Security and Stability Advisory Committee (SSAC)
SSAC Members
Meet the members of the SSAC. These technical security professionals from around the world volunteer their time and expertise to improve the security and integrity of the Internet’s addressing system through advice, reports, and research. Their work spans operational, administrative, and registration matters, as well as tracking and assessing threats and risks.
Chair and Vice-Chair


Rod Rasmussen
(05/2023)
Rod Rasmussen is a retired cybersecurity leader, who occasionally performs short-term consulting and research work in cybersecurity. This includes volunteer work for the Anti-Phishing Working Group (APWG) and other industry organizations.
Prior to retirement, Rasmussen co-founded IID and was the company's lead technology development executive. IID was purchased by Infoblox in 2016, and Rasmussen retired in early 2017. He is widely recognized as a leading expert on the abuse of the domain name system by criminals. Rasmussen is co-chair of the Anti-Phishing Working Group's (APWG) Internet Policy Committee and serves as the APWG Industry Liaison, representing and speaking on behalf of the organization at events around the world. Rasmussen is a member of the Online Trust Alliance's (OTA) Steering Committee. He is a member of the FCC's Communications Security, Reliability, and Interoperability Council (FCC CSRIC). Rasmussen is also an active participant in the Messaging Malware Mobile Anti-Abuse Working Group (M3AAWG) and has served as IID's Forum of Incident Response and Security Teams (FIRST) representative. He is a regular participant in DNS-OARC meetings, the worldwide organization for major DNS operators, registries and interested parties, and in ICANN's series of DNS Security, Stability, and Resiliency Symposiums. Rasmussen earned an MBA from the Haas School of Business at UC-Berkeley and holds two bachelor's degrees, in Economics and Computer Science, from the University of Rochester. He has worked in both government (the Congressional Budget Office) and various computer communications and networking companies throughout his career.
Disclosure of Interest:
- Please identify your current employer(s) and position(s): None – retired
- Please identify the type(s) of work performed at #1 above: N/A
- Please identify any board or committee positions that you hold that might be perceived as influencing your expressed point of view, irrespective of whether they are voluntary: I am on the corporate board and am an investor in CleanDNS, a company that provides services to mitigate DNS Abuse who customers in the domain registration industry, cybersecurity industry and may do work for ICANN from time to time.
- Please list any financial or other material relationship beyond de minimus stock ownership that you or your employer has with any individual, company, or other entity that to your knowledge has a financial or other material relationship with ICANN: None.
- Please list any business transactions that you, your employer, or an immediate family member/significant other has had with ICANN within the last 5 years: N/A
- Is your participation as an SSAC member the subject of any arrangements or agreements between you and any other group, constituency, or person(s)?Please answer "yes" or "no." If the answer is "yes," please describe the arrangements or agreements and the name of the group, constituency, or person(s): No.


Julie Hammer
(05/2023)
Julie Hammer was an independent director on the Board of auDA, the Australian ccTLD, for 9 years until 2016. She was appointed to the Board in 2007 after retiring from the Royal Australian Air Force in 2005 with the rank of Air Vice-Marshal. She was the first woman to achieve one star and two-star rank in the history of the Australian DefenceForce. Throughout her 28-year Air Force career, Julie worked in the fields of aircraft maintenance, technical intelligence, electronic warfare, and information and communications technology systems. Her roles included Commanding Officer of the Electronic Warfare Squadron, delivering operational support to all Air Force aircraft; Director General Information Services, responsible for the day-to-day operations of Defence's strategic communications and Restricted and Secret computer networks; and Commandant of the Australian Defence Force Academy, Australia's tri-service military university. For the year prior to her retirement, she acted as the Chief Information Officer for Defence. She holds a Bachelor of Science with Honours in Physics, a Master's degree in Aerosystems Engineering, a Graduate Diploma in Strategic Studies and a Doctor of Engineering Honoris Causa. In 2008, she was National President of Engineers Australia, the professional association for over 90,000 engineers in Australia.
