M3AAWG Expert Advisors are highly respected experts chosen for their skills and industry proficiency. They assist the committees in their work and often provide new ideas and perspectives at M3AAWG meetings.
A practicing attorney in Bonn, Germany specializing in European IT law, data protection and data privacy since 2003, Frank Ackermann provides expert analysis of the online policies developing throughout the European Union focusing on how they will affect anti-abuse work. He is an active participant in the EU online security community, having served as a director and vice president of INHOPE (International Organization of Internet Hotlines), senior legal counsel and director at eco-Association of the Internet Industry, in Germany, and as an advisory board member of the German Awareness Node “Saferinternet.de. He also provides information technology law training for online emerging countries with the Internet Society and has been a M3AAWG Public Policy Advisor since 2011. Mr. Ackermann is co-chair of the M3AAWG Public Policy Committee.
Richard Clayton led the team that developed Turnpike, one of the earliest integrated Internet access packages for Windows, giving access to email and Usenet over dialup links. In 1995 his software house was sold to Demon Internet, then the United Kingdom's largest ISP. He worked for Demon in various troubleshooting and regulatory roles until 2000, when he returned to the University of Cambridge to study for a PhD. His thesis was completed in 2005, and he has stayed on as an academic "because it is more fun than working."
Dr. Clayton edited many of LINX's BCP (Best Current Practices) documents, which include some of the earliest formal statements of the terms and conditions that internet service providers must impose to ensure they can deal with abuse of email systems. In 2007 he became the second recipient of LINX's "Conspicuous Contribution" award.
He currently runs the Cambridge Cybercrime Centre, a five-year initiative to collate datasets about cybercrime and make them available to other academics. The aim is to drive a step change in the number of academic papers that use real world data as the basis for their insights into cybercrime topics.
David H. Crocker is a principal with Brandenburg InternetWorking. He develops network-based applications businesses and designs system architectures for them. He worked in the ARPANet community during the 1970s and led product development efforts during the 1980s. During the internet bubble he founded several startup companies.
Over the years, Mr. Crocker has developed and operated two national email services, designed two others, and was CEO of a startup providing knowledge management tools for product support, as well as CEO of a community non-profit ISP. His senior management product experience covers email clients and servers, core protocol stacks for TCP/IP and OSI, network management control stations.
He is a co-recipient of the 2004 IEEE Internet award for his work on email. Mr. Crocker has been leading and authoring internet standards for forty years, covering internet mail, instant messaging, facsimile and EDI. He has also contributed to work on digital identity, internet security, ecommerce, domain name service, emergency services, and even some TCP and IP enhancements. He has authored more than 50 IETF Requests For Comments. Mr. Crocker served as an Area Director for the Internet Engineering Task Force, variously overseeing network management, middleware and the IETF standards process. His recent efforts include work on the email anti-abuse techniques of DMARC and DKIM. He served on the CEAS 2006 executive committee, on the iTrust 2006 program committee and as the Awards Chair for SOUPS 2016.
Mr. Crocker has a B.A. in psychology from the University of California at Los Angeles (UCLA), a M.A. from the Annenberg School of Communications at University of Southern California (USC), and he studied computer science at the University of Delaware. He is an active volunteer with the American Red Cross.
Dr. Stephen Farrell is a research fellow in the School of Computer Science and Statistics at Trinity College Dublin (https://scss.tcd.ie), where he teaches and researches on security and delay/disruption-tolerant networking (DTN). In 2006 he co-authored the first book on the latter topic. Dr. Farrell has been involved in internet standards for more than a decade and was IETF security area director from 2011-2017. He currently co-chairs the IETF home networking working group (homenet) and is co-founder of Tolerant Networks Limited, a TCD campus company.
Barry Leiba has worked on email and related technology since the early 1980s, and currently focuses on the "Internet of Things", messaging and collaboration on mobile platforms, security and privacy of Internet applications, and Internet standards development and deployment. Barry has been active in the Internet Engineering Task Force since the mid 1990s and currently serves as Applications and Real-Time (ART) Area Director and as the IETF liaison to M3AAWG. He is an author of a number of proposed standards, has chaired many working groups in the Applications and Security Areas, and has been a member of the Internet Architecture Board (IAB). He is a member of the Security and Stability Advisory Committee (SSAC) in ICANN and is Associate Editor-in-Chief of IEEE Internet Computing magazine, in charge of departments and columns. Barry has been a Director of Standards at Futurewei Technologies since 2009. Before that he was a Senior Technical Staff Member at IBM's Research Division.
John R. Levine is a long-term participant in mail standards and mail anti-abuse efforts. He is a member of the board of the Internet Society, of the ICANN Stability and Security Advisory Committee (SSAC) and is president of the Coalition Against Unsolicited Commercial E-mail (CAUCE North America). He has written many books including the popular Internet for Dummies, Fighting Spam for Dummies, Linkers and Loaders, and qmail.
