Technology Advisors

Dan Boneh, Co-founder, Voltage Security

Dr. Dan Boneh is a leading authority in the fields of cryptography and computer science. As a Professor of Computer Science at Stanford University, Dr. Boneh leads the applied cryptography group. Dr. Boneh is co-inventor of the Identity-Based Encryption from the Weil Pairing, along with Dr. Matt Franklin of the University of California at Davis.

Dr. Boneh works on various topics in applied cryptography and computer security. His focus is on building security mechanisms that are easy to use and deploy. Along with his students, he developed new mechanisms for web security, file system security, and copyright protection. Dr. Boneh contributed to the security and performance of the RSA cryptosystem, developed new privacy mechanisms, and contributed to the study of cryptographic watermarking.

The author of over 60 technical publications, Dr. Boneh holds a Ph.D. from Princeton University and has received numerous awards, including the Packard Award, the Alfred P. Sloan Award, the Terman Award and several NSF grants.

Brian Snow, Former Technical Director, NSA

Mathematician and computer scientist, Brian Snow taught mathematics and helped found the computer science department at Ohio University in the 1960’s. He joined the National Security Agency in 1971 where he became a cryptologic designer and security systems engineer.

Brian spent his first 20 years at NSA doing and directing research that developed cryptographic components and secure systems. Many cryptographic systems serving the U.S. government and military use his algorithms; they provide capabilities not previously available, and span a range from nuclear command and control to tactical radios for the battlefield. Computer Security and Network Security were major aspects for these systems. He created and managed NSA’s Secure Systems Design division in the 1980s. He has many patents, awards, and honors attesting to his creativity.

His later years at NSA were the model for what it means to be a senior Technical Director at NSA (similar to a Chief Scientist or Senior Technical Fellow in industry); he served in that capacity in three major mission components – The Research Directorate (1994-1995), The Information Assurance Directorate (1996-2002), and The Directorate for Education and Training –NSA’s Corporate University (2003-2006).

He was the first Technical Director appointed at the “Key Component” level at NSA, and the only “techie” at NSA to serve in such a role across three different Directorates.

In all of his positions, he insisted that the actions NSA took to provide intelligence for our national and military leaders should not put U.S. citizens’ persons or rights at risk. He was a leading voice for always assessing the unintended consequences of both success and failure prior to taking action.

Brian graduated from the University of Colorado with a BSc and MA in Mathematics.

Eric Rescorla, Chief Scientist, Network Resonance

Eric Rescorla is Chief Scientist of Network Resonance, Inc., a networking research and development company in Palo Alto, California and a recognized expert in the field of network and communications security.

In his consulting practice, he has led a number of research and development projects that combined communications security and advanced distributed systems for clients ranging from startups to Fortune 50 companies. He publishes widely in both academic and popular forums and his research has been reported in CNET, the New Scientist, and The New York Times.

Eric is also active in the standards process. He is co-chair of the IETF TLS Working Group and has served on the Internet Architecture Board since 2002. He is also the editor of the TLS and HTTP over TLS specifications, as well as numerous other IETF documents. He is the author of the standard text on SSL/TLS, SSL and TLS: Designing and Building Secure Systems.

Hovav Shacham, Assistant Professor of Computer Science and Engineering, U.C. San Diego

Dr. Hovav Shacham joined UC San Diego’s Department of Computer Science and Engineering in Fall 2007.

Dr. Shacham’s research interests are in applied cryptography, systems security, and tech policy. Dr. Shacham is the inventor of return-oriented programming, an attack against security measures (such as Windows Vista’s DEP) that distinguish “good code” from “bad code.”

He is also one of the pioneers in using pairings-computable bilinear maps over certain elliptic curves-to construct cryptographic systems. His thesis, “New Paradigms in Signature Schemes,” was runner up for the Stanford Department of Computer Science’s Arthur L. Samuel Thesis Award, and was nominated for the ACM Doctoral Dissertation Competition. At the Weizmann, Shacham taught a survey on pairings in cryptography, one of the first such courses to be offered.

In 2007, Shacham participated in California Secretary of State Debra Bowen’s “Top-to-Bottom” Review of the voting machines certified for use in California. He was a member of the team reviewing Hart InterCivic source code; the report he co-authored was cited by the Secretary in her decision to withdraw approval from Hart voting machines.

Shacham received his Ph.D. in computer science in 2005 from Stanford University, where he had also earned, in 2000, an A.B. in English. His Ph.D. advisor was Dan Boneh. In 2006 and 2007, he was a Koshland Scholars Program postdoctoral fellow at the Weizmann Institute of Science, hosted by Moni Naor.

