BSIMM advisors

Helping guide the future of the BSIMM

Brad Arkin

Vice President and Chief Security Officer


Brad Arkin is Vice President and Chief Security Officer for Adobe. As CSO, Arkin has ultimate responsibility for all security-related decisions and investments across the company. Arkin leads the teams responsible for the security of Adobe’s infrastructure, products and services, as well as teams dedicated to security incident response and communication, including Adobe Secure Software Engineering Team (ASSET), Product Security Information Response Team (PSIRT), Security Coordination Center (SCC) and Engineering Infrastructure Security team.

Prior to joining Adobe, Arkin held management positions at StepNexus, Symantec, @Stake and Cigital. Arkin holds a BS in computer science from the College of William and Mary, an MS in computer science from George Washington University, and an MBA from Columbia University and London Business School.

Eric Baize

Senior Director, Product Security and Trusted Engineering

EMC Corporation 

Eric Baize is the head of Product Security and Trusted Engineering at EMC Corporation with company-wide responsibility for all aspects of product security including vulnerability response, security development lifecycle, implementation of common security technology, and supply chain risk management. He also oversees the definition of EMC’s security and integrity practices to protect engineering systems and product code. Follow Eric Baize on Twitter: @ericbaize.

Jeff Cohen

Director of Software Security 

TD Ameritrade

Jeff Cohen is Director of Software Security at TD Ameritrade. He was formerly the Global Head of Application Security for JP Morgan Chase. Prior to that, Jeff lead the creation and implementation of Intel’s global product security assurance program, which included both software and hardware security. In addition, Jeff has more than 20 years of experience in managing software development teams and in leading both quality and security assurance for both commercial and defense applications. Jeff previously served on the SAFECode Board of Directors.

Gary McGraw

Vice President of Security Technology


Gary McGraw is the Vice President of Security Technology at Synopsys (SNPS), a Silicon Valley company headquartered in Mountain View, CA. He is a globally recognized authority on software security and the author of eight bestselling books on this topic. His titles include Software SecurityExploiting SoftwareBuilding Secure SoftwareJava SecurityExploiting Online Games, and 6 other books; and he is editor of the Addison-Wesley Software Security series. Dr. McGraw has also written over 100 peer-reviewed scientific publications, authors a periodic security column for SearchSecurity, and is frequently quoted in the press. Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Max Financial, NTrepid, and Ravenwhite. He has also served as Advisor to Dasient (acquired by Twitter), Fortify Software (acquired by HP), and Invotas (acquired by FireEye). He holds a dual PhD in Cognitive Science and Computer Science from Indiana University where he serves on the Dean’s Advisory Council for the School of Informatics. Gary served on the IEEE Computer Society Board of Governors and produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy Magazine (syndicated by SearchSecurity).

Follow Gary on twitter at @cigitalgem or via his website.

Sammy Migues

Principal - Technology 


Sammy is an information security visionary with a proven record of entrepreneurial innovation, intellectual capital development, practical business solutions, and performance optimization. He has extensive day-to-day experience in chief technologies, applied R&D, and evangelist roles, working directly with customers, product management and product development. At Synopsys, Sammy works daily with customers and Synopsys’ best and brightest to keep corporate knowledge and people on the cutting edge of software security and quality, while also working on product innovation, software security course creation, and risk modeling and management. In previous positions, Sammy was VP, Knowledge Management at Cybertrust (formerly TruSecure) and Chief Scientist at iDEFENSE.

Jim Routh

Chief Information Security Officer


Jim Routh is the Chief Information Security Officer and leads the Global Information Security function for Aetna. He is the Chairman of the National Health ISAC and a Board member of the FS-ISAC. He was formerly the Global Head of Application & Mobile Security for JP Morgan Chase. Prior to that he was the CISO for KPMG, DTCC and American Express and has over 30 years of experience in information technology and information security as a practitioner. He is the Information Security Executive of the Year winner for the Northeast in 2009 and the Information Security Executive of the Year in 2014 in North America for Healthcare. He has published several white papers including the FS-ISAC 3rd Party Software Security Controls paper and leads several cross functional information security working groups.

David Smith

Independent Information Security Consultant

Previously, David was head of Fidelity Investments Global Application Security Group, responsible for providing all application services including Secure Code Review, Penetration Testing, Application Security Architecture and Consulting, Emerging Vulnerabilities, Governance and Oversight, Application Security Training, SSDL, Application Security Tools and Automation. He also served as director of development at Fidelity, and served with Booz Allen and the Department of Defense.

Janne Uusilehto

Senior Manager, Security & Privacy 


Prior to joining Microsoft in 2014, Janne served as Director, Head of Nokia Product Security for several years, and also also was a member of the Merita-Nordbanken Cash Management Services team that initiated Internet sales portals in Finland. Janne has extensive experience in mobile security and product security; his previous roles include board positions in forums such as SAFECode, ICASI, Global Platform and Trusted Computing Group. Janne is also a member of the Advisory Board for Oxford University Cyber Security Doctorate program. Janne has been an active participant in various industry Groups and forums such as GSMA and DIGITALEUROPE, as well as a speaker at security conferences like RSA, and BlackHat. Janne also speaks at Oxford University, Trinity College, Queens University of Belfast, and University of Oulu.

Jacob West

Chief Architect for Security Products 


Jacob West is Chief Architect for Security Products at NetSuite. In his role, West leads research and development for technology to identify and mitigate security threats. Prior to this role, West served as CTO for Enterprise Security Products at HP where he founded and led HP Security Research, which drives innovation through research publications, threat briefings, and actionable security intelligence. A world-recognized expert on software security, West co-authored the book, “Secure Programming with Static Analysis” in 2007. West co-authors the Building Security In Maturity Model (BSIMM), serves as a founding member of both the IEEE Center for Secure Design (CSD) and the (ISC)2 Application Security Advisory Council (ASAC), and is a frequent keynote speaker at industry events worldwide.