With over two decades of experience at the intersection of technology, cybersecurity, and open-source innovation, I have built a career shaping global security standards and advancing collaboration across government, industry, and academia. From pioneering early Internet infrastructure to leading transformative security programs at NIST, GSA, and the Center for Internet Security (CIS), my work has consistently focused on transparency, automation, and community-driven security solutions. As a CVE Board Member since 2013, I have championed stakeholder engagement and helped design the CVE federation and services models now used worldwide.
My leadership philosophy is rooted in consensus-building, team development, and driving forward complex cybersecurity challenges. I continue to push the boundaries of security innovation—collaborating across government, industry, academia, and international forums to make cybersecurity more accessible, scalable, and effective.
Show MoreDetailed Biography
I began my career in 1996, leading operations for a regional Internet service provider in central Pennsylvania. There, I was an early adopter of Linux, open-source software, and Internet standards, fueling my passion for giving back to the open-source community. Building early Internet infrastructure provided invaluable experience in systems and network administration, scalable architectures, design, collaboration, and automation—skills that have defined my career in IT and cybersecurity.
As an early employee at the Center for Internet Security (CIS), I led the development of automated benchmarking and system hardening tools, marking a major innovation in security data standards. Collaborating with engineers across government and industry, I contributed to the development of formats like CVE, CVSS, and Common Platform Enumeration (CPE) foundational elements of the Security Content Automation Protocol (SCAP). My tenure at CIS and NIST centered on fostering security communities and expanding these critical standards.
From 2007 to 2009, I led the National Vulnerability Database, transforming it from a growing research project into a robust enterprise application supporting the vulnerability management community.
Since 2013, I have served on the CVE Board, working to broaden participation, enhance automation, and advocate for the needs of vulnerability information users. I played a key role in designing the federated CVE services model, now used by all CNA (CVE Numbering Authorities), and have championed Additional Data Publisher (ADP) capabilities and CVE working groups to deepen stakeholder engagement. My ongoing focus remains on transparency, diversity, and community collaboration within CVE.
Prior to joining the Foundation, I spent 17 years in federal service, holding technology and cybersecurity leadership roles at NIST and GSA. I spearheaded efforts on SCAP, the Open Security Controls Assessment Language (OSCAL), and FedRAMP, while also chairing working groups within the Internet Engineering Task Force (IETF) and CVE. These roles cemented my reputation as a trusted authority in cybersecurity standards, research, and strategic implementation, while also teaching me how to scale innovations for global adoption.
I am a senior strategic leader passionate about community engagement and innovation, consistently driving progress on complex cybersecurity challenges. My leadership style is collaborative, forward-thinking, and deeply rooted in empowering teams and fostering consensus across industry, government, and academia.