CyberTheory logo

CyberTheory Institute

About the CyberTheory Institute

The CyberTheory Institute drives change through dialogue, leadership and action to help solve the greatest cybersecurity challenges of our time.

These challenges present themselves across a variety of channels, each dealing with issues that can have a major impact on the world of cybersecurity. Issues include Zero Trust as a strategy and framework for the advancement of a different way to organize data, access, application and services in our computing environments and raise the bar for defense against cyber attacks.

Zero Trust is becoming both the security model of choice for enterprises looking to up their game and change the relationship dynamic between the attackers and defenders and a pure marketing movement at the same time.

Far too valuable and a necessary concept and operational model to be abused by hype, some Zero Trust advocates have actively formed a volunteer team of the willing to promote and advance the Zero Trust agenda throughout our community of senior security practitioners by demonstrating all of the ways in which Zero Trust can and should be implemented and for all of the right reasons.

Our goal is to change the shape of cybersecurity’s defense agenda so that it fits around the Zero Trust strategy and forever rearranges the attacker/defender dynamic.

Meet the Leaders of our Zero Trust Initiative

These experts are highly regarded and widely recognized proponents and/or originators of Zero Trust principles dating back to the early days of cybersecurity research and product development, and they all share a passion for getting it right.

Download Brochure

John Kindervag is the ‘Father of Zero Trust’, who as an analyst at Forrester, invented the term and defined the reference architecture for a network whose five basic principles defined the notion of Zero Trust. John is also the co-founder of the CyberTheory Institute and an executive fellow. John went on to become the CTO of Palo Alto Networks, influencing the design of their network product suite whose policies now determine who can transit the micro perimeter at any point in time, preventing access to what John has coined the “protect surface” by unauthorized users and preventing the exfiltration of sensitive data.

Brian Barnier is a co-founder of the CyberTheory Institute. He is the director of decision science and analytics at ValueBridge Advisors. He also co-founded Think.Design.Cyber. to pioneer critical, systems and design thinking in the cybersecurity discipline. Barnier is also a guest professor of decision science at the City University of New York. Previously, he taught operations and finance at the graduate level across several U.S. universities; he has been a guest lecturer in Russia and Mexico and served on the faculty of the Wharton ABA Stonier Graduate School of Banking. Additionally, Barnier wrote The Operational Handbook for Financial Companies and has been a contributing author to other books on Risk Management. Prior to his work at ValueBridge Advisors, Brian led teams to nine U.S. patents in technology with AT&T, Nokia and IBM. In 2021, Barnier earned the coveted Joseph J. Wasserman award presented by ISACA for outstanding achievement in information technology risk, governance and security.

Steve King has served in senior leadership roles in technology development and deployment for the past 25 years. He is an author, lecturer and serial startup founder, including three successful exits in cybersecurity and served for six years as the CISO for Well Fargo Global Retail banking. As a co-founder of the CyberTheory Institute, Steve is passionate about the role Zero Trust must play in the future of cybersecurity defense. Steve is currently the Managing Director of CyberTheory and has held leadership roles in marketing and product development, operating as CEO, CTO and CISO for several startups, and has served as CIO for Memorex and was the co-founder of the Cambridge Systems Group.

Dr. Chase Cunningham, aka the Doctor of Zero Trust, is a recipient of Security magazine’s Most Influential People in Security and is currently Ericom’s Chief Strategy Officer. In this role, Chase shapes the company’s strategic vision, roadmap and key partnerships. Dr. Cunningham previously served as vice president and principal analyst at Forrester Research, providing strategic guidance on Zero Trust, artificial intelligence, machine learning and security architecture design for security leaders around the globe. And prior to Forrester, as Chief of Cryptologic Technologies, NSA, Chase directed all research and development of cyber entities to assess threat vectors, network forensics and methodologies of nefarious cyber actors across the intelligence enterprise.

