Technical Advisory Board


Jean-Philippe Aumasson

Jean-Philippe Aumasson

Jean-Philippe Aumasson, PhD is Principal Cryptographer at Kudelski Security, in Switzerland. He designed the SHA-3 finalist hash function BLAKE as well as BLAKE2 and SipHash. He is the initiator of the Cryptography Coding Standard and of the Password Hashing Competition. Jean-Philippe tweets as @veorq.

Nate Lawson

Nate Lawson

Nate Lawson is the founder of Root Labs and assists companies with the design of embedded security and cryptography. At Cryptography Research, Nate co-developed the Blu-ray content protection layer known as BD+. He is also the original developer of IBM/ISS RealSecure. Nate has presented at RSA, BlackHat and Usenix Security. Previous talks include common developer crypto mistakes and security flaws in the Fastrak RFID toll system.

Runa Sandvik

Runa A Sandvik

Runa A. Sandvik is a privacy and security researcher, and works at the intersection of technology, law and policy. She has worked on a variety of projects with The Tor Project since 2009, ranging from security research, development and project management to education, outreach, and support. As an undergraduate at the Norwegian University of Science and Technology, Runa was selected for the prestigious Google Summer of Code, where she worked on website translation tools for The Tor Project. She is a contributor to Forbes, writing on privacy, security and technology. Runa tweets as @runasand.

Bruce Schneier

Bruce Schneier

Bruce Schneier is an internationally renowned security technologist, called a “security guru” by The Economist. He is the author of 12 books—including Liars and Outliers: Enabling the Trust Society Needs to Survive—as well as hundreds of articles, essays, and academic papers. His newsletter and blog are read by over 250,000 people. Schneier is a fellow at the Berkman Center for Internet and Society at Harvard Law School, a program fellow at the New America Foundation's Open Technology Institute, and a board member of the Electronic Frontier Foundation.

Thomas Ptacek

Thomas H. Ptacek

Thomas H. Ptacek developed one of the first commercial security vulnerability scanners, ground breaking research in network intrusion detection evasion, as well as network anomaly and DDOS detection. He is a cofounder of Matasano Security, which specializes in vulnerability assessments of products such as operating systems, network appliances and software applications. Thomas has owned technical operations at Chicago’s most popular ISP, authored Insertion, Evasion, and Denial of Service, a landmark paper which broke every shipping intrusion detection product on the market, and at Arbor Networks led the development of a security product deployed on the backbone of virtually every tier-1 ISP worldwide. Thomas tweets as @tqbf.

Jim Denaro

Jim Denaro

Jim Denaro is the founder of CipherLaw, a Washington, D.C.-based law firm and focuses his practice on legal and technical issues faced by innovators in information security. Denaro is a frequent speaker and writer on the subject and has experience in a wide range of technologies, including intrusion detection, botnet investigation, incident response and cryptography. He has a degree in computer engineering and has completed professional coursework at MIT and Stanford in information security. He also holds technical certifications from the Cloud Security Alliance (CCSK) and Cisco Systems (CCENT), and is a CISSP. He is a registered patent attorney and is pursuing graduate legal studies in national security at Georgetown University. He tweets on security and intellectual property as @CipherLaw.

Moxie Marlinspike

Moxie Marlinspike

Moxie Marlinspike is a fellow at the Institute for Disruptive Studies and a co-founder of Whisper Systems. He has more than fifteen years of experience attacking networks. He is the author of sslsniff, used by the MD5 hash collion team to deploy their rogue CA cert, and sslstrip, which implements Moxie's deadly "stripping" technique for rendering communication insecure. He was the chief technology officer and co-founder of Whisper Systems, acquired by Twitter in 2011. Together with Trevor Perrin, Moxie created TACK (Trust Assertions For Certificate Keys), an IETF draft for a dynamically activated public key pinning framework that provides a layer of indirection away from Certificate Authorities, but provides full backwards compatible with existing CA certificates, and does not require sites to modify their existing certificate chains. His tools have been featured in many publications, including Hacking Exposed, Forbes, The Wall Street Journal, The New York Times, and Security Focus as well as on international TV. Additionally, he runs a cloud-based WPA cracking service, manages the GoogleSharing targeted anonymity service, and is the author of the sailing film Hold Fast.

