John Sabo is an independent consultant on data privacy and cyber security, with an extensive background in privacy, cyber security and critical infrastructure protection policies and practices in both the private sector and government.
He is active in the development of technical privacy standards in the OASIS standards development organization and holds a leadership role in OASIS as Chair of the IDtrust Member Section. He has been recognized as an OASIS Distinguished Contributor.

John chairs the OASIS Privacy Management Reference Model (PMRM) Technical Committee. In July 2013, the TC formally adopted the Privacy Management Reference Model and methodology v1.0 as a Committee Specification.

John is also a member of the OASIS Privacy by Design Documentation for Software Engineers (PbD-SE) Technical Committee. He was an OASIS representative to the Internet Technical Advisory Committee, providing advice on privacy policy issues to the Organization for Economic Co-operation and Development (OECD). In that capacity, John spoke on the role of standards organizations in fostering data privacy at the OECD’s June 2011 High Level Meeting on the Internet Economy in Paris. He has also represented OASIS in ISO/IEC and ITU-T technical meetings.

In his industry career, John most recently was Senior Director, Global Government Relations, at CA Technologies, where he focused on trusted infrastructure technologies, policies, and practices. He provided technology policy leadership for CA in industry and government-led data security, privacy, and critical infrastructure protection initiatives and industry consortia from 2000 to 2012. Prior to his career at CA Technologies, John was Business Development Director in IBM’s Network Computing Software Division, representing IBM’s security product division as a founding board member in external business alliances such as the PKI Forum and the International Security Trust and Privacy Alliance (ISTPA). At the ISTPA, John co-authored the “ISTPA Privacy Management Reference Model v2.0” and edited the ISTPA “Analysis of Privacy Principles: Making Privacy Operational.”

John has served as a board member of the Information Technology-Information Sharing and Analysis Center (IT-ISAC) from 2002 to 2012, and was a member of the IT Sector Coordinating Council, both organizations focusing on critical infrastructure protection. John also served as one of the original members of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee and was a long-term appointed member of the NIST Information Security and Privacy Advisory Board.

In his government career, John was Director of the U.S. Social Security Administration’s Electronic Services Staff, culminating a 24-year government career, including senior management roles. He founded the agency’s Web-based online services program and represented the agency in cross-government committees developing policies and implementations for e-government services and privacy-compliant identity systems contributing to formal consultations and expert panels.
John is an invited speaker at international security and privacy conferences, has authored published journal articles, and contributes to technical studies on security, privacy and trust issues. Most recently he co-led a Privacy By Design workshop at the KuppingerCole European Identity Conference 2014 in Munich.

John holds degrees from King’s College (Pennsylvania) and the University of Notre Dame, and is a Certified Information Systems Security Professional (CISSP).


Site account active for
6 years 14 weeks