The CyberTheory Institute drives change through dialogue, leadership, and action to help solve the greatest Cybersecurity challenges of our time.
Zero Trust is becoming both the security model of choice for enterprises looking to up their game and change the relationship dynamic between the attackers and defenders, and a pure marketing movement at the same time.
Far too valuable and necessary a concept and operational model to be abused by hype, our Zero Trust advocates have actively formed a volunteer team to promote and advance the Zero Trust agenda throughout our community of senior security practitioners by demonstrating all of the ways in which Zero Trust can and should be implemented and for all of the right reasons.
Our goal is to change the shape of Cybersecurity’s defense agenda so that it fits around the Zero Trust reference architecture and forever re-arranges the attacker/defender dynamic.
Meet the Leaders of our Zero Trust Initiative
These experts are highly regarded and widely recognized proponents and/or originators of Zero Trust principles dating back to the early days of cybersecurity research and product development, and they all share a passion for getting it right.
John Kindervag is the ‘Father of Zero Trust’, who as an analyst at Forrester invented the term and defined the reference architecture for a network whose five basic principles defined the notion of zero trust. John went on to become the CTO of Palo Alto networks, influencing the design of their network product suite whose policies now determine who can transit the microperimeters at any point in time, preventing access to what John has coined the “protect surface” by unauthorized users and preventing the exfiltration of sensitive data.
Dr. Chase Cunningham, aka the Doctor of Zero Trust, is a recipient of Security magazine’s Most Influential People in Security, and is currently Ericom’s Chief Strategy Officer. In this role, Chase shapes the company’s strategic vision, roadmap and key partnerships. Dr. Cunningham previously served as vice president and principal analyst at Forrester Research, providing strategic guidance on Zero Trust, artificial intelligence, machine learning and security architecture design for security leaders around the globe. And prior to Forrester, as Chief of Cryptologic Technologies, NSA, Chase directed all research and development of cyber entities to assess threat vectors, network forensics, and methodologies of nefarious cyber actors across the intelligence enterprise.
Richard Bird is an internationally recognized identity-centric security expert who has been a CIO and CISO and the global head of identity management for JP Morgan Chase. Now, he is chief customer information officer for Ping Identity. Richard religiously believes that Zero trust is wholly dependent upon identity-centric security in order to achieve the data-centric security that zero trust models need to embrace. An executive board member of IDSA along with 26 member Cybersecurity vendor firms, Richard’s passion is uninfluenced by specific product or service.
Eve Maler is the original XMLgrrl, and is ForgeRock’s CTO. She is a globally recognized strategist, innovator, and communicator on digital identity, security, privacy, and consent, with a passion for fostering successful ecosystems and individual empowerment. She has been at the forefront of almost every innovation in identity in the Internet age, including co-creating such landmark technologies as XML and innovating and leading standards such as SAML and User-Managed Access (UMA), and has also served as a Forrester Research security and risk analyst with John. A strong advocate of Zero Trust Identity, Eve is tireless in her support of our goals.
Jeremy Grant is a member of Venable’s Cybersecurity Risk Management Group, where he advises clients on policy impacts across the IT, cybersecurity, identity, and payments sectors. Jeremy joined Venable after serving as a managing director at The Chertoff Group. Before that, he established and led the National Program Office for the National Strategy for Trusted Identities in Cyberspace (NSTIC), for NIST and also served as NIST’s senior executive advisor for identity management, leading efforts to improve identity and authentication for individuals and devices in the NIST Roadmap. A strong advocate for Zero Trust Identity, Jeremy travels and presents globally on the criticality of getting it right.
Tom Kellermann is the Head of Cybersecurity Strategy for VMware Inc. Previously Kellermann held the position of Chief Cybersecurity Officer for Carbon Black Inc. In 2020, he was appointed to the Cyber Investigations Advisory Board for the United States Secret Service, and in 2017, Kellermann was appointed the Wilson Center’s Global Fellow for Cyber Policy. Kellermann previously held the positions of Chief Cybersecurity Officer for Trend Micro; VP of Security for Core Security and Deputy CISO for the World Bank Treasury. In 2008 Kellermann was appointed a Commissioner on the Commission on Cyber Security for the 44th President of the United States.
Sam Curry is the CSO at Cybereason. Curry was also CTO and CISO for Arbor Networks (NetScout) and was CSO and SVP R&D at Microstrategy in addition to senior security roles at McAfee and CA. He spent seven years at RSA variously as CSO, CTO and SVP of Product and as Head of RSA Labs. Curry also has over 25 patents in security from his time as a Security Architect, has been a leader in two successful startups and is a board member of the Cybersecurity Coalition, of SSH Communications and of Sequitur Labs (in the IoT security space) in addition to a number of advisorships across the security spectrum. Curry is also a Visiting Fellow at the National Security Institute and a very early advocate for Zero Trust.
Tony Scott Tony Scott is the CEO of the Tony Scott Group, and a Senior Advisor for Cybersecurity and Privacy at Squire Patton Boggs, a prominent International law firm. Until January 2017, he served in the Obama administration as the 3rd Federal Chief Information Officer for the U.S. Government, and in that capacity, he created the government wide response plan after the OPM cybersecurity hacking incident, including the Cybersecurity Sprint and Implementation Plan (CSIP), which dramatically improved the information systems security posture of the Federal Government. His numerous appearances before Congress, providing CXO level public and private sector insight on matters such as digital workplace transformation, cybersecurity, governance, open data, and workforce diversity have been widely recognized. An early proponent of Zero Trust principles, in prior roles, Tony was the CIO at Vmware, the CIO at Microsoft, CIO at the Walt Disney Company, and CTO at General Motors Information Systems & Services.
Greg Touhill is director of the SEI’s world-renowned CERT Division, where he leads researchers, software engineers, security analysts, and digital intelligence specialists working together to research security vulnerabilities in software products, contribute to long-term changes in networked systems, and develop cutting-edge information and training to improve the practice of cybersecurity. Greg was appointed by former President Barack Obama to be the first chief information security officer (CISO) of the United States government. Previously, he served in the Department of Homeland Security (DHS) as deputy assistant secretary in the Office of Cybersecurity and Communications. Greg is a 30-year veteran of the U.S. Air Force where he was an operational commander at the squadron, group, and wing levels. He retired from the Air Force with the rank of brigadier general.
Dr. Gene Spafford is one of the senior, most recognized leaders in the field of computing. His research and development work, including work with his students, underlies cyber security mechanisms in use on millions of systems in use today, including work in firewalls, intrusion detection, vulnerability scanners, integrity monitoring, forensics, and security architectures. He is responsible for a number of “firsts” in several of these areas and was an early originator and proponent of the Zero Trust approach to Cybersecurity.