Board
Members of the GFCRC Board
William Bartholomew
Director of Security Strategy, Microsoft
William Bartholomew (he/him) is a Principal Security Strategist in the Customer Security & Trust team at Microsoft. His public policy advocacy benefits from over a decade of experience in designing, implementing, and operating software supply chains used by tens of thousands of developers. Prior to focusing on public policy, he held engineering and product management roles within Microsoft and GitHub that focused on delivering reliable and secure engineering systems for developers internally as well as for our customers. He brings his relentless focus on reducing friction to standards development, open source, and public- and private-sector working groups globally. When not working, he can be found tinkering with hardware and software, making espresso, and spending time with his family in the United States’ Pacific Northwest.
María del Pino González-Junco
Partner Manager for the Charter of Trust, Siemens
Maria is Partner Manager for the Charter of Trust at Siemens. She is passionate about linking technology and business, skilled in building cross-functional teams and turn them into top performers to bring about improvements in strategy, processes, and profitability, and committed to delivering an exceptional customer experience.
Mehmet Ince
Managing Partner, PRODAFT
Mehmet is Senior Vulnerability Researcher and Managing Partner of PRODAFT, a Netherlands-based cyber-threat intelligence firm. Mehmet has been at the forefront of the information security community for many years, with an extensive knowledge base reaching 15 years. Up to date, Mehmet has done extensive research on finding vulnerabilities in popular products and published more than 300 0-days based on his findings.
Thomas Penteker
Head of CERT, Siemens AG
Since 2022, Thomas Penteker has been the Head of CERT at Siemens AG, directing critical cybersecurity strategies for the company. His journey in cybersecurity commenced in 2015 when he assumed the role of IT Security Engineer at Siemens CERT, progressing subsequently to become the Team Lead for Incident Response from 2017 to 2022. Before delving into corporate cybersecurity, Thomas spent six years freelancing as a Project Manager and Developer from 2009 to 2015, showcasing his adaptability and diverse skill set. In the earlier stages of his career, from 2007 to 2009, he held the role of Head of IT at Herbert Bauer GmbH. Each step in Thomas’ professional trajectory has contributed to a rich tapestry of skills and experiences that define his career in the dynamic field of cybersecurity.
Tarah Wheeler
CEO & Founder, Red Queen Dynamics
Tarah M. Wheeler is a strategic technical security leader and executive dedicated to cybersecurity with integrity and openness. Innovating in cloud security, data privacy, and top-level direction for security companies. She has holistic experience in and passion for risk management, compliance as a service, and drilling down into technical contributions to product and operational security. Her background includes engineering and systems administration, developed into clear communications, customer oriented relationship building, and strategic leadership of enterprise-level organizations. Tarah was most recognized for remaining technically competent while breaking into executive leadership and strategic direction for security organizations and companies.
Stéphane Duguin
CEO, Cyber Peace Institute
Stéphane Duguin is the CEO of the CyberPeace Institute. Humanitarian, entrepreneur, investigator, he spent two decades tracking how criminals groups and terrorists organisation weaponise disruptive technologies, such as Al, against vulnerable communities. At Europol, Stephane led major international counter cybercrime, terrorism and hybrid threats operations, and investigated threat actors deploying cyberattacks, illegal content and disinformation techniques. Stephane leads the CyberPeace Institute to provide free cybersecurity for the most vulnerable and hold threat actors to account for the harms they cause.
Stéphane Duguin sits on the Board of the Datasphere Initiative and is a member of the Advisory Board of the Open Quantum Institute, the Global Forum on Cybercrime Expertise (GFCE), the Tech4Trust initiative, the Fighting Terrorist Content Online (FRISCO) and the Global Cyber Alliance (GCA).
Stéphane has published a book, over 50 articles, book chapters, conference papers, and commentary essays exploring themes like AI, cybercrime, disinformation, and OSINT techniques. Holding numerous keynotes, he shed light on criminal innovation in the age of technology.
Stéphane served in EUROPOL as senior manager in the European Cybercrime Centre (EC3), the European Internet Referral Unit (EU IRU), and the Europol Innovation Lab.
Sándor Féhér
CEO, White Hat Security / CyAN Representative
Sándor is the founder and CEO of White Hat IT Security. With a degree in software development and mathematics he has spent over 15 years in the national security sector, where he had had the opportunity to see the highest-level governmental offense and defence and gain hands-on experiences and a diverse view few could. He founded White Hat in 2018 with venture capital and turned immediately abroad.
White Hat IT Security is a cloud-focused managed security services provider (MSSP), which – as a member of the Microsoft Intelligent Security Association – specializes in the Microsoft security portfolio. In September 2023 the company provides 24/7 defence to its customers in over 35 countries, together with a wide range of complimentary cyber security services including high-level vulnerability assessments and penetration testing, consulting, trainings or rapid incident response, if need be.
Sándor is an Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), Offensive Security Wireless Professional (OSWP) and Certified Information Security Manager (CISM), while also a certified ISO27001 Lead auditor. He is a member of the Paris-based Cybersecurity Advisors Network (CyAN), board member of the also Paris-based Good Faith Cybersecurity Researcher Coalition, founding member of the Hungarian Cyber Security Cluster and strategic partner and guest lecturer of the prestigious Óbuda University.
Observer Members
Paris Peace Forum
Paris Peace Forum
Structure
The GFCRC Board consists of representatives from diverse constituencies that reflect the complex ecosystem in which vulnerabilities are treated. The Board has a minimum of 3 members and a maximum of 10 members, elected by the General Assembly, composed of the Members and Honorary members of the Association, for a maximum period of 2 years.
- Executive Committee: President, VP, Treasurer assisted by a Secretariat. The Board appoints a Secretariat that executes the daily management of the Association.
- Board
- Up to 10 members
- The inaugural board consists of founding members and is to be formed by November 2022; it will prepare a governance model to be adopted by early 2023.
- The board will consist of representatives of constituencies: seats will be reserved for representatives of the various constituencies that will be deemed necessary to adequately represent the community of stakeholders.
- Observers: Paris Peace Forum, CyAN, others shortly TBD.
- Up to 10 members
- Advisory Committee:
- Up to 10 members. Appointed by the board for 2 years. The Advisory Committee appoints its Chair.
- General Assembly
- All the members, organized into constituencies (such as Cybersecurity Researchers, Vendors, Vulnerability Owners, CVD Coordinators)
- Voting right requires membership fee.
Secretariat
The GFCRC Secretariat is responsible for day-to-day operations of the initiative.
Jean-Christophe Le Toquin
Secretary General
Nicholas Kelly
Operations Director
James Briscoe
Policy and Communications Officer
John Salomon
External advisor
Scope of Work
Under the direction of the Board, the GFCRC continually updates its Scope of Work in response to, and in anticipation of changes in how vulnerabilities are treated and areas where the Coalition can best represent its members and improve their standing.
Access the latest Scope of Work here.
Articles of Association
The Articles of Association articulate the what, why, and how of the GFCRC.
Access the Articles of Association here.
