M3AAWG Senior Advisors are highly respected experts chosen for their skills and industry proficiency. They assist the committees in their work and often provide new ideas and perspectives at M3AAWG meetings.
Senior Technical Advisors
Richard Clayton, Ph.D., Security Researcher, University of Cambridge
Richard Clayton led the team that developed Turnpike, one of the earliest integrated Internet access packages for Windows, giving access to email and Usenet over dialup links. In 1995 his software house was sold to Demon Internet, then the United Kingdom's largest ISP. He worked for Demon in various troubleshooting and regulatory roles until 2000, when he returned to the University of Cambridge to study for a PhD. His thesis was completed in 2005, and he has stayed on as an academic "because it is more fun than working."
Dr. Clayton edited many of LINX's BCP (Best Current Practices) documents, which include some of the earliest formal statements of the terms and conditions that internet service providers must impose to ensure they can deal with abuse of email systems. In 2007 he became the second recipient of LINX's "Conspicuous Contribution" award.
He currently runs the Cambridge Cybercrime Centre, a five-year initiative to collate datasets about cybercrime and make them available to other academics. The aim is to drive a step change in the number of academic papers that use real world data as the basis for their insights into cybercrime topics.
Dave Crocker, Brandenburg InternetWorking, Principal
David H. Crocker is a principal with Brandenburg InternetWorking. He develops network-based applications businesses and designs system architectures for them. He worked in the ARPANet community during the 1970s and led product development efforts during the 1980s. During the internet bubble he founded several startup companies.
Over the years, Mr. Crocker has developed and operated two national email services, designed two others, and was CEO of a startup providing knowledge management tools for product support, as well as CEO of a community non-profit ISP. His senior management product experience covers email clients and servers, core protocol stacks for TCP/IP and OSI, network management control stations.
He is a co-recipient of the 2004 IEEE Internet award for his work on email. Mr. Crocker has been leading and authoring internet standards for forty years, covering internet mail, instant messaging, facsimile and EDI. He has also contributed to work on digital identity, internet security, ecommerce, domain name service, emergency services, and even some TCP and IP enhancements. He has authored more than 50 IETF Requests For Comments. Mr. Crocker served as an Area Director for the Internet Engineering Task Force, variously overseeing network management, middleware and the IETF standards process. His recent efforts include work on the email anti-abuse techniques of DMARC and DKIM. He served on the CEAS 2006 executive committee, on the iTrust 2006 program committee and as the Awards Chair for SOUPS 2016.
Mr. Crocker has a B.A. in psychology from the University of California at Los Angeles (UCLA), a M.A. from the Annenberg School of Communications at University of Southern California (USC), and he studied computer science at the University of Delaware. He is an active volunteer with the American Red Cross.
Stephen Farrell, Ph.D., Trinity College Dublin
Dr. Stephen Farrell is a research fellow in the School of Computer Science and Statistics at Trinity College Dublin (https://scss.tcd.ie), where he teaches and researches on security and delay/disruption-tolerant networking (DTN). In 2006 he co-authored the first book on the latter topic. Dr. Farrell has been involved in internet standards for more than a decade and was IETF security area director from 2011-2017. He currently co-chairs the IETF home networking working group (homenet) and is co-founder of Tolerant Networks Limited, a TCD campus company.
Barry Leiba, Futurewei Technologies
Barry Leiba has worked on email and related technology since the early 1980s, and currently focuses on the "Internet of Things", messaging and collaboration on mobile platforms, security and privacy of Internet applications, and Internet standards development and deployment. Barry has been active in the Internet Engineering Task Force since the mid 1990s and currently serves as Applications and Real-Time (ART) Area Director and as the IETF liaison to M3AAWG. He is an author of a number of proposed standards, has chaired many working groups in the Applications and Security Areas, and has been a member of the Internet Architecture Board (IAB). He is a member of the Security and Stability Advisory Committee (SSAC) in ICANN and is Associate Editor-in-Chief of IEEE Internet Computing magazine, in charge of departments and columns. Barry has been a Director of Standards at Futurewei Technologies since 2009. Before that he was a Senior Technical Staff Member at IBM's Research Division.
John R. Levine, Ph.D., Taughannock Networks, Founder
John R. Levine is a long-term participant in mail standards and mail anti-abuse efforts. He is a member of the board of the Internet Society, of the ICANN Stability and Security Advisory Committee (SSAC) and is president of the Coalition Against Unsolicited Commercial E-mail (CAUCE North America). He has written many books including the popular Internet for Dummies, Fighting Spam for Dummies, Linkers and Loaders, and qmail.
Dr. Levine has been active in the design and testing of widely used anti-spam and authentication technologies including: DKIM, ARC, CSV, and ARF. He was a co-founder and director of the Domain Assurance Council, an industry consortium creating open standards for domain certification. Dr. Levine has a B.A. and Ph.D. in Computer Science from Yale University. His other computing interests include compilers; he co-authored the classic lex & yacc and has moderated comp.compilers, the usenet group which is the world's most popular forum on the topic, since 1986.
April Lorenzen, Dissect Cyber Inc.
April Lorenzen is an internet security researcher specializing in the preemptive discovery of miscreant and crimeware resources in the domain name system. In her work as Chief Data Scientist at Zetalytics, she oversees one of the world's most geographically diverse passive DNS systems. She has operated IoC (Indicators of Compromise) security feeds continuously since 2004 and is the primary architect of the free open source data visualization tool "Mal4s.”
