John C. Davis Senior Manager, KPMG Mr. Davis is a nationally-recognized member of the information security community. His areas of expertise relate to computer security, computer architecture, supercomputers, artificial intelligence, microelectronics, advanced processing techniques, and optical and magnetic data storage. He recently joined KPMG after a thirty-year career with the National Security Agency (NSA), where he was assigned to senior level technical and managerial positions responsible for various phases of developing, planning, and implementing information protection and information collection solutions. His most recent assignments at NSA included serving as a Commissioner on the Presidents Commission on Critical Infrastructure Protection (PCCIP), and subsequently, as the NSA Senior Representative to the Critical Infrastructure Assurance Office (CIAO). His prior positions at NSA have included assignments as the Director of the National Computer Security Center (1994-1999); Deputy Chief of Research and Technology (1992-1994); Chief of the Microelectronics Office (1987-1992); and, Chief of the Computer and Processing Technology Office (1982-1987). Complementary to these assignments, Mr. Davis has served as a member of the Computer System Security Privacy Advisory Board, sponsored by the Department of Commerce; a subcommittee chair on the National Security Telecommunications and Information System Security Committee, sponsored by the Department of Defense (DoD); and, an executive committee member of the Research and Development Committee for Critical Infrastructure Protection, sponsored the White Houses Office of Science and Technology (OSTP). Additionally, for the past five years, he has been the co-chair of the National Information System Security Conference, a week-long premier annual information security event with over 2000 attendees, and an exposition of 150 information security product vendors. Representative Accomplishments As a PCCIP Commissioner, developed national policy and strategic recommendations for the President to ensure the availability and continued operation of critical infrastructures (e.g. Banking and Finance, Information and Communications, Energy, and Transportation), with these concepts being incorporated into formal Federal policy through Presidential Decision Directive 63 (PDD-63). Participated in commission liaison and outreach activities in the form of public hearings; meetings with industry, government representatives, and special interest groups; and, presentations at workshops and seminars. Served as a subject-matter-expert for information security issues. Led a PCCIP team of senior government executives and industry representatives which produced a comprehensive, succinct digest detailing significant information concerning operational continuity of the Information and Communications infrastructure sector, including associated threats, vulnerabilities, best practices, and other pertinent data, to support Commission recommendations. This document was included in the PCCIP final report, titled "Critical Foundations". Led a CIAO interagency team which formulated the conceptual framework for a national level, strategic Infrastructure Protection Research and Development (R&D) Plan, which included participation by both the government and private industry, to mitigate associated cyber and physical threats. Concurrently, served as an executive member of the OSTP R&D Committee, which surveyed existing Federal government R&D programs relating to infrastructure protection and information assurance. Participated in providing recommendations to the President concerning the potential for leveraging existing projects; and, proposed a priority ranking for future programmatic efforts to support PDD-63 objectives based on potential funding targets. Served as the CIAO point of contact for all R&D issues associated with physical and cyber threats to critical infrastructures. As the Director of the National Computer Security Center at NSA, was a member of the executive committee which was responsible for the management and execution of the Federal Government's almost half-billion dollar Information System Security Program. Associated responsibilities included directing projects and supervising efforts to assess the threats to and vulnerabilities of complex information systems; providing cost-effective security solutions for those systems; developing related Research and Development (R&D) plans; and, assisting departments and agencies in improving their security posture. As the NSA Senior Executive Account Representative to the US Pacific Command (PACOM), was responsible for the information system security programs and associated personnel in the Pacific-rim countries. Managed area responsibilities and conducted liaison visits with each respective PACOM element in Hawaii, Korea, Japan, Australia and Alaska to ensure that senior military commanders were receiving full information security support from NSA. Developed an orientation training program emphasizing technical competence and customer focus for NSA field assignees. As subcommittee chairman of the National Security Telecommunications and Information System Security Committee (NSTISSC), evaluated emerging trends in information security threats and vulnerabilities and identified pertinent topics for research, discussion, and subsequent