John Sabo
OASIS Idtrust

John Sabo

John Sabo is an independent consultant on data privacy and cyber security, with a multi-faceted career in government, the IT industry and standards development.

In his standards work, John co-chairs the OASIS “Privacy Management Reference Model (PMRM)” Technical Committee. He is also a member of the OASIS “Privacy by Design Documentation for Software Engineers (PbD-SE)” Technical Committee, and chairs the OASIS IDtrust Member Section Steering Committee. In that capacity, John was an OASIS representative to the Internet Technical Advisory Committee, providing advice on communications policy issues to the Organization for Economic Co-operation and Development (OECD). In June 2011, John spoke on the role of standards organizations in fostering data privacy at the OECD’s High Level Meeting on the Internet Economy in Paris. He has also represented OASIS in ISO/IEC and ITU-T technical meetings. In July 2011, John was named an OASIS Distinguished Contributor at the annual OASIS member’s meeting.

In his industry career, John was Senior Director, Global Government Relations, CA Technologies, from 2000 to 2012, where he focused on trusted infrastructure technologies, policies, and practices. He provided technology policy leadership in industry and government-led data security, privacy, and critical infrastructure protection initiatives and in standards development. Prior to working at CA Technologies, John was Business Development Director in IBM’s Network Computing Software Division, representing IBM’s security product division as a board member in external business alliances such as the PKI Forum and the International Security Trust and Privacy Alliance (ISTPA).

Before working in the private sector, John was Director of the U.S. Social Security Administration’s Electronic Services Staff where he founded the agency’s Web-based online services program and represented the agency in cross-government committees developing policies and implementations for e-government services and privacy-compliant identity systems.

At the ISTPA, John co-authored the “ISTPA Privacy Management Reference Model v2.0” and edited the ISTPA “Analysis of Privacy Principles: Making Privacy Operational.” He served as a board member of the Information Technology- Information Sharing and Analysis Center (IT-ISAC) from 2002 to 2012, and was a member of the IT Sector Coordinating Council, both organizations focusing on critical infrastructure protection. John also served as one of the original members of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee and was a long-time member of the NIST Information Security and Privacy Advisory Board.

Contributing to formal consultations and expert panels, John is an invited speaker at international security and privacy conferences, has authored published journal articles, and contributes to technical studies on security, privacy and trust issues. He holds degrees from King’s College (Pennsylvania) and the University of Notre Dame and holds a CISSP certification.

Latest Events