Richard Bird is an internationally recognized identity-centric security expert who has been a CIO and CISO and the global head of identity management for JP Morgan Chase. Now, he is Chief Product Officer at SecZetta. Richard religiously believes that Zero trust is wholly dependent upon identity-centric security in order to achieve the data-centric security that Zero Trust models need to embrace. An executive board member of IDSA along with 26 member cybersecurity vendor firms, Richard’s passion is uninfluenced by a specific product or service.

Eve Maler is the original XMLgrrl and is ForgeRock’s CTO. She is a globally recognized strategist, innovator and communicator on digital identity, security, privacy and consent, with a passion for fostering successful ecosystems and individual empowerment. She has been at the forefront of almost every innovation in identity in the Internet age, including co-creating such landmark technologies as XML and innovating and leading standards such as SAML and User-Managed Access (UMA), and has also served as a Forrester Research security and risk analyst with John. A strong advocate of Zero Trust Identity, Eve is tireless in her support of our goals.

Jeremy Grant is a member of Venable’s Cybersecurity Risk Management Group, where he advises clients on policy impacts across the IT, cybersecurity, identity and payments sectors. Jeremy joined Venable after serving as a managing director at The Chertoff Group. Before that, he established and led the National Program Office for the National Strategy for Trusted Identities in Cyberspace (NSTIC) for NIST and also served as NIST’s senior executive advisor for identity management, leading efforts to improve identity and authentication for individuals and devices in the NIST Roadmap. A strong advocate for Zero Trust Identity, Jeremy travels and presents globally on the criticality of getting it right.

Tom Kellermann is the senior vice president of cyber strategy at Contrast Security.  Previously, Kellermann held the position of head of cybersecurity strategy for VMware Inc. and before that he was the chief cybersecurity officer for Carbon Black Inc. In 2020, he was appointed to the Cyber Investigations Advisory Board for the United States Secret Service, and in 2017, Kellermann was appointed the Wilson Center’s Global Fellow for Cyber Policy. Kellermann previously held the positions of chief cybersecurity officer for Trend Micro; VP of Security for Core Security and Deputy CISO for the World Bank Treasury. In 2008 Kellermann was appointed a commissioner on the Commission on Cyber Security for the 44th President of the United States.

Sam Curry is the CSO at Cybereason. Curry was also CTO and CISO for Arbor Networks (NetScout) and was CSO and SVP R&D at Microstrategy in addition to senior security roles at McAfee and CA. He spent seven years at RSA variously as CSO, CTO and SVP of Product and as Head of RSA Labs. Curry also has over 25 patents in security from his time as a Security Architect, has been a leader in two successful startups and is a board member of the Cybersecurity Coalition, of SSH Communications and of Sequitur Labs (in the IoT security space) in addition to a number of advisorships across the security spectrum. Curry is also a visiting fellow at the National Security Institute and a very early advocate for Zero Trust.

Tony Scott is the CEO of the Tony Scott Group and a senior advisor for Cybersecurity and Privacy at Squire Patton Boggs, a prominent international law firm. Until January 2017, he served in the Obama administration as the 3rd federal chief information officer for the U.S. Government, and in that capacity, he created the government-wide response plan after the OPM cybersecurity hacking incident, including the Cybersecurity Sprint and Implementation Plan (CSIP), which dramatically improved the information systems security posture of the Federal Government. His numerous appearances before Congress, providing CXO level public and private sector insight on matters such as digital workplace transformation, cybersecurity, governance, open data and workforce diversity have been widely recognized. An early proponent of Zero Trust principles, in prior roles, Tony was the CIO at Vmware, the CIO at Microsoft, CIO at the Walt Disney Company and CTO at General Motors Information Systems & Services.

Greg Touhill is director of the SEI’s world-renowned CERT Division where he leads researchers, software engineers, security analysts and digital intelligence specialists working together to research security vulnerabilities in software products, contribute to long-term changes in networked systems and develop cutting-edge information and training to improve the practice of cybersecurity. Greg was appointed by former President Barack Obama to be the first chief information security officer (CISO) of the United States government. Previously, he served in the Department of Homeland Security (DHS) as deputy assistant secretary in the Office of Cybersecurity and Communications. Greg is a 30-year veteran of the U.S. Air Force where he was an operational commander at the squadron, group and wing levels. He retired from the Air Force with the rank of brigadier general.

