Comprised of the IT security's industry's thought leaders, SC's Editorial Advisory Board offers insight about marketplace happenings, ideas for features and news, thoughts on technology and threat trends, editorial contributions and more. The Board's corporate CSOs, industry analysts, educational practitioners, consultants and leading vendors all lend their knowledge and experience to help SC continue to offer the most timely editorial and product reviews in the industry.

• Rich Baich, principal, security and privacy practice, Deloitte and Touche LLP; former chief information security officer, ChoicePoint, Inc.
• David Burton, director of product management, Check Point Software Technologies
• Jaime Chanaga, managing director, The CSO Board Consulting
• Rufus Connell, research director for information technology, Frost & Sullivan
• Dave Cullinane, chief information security officer, eBay
• Mary Ann Davidson, chief security officer, Oracle Corporation
• Dennis Devlin is currently chief information security officer at Brandeis University
• Gerhard Eschelbeck, chief technology officer and senior vice president for engineering, Webroot Software Inc.
• Gene Fredriksen, senior director, corporate information security officer, Tyco International
• Bob Gleichauf, chief technology officer, VPN and security business unit, Cisco Systems, Inc.
• Lloyd Hession, chief security officer, BT Radianz
• Paul Kurtz, partner and chief operating officer, Good Harbor Consulting
• Kris Lovejoy, director of Tivoli strategy at IBM
• Tim M. Mather, chief security strategist, RSA Conference
• Stephen Northcutt, president, The SANS Institute
• Marc Rogers, associate professor and research scientist at The Center for Education and Research in Information Assurance and Security (CERIAS), Purdue University
• Randy Sanovic, general director, information systems security, GM
• Howard Schmidt, president and chief executive officer, R&H Consulting LLC
• Craig Spiezle, director, online safety technologies, Microsoft
• Toby Weiss, president and chief executive officer, Application Security, Inc.
• Amit Yoran, CEO, NetWitness Corp.
• Ed Zeitler, executive director, (ISC)²

Rich Baich is principal for security and privacy at Deloitte and Touche. He has led multi-national teams designing, implementing, measuring and advising organizations to effectively and efficiently balance risk, technology and data management decisions with data protection risks, regulatory compliance issues, privacy and security controls. Baich is former CISO at ChoicePoint where he held enterprise-wide responsibility for information and technology security. Previously, he held leadership positions within NSA, McAfee and the FBI. In 2005, Baich authored "Winning as a CISO," a security executive leadership guidebook.

David Burton, director of product management, Check Point Software Technologies

Jaime Chanaga is chairman and CEO of The CSO Board LLC, a consulting firm dedicated to helping leaders solve critical strategic issues and make lasting substantial improvements in their performance. Chanaga is a co-author of the book "Corporate Security in the Information Age." You can reach him at http://www.csoboard.com, where you can read his blog on business, strategy, technology, security and executive insights. Chanaga is an avid reader and enjoys listening to jazz music and playing the piano.

Dave Cullinane is the CISO for eBay Marketplaces. Prior to joining eBay, Cullinane was the CISO for Washington Mutual. Previously, he also served as a senior consultant for nCipher and as the director of information security for Sun Life of Canada's U.S. operations. He also helped create Digital Equipment Corporation's security consulting practice. Cullinane is a charter member of the Alliance for Enterprise Security Risk Management (AESRM) -- an alliance of security professional associations dedicated to advancing the profession. He is the past international president of the Information Systems Security Association (ISSA) and a charter member of the Global Council of Chief Security Officers. He also serves on ASIS International's Information Technology Security Committee (ITSC). Cullinane was nominated for SC Magazine's Information Security Executive of the Year for 2004 and 2005 and awarded Global Award as Chief Security Officer of the Year for 2005.

Mary Ann Davidson is CSO at Oracle Corporation and is responsible for Oracle product security, as well as security evaluations, assessments and incident handling. Davidson also represents Oracle on the Board of Directors of the Information Technology Information Security Analysis Center (IT-ISAC). Prior to joining Oracle in 1988, Davidson served as a commissioned officer in the U.S. Navy Civil Engineer Corps, during which she was awarded the Navy Achievement Medal. Davidson has a bachelor's degree from the University of Virginia and an MBA from the Wharton School of the University of Pennsylvania. In her spare time, Davidson is an enthusiastic outdoors person and participates in several sports, including surfing, alpine and cross-country skiing and fly-fishing.

