Authors of the Implementation Guide

Julia Allen


Julia Allen is a senior researcher within the CERT Division at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA.
Allen is engaged in developing and transitioning executive outreach programs in enterprise security and governance, and works extensively with the IT operations and audit communities. Prior to this technical assignment, Allen served as acting Director of the SEI for an interim period of 6 months as well as Deputy Director/Chief Operating Officer for 3 years. Her degrees include a B. Sci. in Computer Science (University of Michigan) and an MS in Electrical Engineering (University of Southern California). She is the author of The CERT Guide to System and Network Security Practices (Addison-Wesley, June 2001), Governing for Enterprise Security (CMU/SEI-2005-TN-023, 2005) and a co-author of Software Security Engineering (Addison-Wesley, May 2008).

Jody R. Westby


Drawing upon a unique combination of more than twenty years of technical, legal, policy, and business experience, Ms. Westby provides consulting and legal services to public and private sector clients around the world in the areas of privacy, security, outsourcing risk management, business continuity, and technology compliance issues. She also serves as Adjunct Distinguished Fellow for Carnegie Mellon CyLab. Prior to forming Global Cyber Risk, Ms. Westby served as senior managing director for PricewaterhouseCoopers (PwC), specializing in outsourcing and cyber security/privacy issues. Before that, she was president of The Work-IT Group; launched In-Q-Tel, an IT venture capital/solutions company for the CIA; served as director of domestic policy for the U.S. Chamber of Commerce; was senior fellow and director of IT studies for the Progress & Freedom Foundation; practiced law with two top-tier New York firms; and spent ten years in the computer industry specializing in database management systems. Jody is a member of the bars of the District of Columbia, Pennsylvania, and Colorado and serves as chair of the American Bar Association's Privacy and Computer Crime Committee. She is a member of the World Federation of Scientists' Permanent Monitoring Panel on Information Security and represents the ABA on the National Conference of Lawyers and Scientists. She is co-author and editor of four books on privacy, security, cybercrime, and enterprise security programs. She speaks globally and is the author of numerous articles. B.A., summa cum laude, University of Tulsa; J.D., magna cum laude, Georgetown University Law Center; Order of the Coif.