Chuck Brooks, who heads a consultancy, is a globally recognized thought leader and evangelist for cybersecurity and emerging technologies. LinkedIn named him as one of “The Top 5 Tech People to Follow on LinkedIn.” He was named by Thomson Reuters as a “Top 50 Global Influencer in Risk, Compliance” and by IFSEC as the “#2 Global Cybersecurity Influencer” in 2018. Chuck serves as the SME for cybersecurity for the U.S. Homeland Defense and Security Information Analysis Center, is a former technology partner advisor at the Bill and Melinda Gates Foundation, served on the EC-Council Global Advisory Board and the MIT Technology Review Advisory Board and is chairman of the CompTIA New and Emerging Technologies Committee.
John Remo is senior vice president of Global Infrastructure & Cybersecurity, Warner Music Group and a strong proponent of Zero Trust principles. He has led his team through the move of all applications to the cloud, consolidation of legacy applications and implementation of single sign-on and multi-factor authentication. Prior to joining Warner Music Group, John was vice president of Cloud Infrastructure Engineering & Operations at Openlink Financial where he defined and executed the global strategy for building and supporting both public and private clouds for global tier 1 banking, energy and trading institutions, with a heavy emphasis on automation, security and compliance. John’s strategy and vision have consistently focused on cloud and cybersecurity excellence to reduce cyber and compliance risks, increasing operating efficiencies to enable revenue growth.
George Finney is the CISO for Southern Methodist University and an early proponent of the Zero Trust strategy he is implementing today. George was recognized in 2021 as one of the top 100 CISOs in the world by CISOs Connect. George has worked in cybersecurity for nearly 20 years and has helped startups, global telecommunications firms and nonprofits improve their security posture. As a part of his passion for education, George has taught cybersecurity at Southern Methodist University. George is the bestselling author of several cybersecurity books including the award-winning, Well Aware: Master the Nine Cybersecurity Habits to Protect Your Future.
Robert LaMagna-Reiter is a leading, trusted Information Security & Risk Management professional. As CISO for Hudl, Robert leads information security strategies and roadmaps, oversees risk management, strategy, architecture, engineering, regulatory compliance, privacy and IT governance. Leveraging more than 17 years of expertise, Robert is a strategic advisor, consulting & partnering to achieve security initiatives, helping others to understand the value and risk alignment to their enterprise through proper security strategy. Robert holds several industry certifications including CISSP, CISM, CDPSE & Security+.  His experience includes leadership roles in information security for transportation, government communications, retail, e-commerce, managed services and SaaS industries.
Lionel Jacobs Jr. is part of the Palo Alto Networks ICS and SCADA solutions team working as a senior security architect. Lionel has spent the last 23 plus years working in the IT/OT environment with a focus on ICS systems design, controls and implementation. Lionel was a pioneer in bridging the IT-OT security gap and implementing next-generation security into performance and safety-critical process control areas. During his tenure, he successfully deployed a large-scale ICS/SCADA security architecture comprised of over 100 next-generation firewalls, 100s of advanced endpoint protection clients and SIEM, distributed over dozens of remote plants and a centralized core, all based on a Zero Trust philosophy. Lionel graduated from Houston Baptist University with a double degree in Physics and Mathematics.
Prachee Kale is the co-founder of Think.Design.Cyber to pioneer critical, systems and design thinking in the cybersecurity discipline and founding executive fellow of the CyberTheory Institute. In 2020, Prachee co-authored an award-winning research article “Cybersecurity: The End Game” published in Taylor and Francis’s EDPACs journal. Prachee’s multi-disciplinary career is focused on bridging gaps between business ROI, technology and people. She has successfully led cybersecurity initiatives and managed cybersecurity board reporting and budgets. Prachee is also an executive coach and D&I practitioner who uniquely assists her clients achieve high-value business outcomes and career success through diverse, high-performing teams, without sacrificing personal fulfillment. Prachee also advises growth companies focused on human-centered, sustainable products & technology.

