Board of Directors


Steven B. Lipner – Executive Director, SAFECode

Steven B. Lipner is a pioneer in cybersecurity with over 40 years’ experience as a general manager, engineering manager, and researcher. He retired in 2015 from Microsoft where he was the creator and long-time leader of Microsoft’s Security Development Lifecycle (SDL) team. While at Microsoft, Lipner also created initiatives to encourage industry adoption of secure development practices and the SDL, and served as a member and chair of the SAFECode board.

Lipner joined Microsoft in 1999 and was initially responsible for the Microsoft Security Response Center. In the aftermath of the major computer “worm” incidents of 2001, Lipner and his team formulated the strategy of “security pushes” that enabled Microsoft to make rapid improvements in the security of its software and to change the corporate culture to emphasize product security. The SDL is the product of these improvements.

At Mitretek Systems, Lipner served as the executive agent for the U.S. Government’s Infosec Research Council (IRC). At Trusted Information Systems (TIS), he led the Gauntlet Firewall business unit whose success was the basis for TIS’ 1996 Initial Public Offering. During his eleven years at Digital Equipment Corporation, Lipner led and made technical contributions to the development of numerous security products and to the operational security of Digital’s networks.

Throughout his career, Lipner has been a contributor to government and industry efforts to improve cybersecurity. He currently serves as the chair of the U.S. Government’s Information Security and Privacy Advisory Board (ISPAB). Lipner was one of the founding members of the board’s predecessor and is now serving his third term as a board member. He was elected in 2010 to the Information Systems Security Association Hall of Fame, in 2015 to the National Cybersecurity Hall of Fame and in 2017 as a Fellow of (ISC)2 and to the National Academy of Engineering. He holds an appointment as adjunct professor of computer science at the Institute for Software Research, School of Computer Science of Carnegie Mellon University and is named as coinventor on twelve U.S. patents.

 Sangeeta Arora – Senior Manager, Security at Adobe

Security/IT leader with experience in vendor security, penetration testing, regulatory standards (GDPR, CCPA) as well as governance, risk, and compliance. Experience in program management as well as leading and mentoring team members through operational tasks and various projects. Possesses natural tendency to form strategic cross functional partnerships for managing and executing successful projects.

Eric Baize – Chairman, SAFECode; Vice President, Product & Application Security, Dell Technologies

Throughout his career, Eric Baize has been passionate about building security and privacy into systems and technology from design to deployment. He currently leads Dell’s Product & Application Security organization and serves as Chairman of SAFECode.

At Dell, Eric leads the organization responsible for driving enhanced security practices into the lifecycle of all Dell products and internally developed cloud and IT applications. His responsibilities include managing the Secure Development Lifecycle (SDL) and the Product Security Incident Response Team (PSIRT) for the company.

Eric joined Dell through its merger with EMC where he built the highly successful EMC Product Security Office from the ground up. He was also a member of the leadership team that drove EMC’s acquisition of RSA Security, and he helped lead RSA’s cloud and virtualization strategy. Prior to joining EMC in 2002, Eric held various positions for Groupe Bull in Europe and in the US.

Eric has served on the SAFECode Board of Directors since the organization was founded in 2007. He holds multiple U.S. patents, has authored international security standards and is a regular speaker at industry conferences.

Follow Eric Baize on Twitter: @ericbaize

Souheil Moghnie – Technical Director and Security Architect, Norton LifeLock

Throughout his professional career, Souheil Moghnie has been working in the software security domain with hands-on experience on developing, testing, and managing security products. He joined Norton LifeLock in 1999 and then worked at Microsoft for a few years before coming back to Norton LifeLock. Since 2012 Mr. Moghnie has been working as a Software Security Architect, Coach, and a Security Advisor within the Software Security Group and the Norton BU at Norton LifeLock where he co-authored the company’s Secure Development Life Cycle, managed the last company-wide security audit, developed and pioneered security best practices, trained sr. engineers in various areas of software security, and much more.

In addition, Mr. Moghnie is also heading the Encryption Review Board and the Open Source Security Review Board at Norton LifeLock. He also provides instructor-led training within Norton LifeLock in the areas of Threat Modeling, Secure Development, Security Testing, and Security Awareness.

Finally, Mr. Moghnie has a Master’s degree in Computer Science from California State University, Northridge (CSUN), and a Bachelor of Science in Computer Science from University of California, Los Angeles (UCLA). He is also a Certified Information Systems Security Professional (CISSP).

Mark Cartwright – Security Group Program Manager at Microsoft

Mark Cartwright is a Group Program Manager in Microsoft Security, Compliance, Identity and Management.  His group is responsible for working with the Microsoft engineering teams in applying a high level of security engineering to products and services in both development and operations.  His responsibilities also include corporate security strategies and policies that apply to Microsoft’s products and Cloud services. Mark Cartwright has been at Microsoft for 19 years, prior to taking his current position in Redmond he was a Practice Manager in Microsoft UK’s consulting business. Before joining Microsoft, Mark was Chief Technology Officer at a major web hosting and global domain name management company managing highly available, highly secure customer facing websites for a variety of clients from small/medium to large corporate. He previously worked as IT Director at a UK multi utility company.  There he supported a diverse range of technologies running business critical systems. He has an MSc in Information Systems and has master’s level certification in the IT Infrastructure Library standard.

Dr. Holger Dreger  –  Siemens

Dr. Holger Dreger studied computer science at the Universität des Saarlandes, with focus on computer networks and cryptography. In 2007, he received his Ph.D from the Technische Universität München for his work on network intrusion detection and network traffic analysis. He joined Siemens Corporate Technology in 2006 as Security Consultant. In his customer projects he specializes in system security analyses and did security assessments of numerous critical services.

Edward Bonver –  Director, Security Architecture and Risk Evaluation at Raytheon Technologies

Edward is Director of Security Architecture and Risk Evaluation team at Raytheon Technologies. He brings over 20 years of diverse developer, assurance, and product cybersecurity experience. Former gigs include Symantec and Digital Equipment Corporation; developing real-time operating systems and networking protocols, and building, as well as leading product security programs at large enterprises.

As a software security evangelist and product cybersecurity subject matter expert, Edward frequently speaks at global software industry security events and contributes to various security community forums and industry alliances. Edward is a Certified Information Systems Security Professional (CISSP), and a Certified Secure Software Lifecycle Professional (CSSLP).

Staff


Megan Cannon - Senior Program Manager, SAFECode

Megan Cannon, Senior Program Manager, Virtual, inc., has worked with SAFECode since 2016, helping SAFECode achieve its mission by providing strategic guidance and operational support to the board of directors and technical leadership council. Before Virtual, Megan worked in higher education and theatre, where she helped children make healthy choices and see through media messages, assisted Batman with crime-fighting, and wrangled elves for Santa at Macy's in NYC. Fun Fact about Megan, she can teach anyone to juggle!