As our world becomes maximally reliant on connected technologies and is thus exposed to considerable risk by their abuse or exploitation, I believe it’s essential we have a clear, consistent, and centralised way of identifying and classifying security vulnerabilities. Collaboration and discourse amongst all stakeholder groups - defenders, technology providers and operators, researchers, and governments - is also critical to ensure we make progress on reducing or mitigating risk. I work across these groups to promote more cooperation, understanding, and adoption of security best practices.
Previously, I worked for cybersecurity firm, Rapid7, for 11 years, building the company’s security research, advocacy, and community engagement functions, before founding my own company, NextJenSecurity. I serve on the UK’s Government Cyber Advisory Board, am an associate fellow of the Royal United Services Institute (RUSI), co-chair of the Ransomware Task Force, and serve on the boards of the CVE Program and the Center for Cybersecurity Policy and Law. I’m also the over-excited co-host of the Distilling Cyber Policy podcast, and my favorite career highlight (so far) was testifying before U.S. Congress.