Matt Franklin, Professor of Computer Science

Dr. Matt Franklin is an Associate Professor in the Computer Science Department at U. C. Davis, where he has taught since Fall 2000. He has over forty publications on cryptography and security in scientific journals and refereed conference proceedings. He received his Ph.D. in Computer Science from Columbia University in 1994, supported by an AT&T Bell Laboratories scholarship. From 1994 to 2000, he was a research scientist at Bell Labs in Murray Hill, NJ; AT&T Labs in Florham Park, NJ; and Xerox PARC in Palo Alto, CA.

In 2001, Dr. Franklin received a Packard Foundation Fellowship in Science and Engineering, and an NSF CAREER Award. He is on the Editorial Boards of the Journal of Cryptology and the Journal of Computer Security. In 2004, Prof. Franklin was the Program Chair for the annual Crypto Conference in Santa Barbara, CA.

Paul Kocher, President, Cryptographic Research

Paul Kocher is President and Chief Scientist of Cryptography Research. His works include designing numerous cryptographic applications and protocols, including SSL v3.0, the world’s most widely used security protocol. In addition to leading the team at CRI that discovered differential power analysis and designed the record-breaking DES key search machine “Deep Crack”, he is also credited with discovering timing attack cryptanalysis and co-founding ValiCert, Inc.

At Cryptography Research, he currently leads long-term research projects in areas including tamper resistance, content protection, fraud prevention for financial services, and network security. His work has been reported in forums ranging from technical journals and Scientific American to CNN and the front page of The New York Times.

Phil Rogaway, Professor of Computer Science, U.C. Davis

Phil Rogaway is a professor in the Department of Computer Science at the University of California, Davis, USA. He is also a regular visitor to the Department of Computer Science at Chiang Mai University, Thailand. Phil studies cryptography, protocols, network security, and the theory of computation. He has done extensive work on the application of encryption algorithms, including authenticated encryption, Variable Input Length ciphers, wide-block ciphers, and the encryption of finite sets. This work has been applied to solve problems in disk encryption, network traffic encryption, and Format-Preserving Encryption. Recently he has worked to develop an area of “practice-oriented provable security.” The aim there is to use theoretically sound techniques, mostly reductions, as the basis for the design and analysis of practical cryptographic protocols. The approach is yielding cryptographic protocols in diverse domains with improved performance and security characteristics.

Phil received an NSF CAREER Award in 1996 for his proposal, Practice-Oriented Provable Security. He is a member of IEEE, ACM, IACR (International Association for Cryptologic Research), and CPSR (Computer Professionals for Social Responsibility).

Business Advisors

Clyde Ostler, Wells Fargo (retired)

Clyde Ostler retired from Wells Fargo and Company after forty years in March of 2011. He retired as a Group Executive Vice President, Vice Chairman of Wells Fargo Bank California, and President of Wells Fargo Family Wealth. During his tenure with Wells Fargo, Mr. Ostler served in a number of capacities including Vice Chairman in the Office of the President, CFO, Head of Retail Branch Banking, Head of IT, Head of institutional and Personal Investments, and Head of Internet Services. He was a member of the Management Committee of the company for over twenty five years. Throughout his career, Mr. Ostler has also served on a number of for-profit and not-for-profit boards.

Ken Tyminski, Former VP and CISO, Prudential Insurance

Ken Tyminski is a 32 year veteran of the IT industry with a focus in the area of information security and risk management.

He most recently served as Vice President and Chief Information Security Officer for the Prudential Insurance Company of America. In this position he was responsible for ensuring that Prudential’s business systems were architected appropriately, implemented securely and protected from malicious outsiders and insiders. As CISO, he also led Information Security Office for Prudential, which established policies, standards and ensured controls were in place for millions of users, thousands of branches and hundreds of offices across the country and internationally.

Prior to his assignment as Prudential’s first Chief Information Security Officer, Ken held several other prominent positions. While working in the Corporate Technology Services organization he managed the Operations Control Center, overseeing the entire technology operation for the enterprise. Ken has also managed Information Technology Help Desks, IT Controls and Compliance functions, Technology Research and Software Engineering organizations. Throughout his career he has demonstrated his ability to create and manage enterprise scale technical and operational organizations. Ken is well known in the industry as a visionary, strategic thinker and early adopter. He has served on the advisory boards of several companies including Agiliance, Aternity and Citadel Security (now McAfee).

Ken graduated Magnum Cum Laude from Upsala College with a BS degree in Business Administration. He also has earned a certificate in Electrical Engineering Technology from New Jersey Institute of Technology.

