS Board of Directors in many roles including Board Chair, Treasurer and Chair of the Finance and Audit Committee, Chair of the Board Governance and IPR Committees, Vice-Chair, Board Secretary, Chair of the Staffing Committee, Chair of Strategy Committee, and Technical Advisory Board Liaison. Accomplishments included developing the current OASIS IPR policy (including addition of RF and non-assert modes) updating the OASIS Bylaws; creating, reviewing and revising OASIS policies; revising the OASIS Process; developing governance for Open Projects, providing due diligence and guidance on OASIS finances and strategy; and generally working to improve the organization for members.

I have worked previously as a consultant for Fujitsu on several projects at the IIC, including the Security Maturity Model and Trustworthiness. I participated as an alternate on the IIC Steering Committee, on the OMG Architecture Board and on the OASIS Board of Directors on behalf of Fujitsu.

I have contributed to other security and identity management standardization activities in a variety of standards organizations such as chairing the W3C Devices and Sensors Working Group, co-chairing the Web Annotation Working Group and chairing the XML Security Working Group.

I have extensive security, privacy and distributed systems experience, having previously worked at Fujitsu, Nokia, the OSF Research Institute, AT&T Bell Laboratories, BBN, and CertCo as well as at several smaller companies.

I have a general interest in innovative and emerging technologies.