Dr. Levine has been active in the design and testing of widely used anti-spam and authentication technologies including: DKIM, ARC, CSV, and ARF. He was a co-founder and director of the Domain Assurance Council, an industry consortium creating open standards for domain certification. Dr. Levine has a B.A. and Ph.D. in Computer Science from Yale University. His other computing interests include compilers; he co-authored the classic lex & yacc and has moderated comp.compilers, the usenet group which is the world's most popular forum on the topic, since 1986.
April Lorenzen is an internet security researcher specializing in the preemptive discovery of miscreant and crimeware resources in the domain name system. In her work as Chief Data Scientist at Zetalytics, she oversees one of the world's most geographically diverse passive DNS systems. She has operated IoC (Indicators of Compromise) security feeds continuously since 2004 and is the primary architect of the free open source data visualization tool "Mal4s.”
April is also active in the white hat community as a M3AAWG Senior Technical Advisor and as a Senior Research Fellow for the Anti-Phishing Working Group (APWG). She received the Global Impact award from the Department of Homeland Security S&T Cyber Security Division in 2016 and currently serves as the Principal Investigator for a critical infrastructure supply chain cybersecurity notification research project. She also has been appointed to serve on the Cyber Rhode Island Advisory Committee by the state’s Congressional representative. In 2006, April received an award for Outstanding Support in the Ongoing Battle Against Cyber Crime from the National Cyber Forensics Training Alliance (NCFTA). She is a frequent trainer and speaker at international ISP, law enforcement and security industry conferences.
Angelica Mandell is a diversity, equity, and inclusion independent consultant, joining M3AAWG in early 2022 as an Expert Advisor. Angelica has a Masters of Social Work (MSW) degree from Eastern Washington University along with having an A.C.S.W (Academy of Certified Social Workers) certification. Mrs. Mandell has 25+ years of experience as a regional program director, clinical supervisor, data analyst, program manager and trainer, including focus on creating diverse and inclusive environments and cultures. Additionally, Angelica is an experienced social worker and mental health professional with extensive background in direct client services as well as clinical supervision, staff development and training, and program agency management. Angelica is working with the M3AAWG Diversity & Inclusion committee, member community, and executive leadership to understand how to help industry associations create diverse and inclusive cultures while working on common initiatives as well as incorporating and leveraging partnering organizations where appropriate.
Simon McGarr is recognized as one of Ireland’s leading experts in data protection. A practicing solicitor, he has guest lectured at Irish Universities and the Irish Law Society. His ability to convey specialized information painlessly has made him a regular contributor to media discussions of data issues.
Simon was involved in the two landmark cases developing data protection law in the European Union, Digital Rights Ireland and Schrems. His consultancy firm, Data Compliance Europe focuses on helping organizations, from multinationals to non-profits, towards GDPR compliance.
leadership of the Anti-Phishing Working Group (APWG) and other industry organizations
Area of expertise: Pete provides consulting services on engaging with and contributing to standards development organizations, as well as advising on engineering, legal, and policy issues. He also serves as an expert witness in legal cases regarding Internet messaging.
Area of expertise: Joe mainly focuses on cryptography and privacy in standards and security architectures and has spent over 2 decades working on open security standards within the IETF and IEEE.
Joe St Sauver is a Distinguished Scientist with Dr. Paul Vixie's data-driven security company, Farsight Security, Inc. Before joining Farsight in November 2014, Dr. St Sauver worked for the Computing Center/Information Services at the University of Oregon for roughly 28 years, including serving (under a UO contract) as the Internet2 Nationwide Security Programs manager, and manager of the the InCommon SSL/TLS Certificate Service and InCommon's Multifactor Program.
Among other national cybersecurity-related activities, Dr. St Sauver remains a member of the Research and Education Network Information Sharing and Analysis Center Technical Advisory Group (REN-ISAC TAG) and is on the Board of the Coalition Against Unsolicited Email (CAUCE). Dr. St Sauver routinely writes and presents on a wide range of cybersecurity topics. Publicly available presentations can be found at https://www.stsauver.com/joe/
Jesse is currently a Postdoctoral Cybersecurity Fellow at Stanford’s Center for International Security and Cooperation. Broadly, Dr. Sowell’s research focuses on the non-stat I’m e institutions that ensures the internet stays glued together in a secure and stable manner.
This work started with studies of how operational communities share information necessary to solve operational and security incidents that often cross firm and jurisdictional boundaries. Historically, these actors have served as the stewards of the internet’s infrastructure. Increasingly, the social, political, and economic magnitude of cybersecurity incidents requires the capabilities of both operational communities and state actors. Dr. Sowell’s ongoing work explores the operational-policy interface between operational security communities and state actors, in particular law enforcement and national security.
