Julia H. Allen is a Senior Member of the Technical Staff within the CERT Program at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, Pennsylvania. In addition to her work in software security and assurance, Allen is engaged in developing and transitioning executive outreach programs in enterprise security and governance. Prior to this technical assignment, Allen served as Acting Director of the SEI for an interim period of six months as well as Deputy Director/Chief Operating Officer for three years. She formalized the SEI’s relationship with industry organizations and created the Customer Relations team.

Before joining the SEI, Allen was a Vice President at Science Applications International Corporation (SAIC), responsible for starting a new software division specializing in embedded systems software. Allen led SAIC’s initial efforts in software process improvement. Allen also worked at TRW (now Northrop Grumman), tackling a range of assignments from systems integration, testing, and field site support to managing major software development programs.

Her degrees include a B.S. in Computer Science from the University of Michigan and an M.S. in Electrical Engineering from the University of Southern California. Allen is the author of The CERT^® Guide to System and Network Security Practices (Addison-Wesley, 2001), Governing for Enterprise Security (CMU/SEI-2005-TN-023, 2005), and the CERT Podcast Series: Security for Business Leaders (2006–2008).

Sean Barnum is a Principal Consultant at Cigital, Inc., and is Technical Lead for Cigital’s federal services practice. He has more than twenty years of experience in the software industry in the areas of development, software quality assurance, quality management, process architecture and improvement, knowledge management, and security. Barnum is a frequent contributor and speaker for regional and national software security and software quality publications, conferences, and events. He is very active in the software assurance community and is involved in numerous knowledge standards-defining efforts, including the Common Weakness Enumeration (CWE), the Common Attack Pattern Enumeration and Classification (CAPEC), and other elements of the Software Assurance Programs of the Department of Homeland Security and the Department of Defense. He is also the lead technical subject matter expert for the Air Force Application Software Assurance Center of Excellence.

As a member of the Survivable Systems Engineering Team within the CERT Program at the Software Engineering Institute, Robert J. Ellison has served in a number of technical and management roles. He was a project leader for the evaluation of software engineering development environments and associated software development tools. He was also a member of the Carnegie Mellon University team that wrote the proposal for the SEI; he joined the new FFRDC in 1985 as a founding member.

Before coming to Carnegie Mellon, Ellison taught mathematics at Brown University, Williams College, and Hamilton College. At Hamilton College, he directed the creation of the computer science curriculum. Ellison belongs to the Association for Computing Machinery (ACM) and the IEEE Computer Society.

Ellison regularly participates in the evaluation of software architectures and contributes from the perspective of security and reliability measures. His research draws on that experience to integrate security issues into the overall architecture design process. His current work explores developing reasoning frameworks to help architects select and refine design tactics to mitigate the impact of a class of cyberattacks. He continues to work on refinements to the Survivability Analysis Framework.

Gary McGraw is the Chief Technology Officer at Cigital, Inc., a software security and quality consulting firm with headquarters in the Washington, D.C., area. He is a globally recognized authority on software security and the author of six best-selling books on this topic. The latest book is Exploiting Online Games (Addison-Wesley, 2008). His other books include Java Security, Building Secure Software, Exploiting Software, and Software Security; he is also editor of the Addison-Wesley Software Security series. Dr. McGraw has written more than ninety peer-reviewed scientific publications, authors a monthly security column for darkreading.com, and is frequently quoted in the press as an expert on software security.

Besides serving as a strategic counselor for top business and IT executives, Dr. McGraw is on the advisory boards of Fortify Software and Raven White. He received a dual Ph.D. in Cognitive Science and Computer Science from Indiana University, where he serves on the Dean’s Advisory Council for the School of Informatics. Dr. McGraw is also a member of the IEEE Computer Society Board of Governors and produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine.

Nancy R. Mead is a Senior Member of the Technical Staff in the Survivable Systems Engineering Group, which is part of the CERT Program at the Software Engineering Institute. She is also a faculty member in the Master of Software Engineering and Master of Information Systems Management programs at Carnegie Mellon University. Her research interests are in the areas of information security, software requirements engineering, and software architectures.

Prior to joining the SEI, Mead was Senior Technical Staff Member at IBM Federal Systems, where she spent most of her career in the development and management of large real-time systems. She also worked in IBM’s software engineering technology area and managed IBM Federal Systems’ software engineering education department. She has developed and taught numerous courses on software engineering topics, both at universities and in professional education courses.

To date, Mead has more than one hundred publications and invited presentations. She is a fellow of the Institute of Electrical and Electronic Engineers (IEEE) and the IEEE Computer Society, and is also a member of the Association for Computing Machinery (ACM). Mead received her Ph.D. in Mathematics from the Polytechnic Institute of New York and received a B.A. and an M.S. in Mathematics from New York University.