Paul LeFort, Former CIO, United Healthcare

With more than 30 years of experience in information technology and healthcare, Paul LeFort most recently served as Chief Information Officer for UnitedHealth Group (UHG), a $19 billion healthcare company; there he managed a staff of 3,000 and an annual budget of $450 million. Under his leadership, UnitedHealth Group’s IS organization was named by ComputerWorld magazine as one of the “100 best places for IS professionals to work.” Mr. LeFort led the growth, acquisition and integration of technology activities as UHG grew to $20 billion in revenue. He has been selected as one of the Premier 100 CIO’s by Computerworld and Forbes recognizes UHG as one of the 28 best users of technology.

He served for 3 years as a large scale Customer Advisor to IBM and on the Board of the Managed Care Executive Group. During 1995 he was a Senior Vice President and CIO for MetraHealth Companies, Inc., which was jointly owned by Travelers Insurance Company and Metropolitan Life and subsequently acquired by UHG. From 1975 through 1994, Mr. LeFort was a Senior Partner at Deloitte Consulting in the Health Care industry. He served over 140 Health Care clients, including managed care organizations, large physician provider groups, hospitals and industry technology suppliers. He performed a variety of projects with a focus on technology usage, operations improvement, strategy and merger and acquisition analysis.

Mr. LeFort received his B.S. degree in Physics/Economics from Boston College in 1962. He is also a Director of The Trizetto Group (NASDAQ:TZIX), Advisor to HLM Opportunities Fund, and an independent management consultant.

Scott Loftesness, Partner, Glenbrook Partners

With over 30 years of experience in information technology—as a senior executive, board member, private investor, consultant, advisor, and CEO mentor—Scott Loftesness brings extensive operating experience, seasoned judgment and a unique business and technology perspective to his work with Glenbrook. He is an active private investor, member of the board of directors and advisor to a number of companies in the electronic payments, Internet infrastructure, and security markets.

Before founding Glenbrook Partners, Scott was Group Executive Vice President at First Data Merchant Services, where he helped build FDMS into the world’s largest credit-card merchant processor. Scott also served as Group Executive Vice President at Visa International, where he was responsible for defining Visa’s global payment systems strategies, including Visa’s research and development initiatives related to card payments, Internet payments and smart cards. Scott began his career at IBM where he spent over 17 years.

Stephen R. Katz, Former CISO, Citigroup

For over twenty-five years, Steve Katz has been directly involved in establishing, building and directing Information Security and Privacy functions. He is the founder and President of Security Risk Solutions, an information security company providing consulting and advisory services to major, mid-size, startup and venture capital companies. Steve is an Executive Advisor to Deloitte, is on the Board of Directors of nCircle Inc, on the Technology Advisory Board of Phoenix Technologies and is on the Advisory Board of CSO Magazine. Steve is also a member of the (ISC)² Americas Advisory Board for Information Systems Security.

Steve organized and managed the Information Security Program at JP Morgan for ten years. In 1995, he joined Citicorp/Citigroup after the Russian hacking incident. At Citi, Steve was the industry’s first Chief Information Security Officer. He spent the next six years directing Citigroup’s global Corporate Information Security Office.
Steve then joined Merrill Lynch as their Chief Information Security and Privacy Officer, where he organized and instituted the company-wide privacy and security program.

Steve has testified before Congress on numerous information security issues, and in 1998 was appointed Financial Services Sector Coordinator for Critical Infrastructure Protection by the Secretary of the Treasury. He was also the first Chairman of the Financial Services Information Sharing and Analysis Center (FS/ISAC), and is an Advisor to the FS/ISAC Board of Directors.

Steve Elefant, Former CIO, Heartland Payment Systems
Steve Elefant is currently a Sr. Strategic Consultant for Payments and Security at Google. Before Google, Mr. Elefant was the Chief Information Officer at Heartland Payment Systems. While at Heartland, he helped bring its Software as a Service (SaaS) applications to its merchant base, created and managed the company’s new end-to-end encryption team and products (powered by Voltage), developed point-of-sale products, and executed Heartland’s E3™ security platform that encrypts cardholder data from the point of swipe/entry at a merchant location through the Heartland processing networks and to the card brands.

Mr. Elefant is the founder of several successful Silicon Valley startup and venture capital firms. He is also the co-founder and former chief executive officer of ICVerify, Inc., a leader in payments processing integration of PC-based POS software. The company merged with CyberCash, Inc. where he was Vice-Chairman and formed an Internet and physical service provider for electronic payments software (which was ultimately sold to FirstData and is still in production today).