review by the committee, which included representatives from the Defense Department, the Intelligence Community, the Federal Bureau of Investigation, and Civil Departments and Agencies. Directly reported on significant NSTISSC subcommittee issues to the Assistant Secretary of Defense for Command, Control, Communications, and Intelligence (ASDC3I) to support defense-wide actions to protect the operation and integrity of sensitive information systems. Organized an annual off-site executive seminar, hosted by ASDC3I, for senior leaders representing all federal government departments and agencies, to include identifying relevant issues and chairing various panels and sessions as a subject-matter-expert on current information security topics. As the NSA representative to the Computer System Security and Privacy Advisory Board (CSSPAB), provided expertise on such issues as security architectures, encryption, digital signatures, electronic commerce, incident detection and warning, and authentication. Provided advice and made recommendations for formal policy, including potential legislation, to the Secretary of Commerce, Director NSA, and Congress, on matters relating to information security and privacy relative to the federal government, as mandated by the CSSPAB charter under the Computer Security Act of 1987. Led a team which facilitated the administrative and technical aspects associated with the transition of hardware and software security assessments from the previous "Orange Book" specifications, which had served as the de facto criteria in the US for entities concerned with evaluating the security level of new products, to the neoteric "Common Criteria" standard, which has significantly enhanced overall information security posture by being afforded both national and international acceptance. Interfaced extensively, to include resolution of contentious issues, with private sector, Federal Government, and foreign country technical and managerial personnel involved in information security product design, development, testing, production, and marketing. As Deputy Chief of Research and Technology, directed day-to-day operations for an organization of 600 enginee rs, mathematicians, computer scientists, and physicists, to include strategic planning, budget formulation and execution, quality assurance, and product assessment for emerging requirements relating to information security, signals intelligence, and microelectronics. Managed various leading-edge collaborative research programs, to include extensive interface with the Defense Advanced Research and Development Agency, National Institute of Standards and Technology, the Central Intelligence Agency, and private industry software and hardware manufacturers. Developed innovative and adaptive reengineering programs for various NSA workforce elements; leveraged productivity through team development; implemented acceptance of quantitative and qualitative performance metrics as appropriate; and, established a customer-focused approach to quality assurance and product recognition. As Chief of the Microelectronics Office, directed efforts to develop a full production capability for highly classified microchip projects, including chip design, manufacture, packaging, and testing. Converted existing base building into a Class 5 clean room capable of manufacturing chips with line width to .2 microns; developed chip design capability for VLSI application-specific integrate circuits. and, provided fully-tested, packaged chips to a customer base exceeding 100 clients per year. Developed a microelectronics strategic plan, including conducting comprehensive operational requirements surveys, developing cost benefit analyses for various manufacturing options, and completing technical evaluations to support appropriate recommendations to improve operations and increase efficiency. Modified program office roles and responsibilities based on emerging requirements and changing priorities. Conducted surveys and statistical evaluations of activities to assess efficiency of policies and operations, and detect indicators of potential negative trends. As Chief of the Computer and Processing Technology Office, was responsible for oversight of original research projects relating to artificial intelligence, computer graphics, modeling and simulation tools, supercomputing, interoperability among security components, and recording and storage. Developed programmatic goals and objectives, project milestones, and performance data indicators for multiple, complex initiatives. Established risk management criteria for new development methodologies. Directed efforts of engineers and physicists responsible for programs that resulted in the creation of digital and analog optical processing systems; automated mass-storage systems; and, advanced recorders for intelligence missions. As a member of the IEEE Mass Storage Executive Committee, provided subject matter expertise on the interface of information security issues, current mass storage techniques, and related emerging technologies. Assisted in organizing the annual International Mass Storage Symposium. Education B.S., Physics, Pennsylvania State University, 1961 Awards NSA Directors Distinguished Service Medal, 1999 Other Organizational Affiliations DoD Millimeter Microwave Integrated Circuit Committee, former executive committee
member |