Dennis Devlin is currently chief information security officer at Brandeis University. He has over 35 years of information technology leadership experience in private industry and higher education. Prior to his current role Dennis was vice president and chief security officer of The Thomson Corporation, a member of the senior IT management team at Harvard University, and began his career as a software developer and systems analyst for American Hoechst Corporation. Dennis is a graduate of the University of Pennsylvania and has completed extensive continuing education in information technology and management. He has been a frequent presenter on information security at universities and conferences including the RSA Security Conference, SC Magazine US Forum and Gartner IT Security Summit. Dennis has also served on CSO advisory boards for RSA, Qualys, Verdasys, GeoTrust and SC Magazine.

Gerhard Eschelbeck is CTO and senior vice president of engineering at Webroot Software, where he is responsible for developing and driving overall product strategy and managing the company's development and threat research teams. Previously, Eschelbeck served as CTO and vice president of engineering of Qualys, where he pioneered the company's Software as a Service based vulnerability management platform. He was senior vice president of engineering for security products at Network Associates, vice president of engineering of anti-virus products at McAfee, and founder of IDS GmbH, a secure remote control company acquired by McAfee. Eschelbeck has presented his research to Congress and at numerous security conferences. He is a frequent contributor to the SANS Top 20 expert consensus identifying the most critical security vulnerabilities. Eschelbeck is also the author of "Laws of Vulnerabilities." He is one of the inventors of the Common Vulnerability Scoring System (CVSS) and holds numerous patents in the field of managed network security. Gerhard holds master's and PhD degrees in computer science from the University of Linz, Austria.

Gene Fredriksen is senior director, corporate information security officer, Tyco International. Formerly he was the principal consultant of the Burton Group, which focuses on security architecture and infrastructure, information risk management, security governance, compliance and identity management. Prior to joining Burton, he served as CSO of Raymond James Financial and worked at Eaton Corporation and American Family Insurance. Fredriksen is also a certified Information Security Manager (CISM) and has been a participant in numerous security and risk management groups, including as past chair of the BITS Security and Risk Assessment Steering Committee and member of the Financial Services Sector Coordinating Council research and development committee. Currently, he is chair of the St. Petersburg College Information Security Programs Advisory Board. In 2004, Fredriksen was selected as a top five information security executive in the United States by the Executive Alliance.

Bob Gleichauf is chief technology officer, VPN and security business unit, Cisco Systems, Inc.

Paul Kurtz is the chief operating officer of Good Harbor, advising clients on cyber-security and homeland security issues. Kurtz has served as the founding executive director of the Cyber Security Industry Alliance (CSIA), an advocacy group dedicated to ensuring the privacy, reliability and integrity of information systems. Prior to joining CSIA, Kurtz was special assistant to the president and senior director for critical infrastructure protection on the White House's Homeland Security Council (HSC), where he was responsible for both physical and cybersecurity. Prior to his White House work, Kurtz served as political advisor to Operation Provide Comfort in Incirlik, Turkey, and as science attaché in Vienna, Austria. He participated in several arms control inspection teams, traveling to Iraq and North Korea. Kurtz received his Bachelor's degree from Holy Cross College and his Master's degree in international public policy from Johns Hopkins University's School of Advanced International Studies.

Tim Mather is the former vice-president of technology strategy in Symantec's office of the chief technology officer, responsible for coordinating the company's long-term technical and intellectual property strategy. Previously, he served for nearly seven years as Symantec's CISO where he was responsible for development of all information systems security policies, oversight of implementation of all security-related policies and procedures and all information systems audit-related activities. Prior to joining Symantec, Mather was the manager of security at VeriSign. Additionally, he was formerly manager of Information Systems Security at Apple Computer. Mather's experience also includes seven years in Washington, D.C. working on secure communications for a classified, national-level command, control, communications and intelligence (C3I) project, which involved both civilian and military departments and agencies. Mather holds Master's degrees in national security studies from Georgetown University, and international policy studies from Monterey Institute of International Studies. He holds a bachelor's degree in political economics from the University of California, Berkeley.

