Governance, Risk and Compliance

Meet the 23 cyber experts just named to CISA’s new advisory committee

Kevin Mandia, CEO of FireEye, testifies before the Senate Intelligence Committee March 30, 2017, in Washington. Mandia was one of 23 individuals named to the Cybersecurity and Infrastructure Security Agency’s inaugural cybersecurity advisory committee. (Photo by Win McNamee/Getty Images)

The Cybersecurity and Infrastructure Security Agency announced 23 individuals who will serve as on its newly established Cybersecurity Advisory Committee, pulling in experts on cyber policy from government, industry, academia and the media.

The list includes executives from some of the top tech and cybersecurity companies, including Microsoft Executive Vice President Chris Young; AWS Chief Information Security Officer Stephen Schmidt; Apple Vice President of Corporate Security George Stathakopoulos; Kevin Mandia from threat intelligence firm Mandiant; CloudFlare CEO Matthew Prince and investor; and Tenable board member Niloofar Razi Howe. It also includes cybersecurity consultant Alex Stamos.

Other industry executives include Johnson & Johnson CIO Marene Allison, Tom Fanning of Southern Company and MasterCard CISO Ronald Green.

On the government side, the agency has tapped Suzanne Spaulding, a senior advisor at the Center for Strategic and International Studies and former head of CISA’s predecessor agency, the National Protection and Programs Directorate. Austin, Texas, Mayor Steve Adler and Illinois Director of Emergency Management Alicia Tate-Nadeau were also named.

“We’re at a pivotal moment in our history — one that demands we think anew about ensuring the security and resilience of our digital infrastructure in the face of increasingly sophisticated cyber threats. That’s why I couldn’t be more pleased that some of our nation’s best thinkers have agreed to join our Cybersecurity Advisory Committee,” said CISA Director Jen Easterly in a statement.

A list of the 23 individuals named to CISA's inaugural cybersecurity advisory committee.

The committee’s first meeting will take place Dec. 10 and its work will focus on a broad range of threats facing both CISA and the stakeholders it supports, including disinformation, bolstering the cybersecurity workforce, securing critical infrastructure and improving collaborative relationships between CISA and the broader hacker community. According to a Federal Register notice, the committee will also receive its first classified briefing following the meeting to give members “the opportunity to discuss information concerning cybersecurity threats with senior Government intelligence officials.”

Many of the individuals tapped have significant backgrounds or experience dealing with some of the most high-profile cybersecurity issues that fall under CISA’s purview.

Twitter’s Vijaya Gadde helped steer the company’s evolving disinformation policies through the 2020 U.S. elections, while University of Washington professor Kate Starbird has helped pioneer groundbreaking research over the past decade into how bad actors manipulate social media platforms and leverage the broader internet ecosystem to spread false or misleading information.

Stamos served as chief security officer for Yahoo and Facebook, eventually leaving the latter in 2018 after criticizing the company’s unwillingness to substantively address Russian disinformation campaigns on the platform leading up to the 2016 U.S. presidential election. He has since formed his own cybersecurity consultant firm with former CISA leader Chris Krebs.

Mandia’s firm was the first organization to detect what would eventually become known as the SolarWinds campaign and was instrumental in sounding the alarm to dozens of other affected companies and government agencies.

In a press release, the agency said Easterly had also asked National Cyber Director Chris Inglis to help establish the committee and set its agenda.

Derek B. Johnson

Derek is a senior editor and reporter at SC Media, where he has spent the past three years providing award-winning coverage of cybersecurity news across the public and private sectors. Prior to that, he was a senior reporter covering cybersecurity policy at Federal Computer Week. Derek has a bachelor’s degree in print journalism from Hofstra University in New York and a master’s degree in public policy from George Mason University in Virginia.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.