Program Committee

Alec Summers

Alec Summers is a principal cybersecurity engineer at the MITRE Corporation with diverse and extensive experience in software assurance and vulnerability management, as well as cyber operations, assessments, and supply chain risk management. He is MITRE’s CVE and CWE Project Leader, managing teams that support vulnerability and weakness research & analysis, content production, program coordination, infrastructure and services development, and community engagement across a global stakeholder community comprising industry, government, and academia. He also serves as the moderator for the CVE Board.
Art Manion

Art Manion spends a lot of time working on various aspects of cybersecurity vulnerabilities including coordinated disclosure, measurement, response prioritization, and public policy. Art has led and contributed to vulnerability-related efforts the Forum of Incident Response and Security Teams (FIRST), the CVE Program, ISO/IEC JTC 1/SC 27, and the (US) National Telecommunications and Information Administration (NTIA). Art is the is the Deputy Director of ANALYGENCE Labs where he works closely with the (US) Cybersecurity and Infrastructure Security Agency (CISA). Art previously managed vulnerability analysis at the CERT Coordination Center (CERT/CC).
Christopher Robinson

Christopher Robinson (aka CRob) is the Chief Security Architect for the Open Source Security Foundation. With over 25 years of Enterprise-class engineering, architectural, operational and leadership experience, CRob has worked at several Fortune 500 companies with experience in the Financial, Medical, Legal, and Manufacturing verticals, and spent 6 years helping lead the Red Hat Product Security team as their Program Architect. He enjoys hats, herding cats, and moonlit walks on the beach.
Gaurav Mittal

Gaurav Mittal is a Senior Security Data Analyst at Zoom Video Communications, specializing in the intersection of data and cybersecurity. With over six years of experience in data analytics and vulnerability management, he has led initiatives that have significantly enhanced remediation efforts, compliance rates, and overall security posture. Passionate about leveraging data-driven strategies, Gaurav focuses on proactive threat mitigation, helping organizations stay ahead of evolving cyber risks.
Jarry Gamblin

Jerry Gamblin is a Principal Engineer in the Threat Detection & Response business group at Cisco Security, where he leads research and data science initiatives to enhance Cisco Security products. He is actively involved in the CVE community, participating in various working groups and serving as a member of the EPPS SIG. He regularly speaks on vulnerabilities and vulnerability management at international conferences and manages a CVE data collection site at CVE.ICU.
Jay Jacobs

Jay is a Co-Founder at Empirical Security and Chief Data Scientist Emeritus at Cyentia Institute. Jay is also the lead data scientist for the Exploit Prediction Scoring System (EPSS) and is co-chair of the EPSS special interest group at FIRST. He is also a co-founder of the Society for Information Risk Analysts (SIRA), a not-for-profit association dedicated to advancing risk management practices where he served on the board of directors for several years.
Julia Hopkins

Julia Hopkins is a Senior Technical Program Manager for the Product Security Incident Response Team (PSIRT) at Dell Technologies. She manages end-to-end vulnerability response operations for multiple product groups and leads strategic initiatives that enhance security maturity and resilience. Before joining Dell, Julia was a Product Security Analyst at Lenovo, where she also played a key role in establishing Lenovo’s Chief Security Office and managing security initiatives across the global business. Prior to that, she worked as a Fraud Investigator and Computer Forensics Analyst for the Louisiana Department of Justice. With a Master’s degree in Cybersecurity and a collection of industry certifications, Julia is passionate about keeping systems secure. When she’s not navigating the digital battleground, she can be found pushing her limits at the gym, spoiling her dog, getting lost in a good romantasy novel, and embracing the magic of unicorns with her co-conspirator in chaos.
Kent Landfield

Kent Landfield has 35+ years in software development, global network operations, vulnerability research, and network security arenas. Currently founder of the Landfield Group. Previously Kent served as Chief Standards and Technology Policy Strategist at Trellix and McAfee where he was visibly active the initial and continuing development of the NIST Cybersecurity Framework and Privacy Framework and in global security automation development efforts. He participated on multiple subcommittees of the President’s National Security Telecommunications Advisory Committee (NSTAC) efforts. While at McAfee he was chief McAfee Labs Vulnerability Group Architect, as well as a McAfee Principal Architect. In 1999, Kent was a founding member of the CVE Editorial Board. He is currently a CVE Board member and chairs the CVE Strategy Planning Working Group. He has worked on multiple cyber threat information sharing research, standards, and development efforts. Kent holds patents in DNS, Email and Software Patch Distribution technologies.
MegaZone