Kris Lovejoy is director of Tivoli Strategy at IBM

Tim Mather is chief security strategist, RSA Conference

Stephen Northcutt serves as president of the SANS Technology Institute, a post-graduate level IT security college (http://www.sans.edu). Northcutt is author of "Incident Handling Step-by-Step," "Intrusion Signatures and Analysis," "Inside Network Perimeter Security - Second Edition," "IT Ethics Handbook," "SANS Security Essentials," "SANS Security Leadership Essentials and Network Intrusion Detection -Third Edition." He was the original author of the Shadow intrusion detection system before accepting the position of chief for information warfare at the Ballistic Missile Defense Organization. Northcutt is a graduate of Mary Washington University. Before entering the computer security field, he worked as a Navy helicopter search and rescue crewman, white water raft guide, chef, martial arts instructor, cartographer and network designer.

Marc Rogers is the chair of the Cyber Forensics Program in the Department of Computer and Information Technology at Purdue University. He is an associate professor and also a research faculty member at the Center for Education and Research in Information Assurance and Security (CERIAS). Rogers was a senior instructor for (ISC)2, the international body that certifies information system security professionals (CISSP), is a member of the quality assurance board for (ISC)2's SCCP designation and is the international chair of the Law, Compliance and Investigation Domain of the Common Body of Knowledge (CBK) committee. He is a former police detective who worked in the area of fraud and computer crime investigations. Rogers is the editor-in-chief of the Journal of Digital Forensic Practice and co-editor of the Journal of Digital Forensics Security and Law, and sits on the editorial board for several other professional journals. Rogers is the author of numerous book chapters and journal publications in the field of digital forensics and applied psychological analysis.

Randolph (Randy) N. Sanovic is the general director of information security for General Motors (GM), responsible for GM's information security strategy, programs, plans and global information security posture. Previously, Sanovic served as director, information systems security, for United Healthcare where his responsibilities included reorganizing the corporation's disparate information security functions into a worldwide well-managed function, and developing an effective strategic IT security plan. He has also served as manager, computer security planning for Mobil, responsible for the corporation's overall information security posture, strategy, programs, plans and policies. Sanovic is also a member of the board of directors of the International Information Systems Security Certification Consortium (ISC)², (ISC)²'s treasurer, chairman of the Board Audit Committee, co-chair of (ISC)²'s America's Advisory Board and a member of the National Computer Systems Security and Privacy Advisory Board. He holds a bachelor's degree and an MBA.

Howard A. Schmidt is president and CEO of R&H Security Consulting. He also serves as the international president of the Information Systems Security Association (ISSA) and has recently been appointed to the Information Security Privacy Advisory Board (ISPAB). Previously, Schmidt was appointed by President Bush as the vice chair, and then chair, of the President's Critical Infrastructure Protection Board and as the special adviser for Cyberspace Security for the White House. Schmidt was also CSO for Microsoft, where his duties included forming and directing the Trustworthy Computing Security Strategies Group. Schmidt is a co-author of the Black Book on Corporate Security and author of "Patrolling Cyberspace, Lessons Learned from a Lifetime in Data Security." He holds a bachelor's degree in business administration and a master's degree in organizational management from the University of Phoenix and an honorary doctorate degree in humane letters. Schmidt is a professor of practice at the Georgia Institute of Technology, the Georgia Tech Information Security Center and adjunct senior fellow with Carnegie Mellon's CyLab.

Craig Spiezle is director, online safety technologies, Microsoft

Toby Weiss is president and chief executive officer, Application Security, Inc. Previously, Weiss was senior vice president and general manager of CA's business unit. Weiss was responsible for CA's Global Technology Delivery services in the Northeast U.S. including CA's headquarters in Long Island, N.Y. A true lover of technology, Weiss has a B.S. in computer science from the University of Michigan and currently lives in New York City with his wife.

Amit Yoran is the chairman and CEO of NetWitness Corp (http://www.netwitness.com), provider of network-based forensics, investigations and incident-response technologies. Previously Yoran served as the Bush Administration cyber-czar, CEO and advisor to In-Q-Tel (venture capital arm of the CIA), vice president of Worldwide Managed Security Services at Symantec, founder and CEO of Riptech and director of vulnerability programs at the Department of Defense's CERT. Yoran currently serves as a director on the boards of several innovative security companies including Guidance Software (GUID), Guardium, Digital Sandbox and Trust Digital.

Ed Zeitler is executive director, (ISC)². Formerly, he was CISO for Volkswagen Credit, Charles Schwab & Co., Fidelity Investments, Bank of America, and Security Pacific National Bank