April is also active in the white hat community as a M3AAWG Senior Technical Advisor and as a Senior Research Fellow for the Anti-Phishing Working Group (APWG). She received the Global Impact award from the Department of Homeland Security S&T Cyber Security Division in 2016 and currently serves as the Principal Investigator for a critical infrastructure supply chain cybersecurity notification research project. She also has been appointed to serve on the Cyber Rhode Island Advisory Committee by the state’s Congressional representative. In 2006, April received an award for Outstanding Support in the Ongoing Battle Against Cyber Crime from the National Cyber Forensics Training Alliance (NCFTA). She is a frequent trainer and speaker at international ISP, law enforcement and security industry conferences.
Joe St Sauver, Ph.D., Farsight Security, Inc.
firstname.lastname@example.org (work) / email@example.com
Joe St Sauver is a Distinguished Scientist with Dr. Paul Vixie's data-driven security company, Farsight Security, Inc. Before joining Farsight in November 2014, Dr. St Sauver worked for the Computing Center/Information Services at the University of Oregon for roughly 28 years, including serving (under a UO contract) as the Internet2 Nationwide Security Programs manager, and manager of the the InCommon SSL/TLS Certificate Service and InCommon's Multifactor Program.
Among other national cybersecurity-related activities, Dr. St Sauver remains a member of the Research and Education Network Information Sharing and Analysis Center Technical Advisory Group (REN-ISAC TAG) and is on the Board of the Coalition Against Unsolicited Email (CAUCE). Dr. St Sauver routinely writes and presents on a wide range of cybersecurity topics. Publicly available presentations can be found at https://www.stsauver.com/joe/
Senior Advisors in Public Policy, Data Privacy, and Growth and Development
Frank Ackermann, Attorney-at-Law, Ackermann Legal
A practicing attorney in Bonn, Germany specializing in European IT law, data protection and data privacy since 2003, Frank Ackermann provides expert analysis of the online policies developing throughout the European Union focusing on how they will affect anti-abuse work. He is an active participant in the EU online security community, having served as a director and vice president of INHOPE (International Organization of Internet Hotlines), senior legal counsel and director at eco-Association of the Internet Industry, in Germany, and as an advisory board member of the German Awareness Node “Saferinternet.de. He also provides information technology law training for online emerging countries with the Internet Society and has been a M3AAWG Public Policy Advisor since 2011. Mr. Ackermann is co-chair of the M3AAWG Public Policy Committee.
Simon McGarr, Solicitor, Data Compliance Europe
Simon McGarr is recognized as one of Ireland’s leading experts in data protection. A practicing solicitor, he has guest lectured at Irish Universities and the Irish Law Society. His ability to convey specialized information painlessly has made him a regular contributor to media discussions of data issues.
Simon was involved in the two landmark cases developing data protection law in the European Union, Digital Rights Ireland and Schrems. His consultancy firm, Data Compliance Europe focuses on helping organizations, from multinationals to non-profits, towards GDPR compliance.
William Wilson, Founder, Breckenhill
William (Bill) Wilson is an IT governance, audit and privacy specialist with over thirty years of executive management, consulting, auditing and hands-on software engineering experience within both the public and private sectors.
As the CEO, founder and managing partner of Breckenhill, he concentrates on IT security and privacy issues in large public-sector systems and has developed multiple security and privacy risk oversight frameworks for global projects involving highly sensitive data such as biometrics, payments, tendering and messaging. A proponent of privacy, Mr. Wilson has presented and participated on panels in public policy debates world-wide surrounding protecting privacy within the realm of security.
Formerly the Chief Privacy Technologist for the Office of the Privacy Commissioner of Canada, he led the Technology Analysis Branch and was responsible for increasing technical capabilities while building their technology lab into a world leading privacy research facility. As the Chief Privacy Technologist, he was also responsible for defining, conducting and reporting on the information technology components of audits related to the protection of personal information for both public and private sector organizations. Earlier in his career, Mr. Wilson also developed and taught “Computer Crime Investigative Techniques,” a comprehensive course on computer and network forensics for law enforcement at the Canadian Police College. Mr. Wilson is also co-chair of the M3AAWG Public Policy Committee.
Jesse Sowell, Ph.D.
Jesse is currently a Postdoctoral Cybersecurity Fellow at Stanford’s Center for International Security and Cooperation. Broadly, Dr. Sowell’s research focuses on the non-state institutions that ensures the internet stays glued together in a secure and stable manner.
This work started with studies of how operational communities share information necessary to solve operational and security incidents that often cross firm and jurisdictional boundaries. Historically, these actors have served as the stewards of the internet’s infrastructure. Increasingly, the social, political, and economic magnitude of cybersecurity incidents requires the capabilities of both operational communities and state actors. Dr. Sowell’s ongoing work explores the operational-policy interface between operational security communities and state actors, in particular law enforcement and national security.
Dr. Sowell’s other research interests include the role of private transnational security regimes in global politics, the commodification of malware value networks, credible knowledge assessment of science and technology policy, the economics of IoT security, and the growing tension between internet privacy and security efforts. At M3AAWG, Dr. Sowell serves as a Senior Advisor and vice-chair of the Growth and Development Committee, directing the organization’ outreach efforts. He also serves as the co-chair of the IoT Special Interest Group.
Dr. Sowell has a background in computer science, criminal justice, and technology and policy. He holds a PhD in Technology, Management, and Policy from MIT’s Engineering Systems Division