Trevor Perrin

Trevor Perrin

Trevor Perrin is an independent consultant who designs and reviews cryptographic systems. Recent projects include public-key pinning (TACK), key agreement (TripleDH), asynchronous messaging (Axolotl Ratchet), and password-authenticated key exchange.

Joseph Lorenzo Hall

Joe Hall

Joseph Lorenzo Hall, PhD is the Chief Technologist at the Center for Democracy & Technology, a Washington, DC-based non-profit organization dedicated to ensuring the Internet remains free, open and innovative. Prior to joining CDT in late 2012, Hall was a postdoctoral research fellow with Helen Nissenbaum at New York University, Ed Felten at Princeton University and Deirdre Mulligan at University of California, Berkeley.

Hall’s current work focuses on policy mechanisms that promote trustworthiness and transparency in information systems, as core functions of society and government become networked and computerized. Hall’s work at CDT is split between Consumer Privacy, Health Privacy and National Security. Hall received his PhD in information systems from the UC Berkeley School of Information. His PhD thesis used electronic voting as a critical case study in digital government transparency. Hall holds master’s degrees in astrophysics and information systems from UC Berkeley and was a founding member of the National Science Foundation’s ACCURATE Center. He has served as an expert on independent teams invited by the States of California, Ohio and Maryland to analyze legal, privacy, security, usability and economic aspects of voting systems, and currently serves on the board for VerifiedVoting.org. In 2012, Hall received the John Gideon Memorial Award from the Election Verification Network for contributions to election verification. He tweets on privacy, security and technology as @JoeBeOne.


Board of Directors

Matthew Green

Matthew D Green

Matthew D. Green, PhD is a professor of computer science at Johns Hopkins University. He teaches applied cryptography and builds secure systems. Green trained under Susan Hohenberger and Avi Rubin, and his research includes techniques for privacy-enhanced information storage, anonymous payment systems, and bilinear map-based cryptography. Green formerly served as a senior research staff member at AT&T Labs. Together with Kenneth White, he co-founded the TrueCrypt audit project, a community-driven initiative to conduct the first comprehensive cryptanalysis and public security audit of the widely used TrueCrypt encryption software. He blogs at Cryptography Engineering, and talks about cryptography and privacy @matthew_d_green.

Marcia Hofmann

Marica Hofman

Marcia Hofmann is an attorney who litigates, counsels, writes, and speaks about a broad range of technology law and policy issues. In 2013 she launched a boutique law practice focusing on computer crime and security, electronic privacy, encryption, free expression, and intellectual property. Prior to that, she was a senior staff attorney at the Electronic Frontier Foundation, where she continues to serve as special counsel. She is also a non-residential fellow at Stanford's Center for Internet and Society and an adjunct professor at University of California Hastings College of the Law. You can follow her on Twitter at @marciahofmann.


Kenneth White

Kenneth White

Kenneth White is a security researcher whose work focuses on networks and global systems. He is co-director of the Open Crypto Audit Project (OCAP), currently managing a large-scale audit of OpenSSL on behalf of the Linux Foundation's Core Infrastructure Initiative. Previously, White was Principal Scientist at Washington DC-based Social & Scientific Systems where he led the engineering team that designed and ran global operations and security for the largest clinical trial network in the world, with research centers in over 100 countries. White co-founded CBX Group which provides security services to major organizations including World Health, UNICEF, Doctors without Borders, the US State Department, and BAO Systems. Together with Matthew Green, White co-founded the TrueCrypt audit project, a community-driven initiative to conduct the first comprehensive cryptanalysis and public security audit of the widely used TrueCrypt encryption software.

White holds a Masters from Harvard and is a PhD candidate in neuroscience and cognitive science, with applied research in real-time classification and machine learning. His work on network security and forensics and been cited by media including the Wall Street Journal, Forbes, Reuters, Wired and Nature. White is a technical reviewer for the Software Engineering Institute, and publishes and speaks frequently on computational modeling, security engineering, and trust. He is @kennwhite on Mastodon and Twitter.