Disclosure of Interest:
- Please identify your current employer(s) and position(s): Retired
- Please identify the type(s) of work performed at #1 above: N/A
- Please identify any board or committee positions that you hold that might be perceived as influencing your expressed point of view, irrespective of whether they are voluntary. NIL
- Please list any financial or other material relationship beyond de minimus stock ownership that you or your employer has with any individual, company, or other entity that to your knowledge has a financial or other material relationship with ICANN: Nil
- Please list any business transactions that you, your employer, or an immediate family member/significant other has had with ICANN within the last 5 years. NIL
- Is your participation as an SSAC member the subject of any arrangements or agreements between you and any other group, constituency, or person(s)? Please answer "yes" or "no." If the answer is "yes," please describe the arrangements or agreements and the name of the group, constituency, or person(s): No
Members


James Galvin
(05/2023)
Dr. James Galvin is Director of Strategic Relationships and Technical Standards at Donuts, Inc., supporting and managing the company's relationships within Internet and IT communities. As an active, long-time member of these communities, Dr. Galvin participates in the development of the founding technical standards and policies upon which Internet applications and services are developed.
He was an integral participant in the initial development of Internet standards for secure email, domain name system security (DNSSEC), Simple Network Management Protocol (SNMP) security, and Registration Data Access Protocol (RDAP). He has chaired working groups, served as document editor, and managed public domain implementations of security protocols. His many years of technical consulting experience include critical infrastructure design and analysis, risk management, and project management. James was Vice Chair of the SSAC from 2011-2017.
Dr. Galvin has a Bachelor of Science degree from Moravian College with a double major in Computer Science and Mathematics. He holds a Master's in Computer Science and Information Systems from the University of Delaware where he also earned his Doctorate with a dissertation entitled, Distributed Cryptographic Key Management System.
Disclosure of Interest:
- Please identify your current employer(s) and position(s).
Employer: Identity Digital, Inc. Position: Director of Strategic Relationships - Please identify the type(s) of work performed at #1 above.
Identity Digital is a registry service and DNS service provider, among other things. We actively engage with organizations whose activities include the design and development of policies and technical standards that directly affect our operation and business. I am responsible for Identity Digital's technical relationship with these organizations. - Please identify any board or committee positions that you hold that might be perceived as influencing your expressed point of view, irrespective of whether they are voluntary.
None. - Please list any financial or other material relationship beyond de minimus stock ownership that you, your employer, or an immediate family member/significant other has with ICANN or with any individual, company, or other entity that to your knowledge has a current or planned financial or other material relationship with ICANN.
Identity Digital is the registry service provider (in a few cases also the registry operator) for a number of TLDs that are contracted parties to ICANN. - Please list any business transactions that you, your employer, or an immediate family member/significant other has had with ICANN within the last 5 years.
Identity Digital is the registry service provider (in a few cases also the registry operator) for a number of TLDs that are contracted parties to ICANN. - Is your participation as an SSAC member the subject of any arrangements or agreements between you and any other group, constituency, or person(s)? Please answer "yes" or "no." If the answer is "yes," please describe the arrangements or agreements and the name of the group, constituency, or person(s).
No.
Greg Aaron
(05/2023)
Greg Aaron is President of Illumintel Inc. He is an authority on the malicious use of domain names, and is an expert on DNS operations, domain name policy, and related intellectual property issues.
Greg has advised companies, law enforcement, governments, and the ICANN community regarding all kinds of Internet-based abuse and cybercrime. He has investigated and mitigated major phishing attacks, spamming gangs, counterfeit and trademark violations, malware distribution, child sexual abuse image cases, and fast-flux networks. He holds a private detective license in the Commonwealth of Pennsylvania, USA. Greg is Senior Research Fellow at the Anti-Phishing Working Group (APWG) and is the editor of the APWG's ongoing Phishing Activity Trends Reports series, which is the world's major source of phishing metrics and analysis. He also manages the APWG eCrime Exchange (eCX), the world's oldest and most trusted threat data exchange and repository. He publishes separate data-driven studies about the prevalence and distribution of phishing and malware. He has participated in numerous ICANN working groups, including policy-development groups related to privacy, registration data, and DNS security. He was the senior industry expert on the Ernst & Young team that evaluated the new TLD applications to ICANN in 2012-2013, and he oversaw the launches and operations of several gTLDs and ccTLDs in 2001 to 2011, including .INFO, .ME, and .IN. He is magna cum laude graduate of the University of Pennsylvania.
Disclosure of Interest:
- Please identify your current employer(s) and position(s): President, Illumintel Inc.
