Julia Allen is a senior researcher on the Resilient Enterprise Management team in the CERT Program at the Software Engineering Institute (SEI). Julia’s areas of interest include operational resilience, software security and assurance, and resilience measurement and analysis.
Julia is the author of The CERT Guide to System and Network Security Practices (Addison-Wesley 2001) and moderator for the CERT Podcast Series: Security for Business Leaders. She is a coauthor of Software Security Engineering: A Guide for Project Managers (Addison-Wesley 2008) and a contributing author to the CERT Resilience Management Model.
David W. White
Senior Member of the Technical Staff
Software Engineering Institute
David White is a senior member of the technical staff on the Resilient Enterprise Management Team in the CERT Program at the Software Engineering Institute (SEI). David has served as product manager and a core member of the CERT-RMM development team since 2006. He has also led numerous projects to assist organizations with their adoption and use of the model, including pilot CERT-RMM appraisal efforts. David is an instructor for the Introduction to the CERT-RMM course and a lead appraiser for the CERT-RMM capability appraisal method. David is also the project manager for the SEI Smart Grid Maturity Model, a management tool that an electric power utility can use to evaluate, guide, and improve its smart grid transformation project. David has bachelor’s and master’s degrees in engineering from Carnegie Mellon University.
Richard A. Caralli
Technical Manager
Software Engineering Institute
Richard Caralli is the technical manager of the Resilient Enterprise Management Team in the CERT Program at the Software Engineering Institute (SEI). Richard’s areas of interest include information assurance risk management, critical infrastructure protection, resilience process improvement, and resilience measurement and analysis. In addition to being the lead architect of the CERT Resilience Management Model, Richard has developed several information assurance risk assessment methods at the SEI, including the OCTAVE Allegro method, and has taught extensively on information security management topics. Prior to joining the SEI, Richard spent more than twenty-five years in information technology positions in industry, primarily in IT auditing. Richard received his bachelor’s degree in accounting from St. Vincent College and an MBA from Duquesne University.