Dr. Sowell’s other research interests include the role of private transnational security regimes in global politics, the commodification of malware value networks, credible knowledge assessment of science and technology policy, the economics of IoT security, and the growing tension between internet privacy and security efforts. At M3AAWG, Dr. Sowell serves as a Senior Advisor and vice-chair of the Growth and Development Committee, directing the organization’ outreach efforts. He also serves as the co-chair of the IoT Special Interest Group.
Dr. Sowell has a background in computer science, criminal justice, and technology and policy. He holds a PhD in Technology, Management, and Policy from MIT’s Engineering Systems Division.
Laurin Weissinger, Teacher at Fletcher School, Tufts University, Cybersecurity Fellow and an ISP Visiting Fellow at Yale Law School.
His research and expertise include: complex systems and security, the problem of trust, trust assurance, trust architectures, security threats more generally, cooperation in international and organizational cybersecurity, risk and security management, regulation and standards, security policy, as well as cybercrime and anti-abuse. Laurin recently served as Vice-Chair for the Second Security, Stability, and Resiliency Review for ICANN.
Laurin studies and teaches cybersecurity from a holistic socio-technological perspective and utilizes multidisciplinary methods to explore the technical, social, and political aspects of complex systems and cybersecurity in practice. His research and policy work are informed by his many years working in IT as a systems administrator and architect in the healthcare industry, in technology consulting, and his work with M3AAWG and APWG.
Laurin received his DPhil (PhD) from University of Oxford, where he conducted an in-depth study of trust assurance in cybersecurity. Additionally, Laurin holds an MSc from Oxford, and an MPhil from the University of Cambridge.
William (Bill) Wilson is an IT governance, audit and privacy specialist with over thirty years of executive management, consulting, auditing and hands-on software engineering experience within both the public and private sectors.
As the CEO, founder and managing partner of Breckenhill, he concentrates on IT security and privacy issues in large public-sector systems and has developed multiple security and privacy risk oversight frameworks for global projects involving highly sensitive data such as biometrics, payments, tendering and messaging. A proponent of privacy, Mr. Wilson has presented and participated on panels in public policy debates world-wide surrounding protecting privacy within the realm of security.
Formerly the Chief Privacy Technologist for the Office of the Privacy Commissioner of Canada, he led the Technology Analysis Branch and was responsible for increasing technical capabilities while building their technology lab into a world leading privacy research facility. As the Chief Privacy Technologist, he was also responsible for defining, conducting and reporting on the information technology components of audits related to the protection of personal information for both public and private sector organizations. Earlier in his career, Mr. Wilson also developed and taught “Computer Crime Investigative Techniques,” a comprehensive course on computer and network forensics for law enforcement at the Canadian Police College. Mr. Wilson is also co-chair of the M3AAWG Public Policy Committee.
Ash Wilson is the Technical Director at Urbane Security, where his responsibilities include the development of internal systems and security research.
Mr. Wilson has a background in security research, network engineering, software development, and protocol design. He was an early contributor to the DANCE (formerly DANISH) IETF working group, which seeks to make DNS the binding namespace for client identifiers across a variety of use cases, including IoT.
Dana-Lynn joined the Compliance and Enforcement Sector at the Canadian Radio-television and Telecommunications Commission (the Commission) in July 2012 to assist the team with the development of Canada’s Anti-spam Legislation’s (CASL) enforcement program. Since joining the Commission, Dana-Lynn has also worked on enforcing the Unsolicited Telecommunications Rules and is the Senior Advisor to the Chief Compliance and Enforcement Officer (CCEO) advising on enforcement policy and compliance issues. Dana-Lynn is currently responsible for domestic and International partnership development for the Electronic Commerce and Telecommunications Enforcement divisions. Before joining the Commission, Dana-Lynn previously held a position at Innovation, Science and Economic Development Canada (previously Industry Canada) in the National Anti-Spam Coordinating Body, helping guide Bill C-28 (CASL) through the parliamentary and regulatory process.
Dana-Lynn also sits on the Executive Committee of the Unsolicited Communications Enforcement Network (UCENet), a global network of regulatory and law enforcement agencies dedicated to combatting online and telephony abuse. In 2018-2019, Dana-Lynn was seconded to the Department of Internal Affairs (DIA) in New Zealand (NZ) to work in their Digital Safety enforcement group and help contribute to the evolution of their anti-spam program. As a result of the events of March 15th, 2019 in Christchurch NZ, Dana-Lynn worked on the digital terrorism file, contributing to protecting New Zealanders from the effects of that online harm.