MegaZone (yes, that's his name, call him MZ) has been with F5, Inc. since 2010, and the F5 SIRT (Security Incident Response Team) since 2016, where he is currently a Principal Security Engineer. Prior to F5 he did time at Xylogics, Livingston Enterprises, Lucent, GTE Internetworking (BBN), Sling Media, and a few others, after graduating from WPI in 1994. Outside of work he collects whisk(e)y, enjoys travel with his wife (often Disney-related), and volunteers to help a local non-profit in their small Massachusetts town with their tech issues. MegaZone has been involved with the CVE program since F5 joined as a CNA in 2016 and has taken an increasingly active role over time, eventually running out of working groups to join. He is currently representing the CNA community in the AWG, CO-OP, OCWG, SPWG, TWG, QWG, and VECWG. He is honored to further represent the CNA community on the CVE Board as CNA Liaison.
Mike Wiles

Mike Wiles is a member of NVIDIA's PSIRT organization, specializing in tooling and process support to ensure effective and efficient incident response and security measures.
Nick Leali

Nick Leali is a current FIRST CVSS SIG co-chair, currently working on improving the adoption of CVSS v4.0 to make transition to the new version of the standard easier for vendors and consumers. Nick works for Cisco as a PSIRT incident manager.
Peter Allor

Peter Allor is the Senior Director, Product Security Incident Response Team for Red Hat. He is instrumental in Red Hat’s secure development and incident response programs and in contributing to upstream security groups such as The CVE Program, CVSS standard, and PSIRT collaboration via FIRST. He focuses on resolving issues and developing solutions that integrate the full spectrum of security operations within an organization’s domain in support of business.
Prior roles include Senior Director for security at Honeywell, Cybersecurity Strategist at IBM and managing vulnerability and incident coordination at IBM for the IBM X-Force. Prior to IBM acquiring Internet Security Systems (ISS), Peter was the Special Assistant to the CEO of ISS for working National Infrastructure Advisory Council (NIAC) problem sets and assisted in forming the Information Technology - Sector Coordinating Council (IT-SCC) where he served on the Executive Committee as Treasurer and later Vice-Chair. As the former Operations Center Director, he ran the Information Technology - Information Sharing & Analysis Center (IT-ISAC) operations and brought coordination across the sector ISACs.
Peter is a Member of the CVE Board, a former member Board of Director of the Forum of Incident Response and Security Teams (FIRST) and its Chief Financial Officer for FIRST. Peter was President of the Industry Consortium for Advancement of Security on the Internet (ICASI) and an Executive Committee Member of the IT Sector Coordinating Council (IT-SCC). A former Commissioner for the CSIS Cybersecurity Commission for the 44th Presidency, he assisted in developing recommendations for the Public and Private Sectors to work collaboratively on Cyber Security.
Peter is a retired Lieutenant Colonel from the US Army. He has a Masters Degree from the University of Phoenix, a BS in Business Administration from Rollins College and is a Graduate of the US Army Command & General Staff College.
Scott Moore

Collector of vulnerability data for 30 years. Creator of the ISS X-Force Vulnerability Database in 1997 and managed it through acquisition by IBM. CVE Numbering Authority for IBM PSIRT Operations Team, Office of the CISO.
Steve Brukbacher

Steve Brukbacher is the PSIRT Program Manager at Lenovo. His primary focus areas include overall PSIRT program development, supplier and advisory coordination. Steve also serves as an advisor on the CVE Outreach and Communications Working Group (OCWG). Steve’s background includes experience in Industrial Control System product security, power grid (SCADA) cybersecurity and experience in higher education security leadership.
Toby Kohlenberg

Toby is a principle security engineer and has been working in infosec since 1999. He has worked on a large number of different technologies in the information security space. His primary job is new technology evaluation, red teaming, and defense.
Valerie Sroka

Valerie Sroka is a dedicated cybersecurity professional with a strong background in vulnerability management. Valerie is currently a Product Security Manager on the PSIRT team at Red Hat. She is part of the "OG" Vulncon Program Committee since it began its planning back in 2023. Beyond Vulncon, Valerie actively participates in several communities including FIRST.org's PSIRT SIG and Women of First SIG, CVE's C.O.O.P.(CNA Organization of Peers), and Women in Technology (WIT). Valerie has been in the security industry for over 10 years, helps bring order to the chaos, and is committed to fostering knowledge exchange and engagement among security researchers.