They also include Design and Systems Thinking, a completely different way to approach the pre-architectural design processes that lead us to our current cybersecurity product mix, a mix that has demonstrated for a variety of reasons, that it cannot withstand the imagination and sophistication of the modern breach. Our goal is to change the way we approach Design Thinking so that we don’t keep inventing solutions based on the thinking that we used to get us here in the first place.

Our founding executive fellows include Brian Barnier and Prachee Kale, along with a remarkably astute support team of folks who have been practicing out-of-the-box thinking for years.

Events will include educational coursework and bespoke curriculum designed to elevate the science and art of creative thinking and delivered through the CyberEd.io portal, dinners and fireside chats with distinguished and widely known guests who have made significant contributions to the global intellectual body of work around CyberTheory.

Our goal is to challenge and reform cybersecurity’s architectural influences so that future systems and products will reflect the design principles of Zero Trust and beyond, and to move the needle in the direction of advantage for the good actors trying to gain a foothold in the constant battle for superiority in defense of innovative cyber attacks, both near-term and future varieties.

It is well known that one of the major contributors to our failure to build complete defenses and to maintain our existing protective solutions is the cybersecurity skills gap that keeps widening every year. The reasons behind this gap are myriad and complex. They range from a lack of exposure for high school and college-aged students to the world of cybersecurity contrasted with say, the STEM movement of the last 20 years, to the inadequacy of public, private and online educational offerings and processes for enhanced learning.

Our goal is to participate directly in the online learning markets through the development of a comprehensive offering curated by cybersecurity leaders widely acknowledged and well-known in the security practitioner space.

This offering is known as CyberEd.io and is planned to launch in early 2022.

The platform objectives are to make cybersecurity learning fun and accessible and to assist enterprises in the implementation and customization of learning paths and curricula that match their individual requirements. The content will be a mix of coursework available from other 3rd party sources with coursework custom-designed by our advisory team to address topics that aren’t available elsewhere and supplemented by our guest lecture series sourced from our International Summits.

We will cover Critical Design and Systems Thinking, Zero Trust, Identity Authentication, Proofing and Access Management, MFA, Digital Transformation, Ransomware, Cloud Computing Complexities, Operational Technology, IoT and IIoT, Cryptocurrency, AI/ML, Social Engineering, Mobile and Remote Computing Management, as well as other coursework not presently addressed by commercial offerings in the space.

As we strongly believe modern cybersecurity marketing continues to repeat the mistakes of the past by relying on conventional campaigns and marketing programs that may have been appropriate in a different era, we know that we cannot continue this path into a future so top-heavy with competitive offerings.

So, our intent is to tap into the creative competencies of leading-edge marketers to explore and develop new programs and campaigns that will connect with buyers in today’s highly competitive marketplace, characterized by 5,000 competitors and do so in ways that have not need regularly attempted in traditional B2B marketing scenarios.

We are convinced that the era of D2H marketing has arrived in cybersecurity and we have some defined approaches to “direct to human” messaging and positioning that rely on the brand story and the way it is told that we want to share with the marketing community.

Our goal is to improve the authenticity of our clients’ messaging, to relieve the level of noise that conventional campaigns have created with which our CISO community must deal and develop new and entertaining narrative approaches that capture the attention and engage targeted personas on their buyer journeys in an extended era of remote work.

Our events and programs will resemble our approach to Zero Trust in that we will conduct fireside chats with folks who have been willing to push the envelope of creativity and out-of-box thinking to attack crowded markets in ultra-noisy sectors.

We want to contribute to changing the nature of cybersecurity marketing and improve its efficacy while removing the irritations found in fantastic and inauthentic messaging.

Menu