- Please identify the type(s) of work performed at #1 above: Internet security, policy, and technology consulting.
- Please identify any board or committee positions that you hold that might be perceived as influencing your expressed point of view, irrespective of whether they are voluntary. None
- Please list any financial or other material relationship beyond de minimis stock ownership that you or your employer has with any individual, company, or other entity that to your knowledge has a financial or other material relationship with ICANN: Mr. Aaron is a member of ICANN's Registry Services Evaluation Panel. Illumintel is an associate of Interisle Consulting Group. Illumintel and Interisle may provide consulting services from time to time to ICANN contracted parties.
- Please list any business transactions that you, your employer, or an immediate family member/significant other has had with ICANN within the last 5 years. I am a member of ICANN's Registry Services Evaluation Panel.
- Is your participation as an SSAC member the subject of any arrangements or agreements between you and any other group, constituency, or person(s)? Please answer "yes" or "no." If the answer is "yes," please describe the arrangements or agreements and the name of the group, constituency, or person(s): No.
Joe Abley
(10/2023)
Joe Abley works for Cloudflare. He was formerly the inaugural Chief Technology Officer of Public Interest Registry, the operator of the .ORG registry. Joe has also carried out a variety of technical roles at NSRC, ICANN, TekSavvy, Afilias, ISC and AboveNet, and has provided consulting services for a variety of other Internet companies in North America, Europe and New Zealand. He narrowly avoided failure at the University of Cambridge whilst young and foolish, and escaped in 1993 with a BA (Hons) in Physics and Computer Science.
Joe was a founding trustee of NZNOG and is a Fellow of InternetNZ. He served as chair of the NANOG Steering Committee, has volunteered as Executive Director of the IAB and has participated as an instructor in AfNOG and SANOG meetings, most usually in conjunction with the very excellent people at NSRC.
Joe's principal interests concern large-scale deployment, instrumentation, and observation of DNS services on the Internet. He has been known to make trouble at IETF meetings.
Joe lives and works from his home in Amsterdam, Netherlands.
Disclosure of Interest:
- Please identify your current employer(s) and position(s): Director of Engineering, Cloudflare
- Please identify the type(s) of work performed at #1 above: Management engineering staff.
- Please list any financial or other material relationship beyond de minimus stock ownership that you or your employer has with any individual, company, or other entity that to your knowledge has a financial or other material relationship with ICANN: Cloudflare is a contracted party
- Please identify any board or committee positions that you hold that might be perceived as influencing your expressed point of view, irrespective of whether they are voluntary: I am an elected, volunteer director of DNS-OARC and a member of the RSSAC caucus.
- Please list any business transactions that you, your employer, or an immediate family member/significant other has had with ICANN within the last 5 years. Until July 2022 I was a director and shareholder of Snake Hill Labs Inc, a Canadian consulting company that has carried out paid work for ICANN org in the past. I am no longer a director or shareholder of Snake Hill Labs Inc.
- Is your participation as an SSAC member the subject of any arrangements or agreements between you and any other group, constituency, or person(s)? Please answer "yes" or "no." If the answer is "yes," please describe the arrangements or agreements and the name of the group, constituency, or person(s): No.
Benedict Addis
(05/2023)
Benedict is employed by Shadowserver Foundation, where he is the Chair of Registrar of Last Resort (RoLR) an ICANN accrediated registrar. From 2011 to 2014 he was a technical officer in the UK's National Cyber Crime Unit, formerly SOCA Cyber. There, his team was responsible for international cybercrime enquiries under the Budapest Convention and G8 24/7 process, and he was the unit's point of contact for 'threat to life' emergencies. He was previously a partner in a network and security start-up and worked as a researcher in the Secure Systems lab at HP Labs. He holds a Master's in Information Security from Royal Holloway University of London.
Disclosure of Interest:
- Please identify your current employer(s) and position(s): My current employer is Shadowserver, where I am employed as Chair of the Registrar of Last Resort (RoLR)
- Please identify the type(s) of work performed at #1 above: Security research and operations
- Please identify any board or committee positions that you hold that might be perceived as influencing your expressed point of view, irrespective of whether they are voluntary. n/a
- Please list any financial or other material relationship beyond de minimus stock ownership that you or your employer has with any individual, company, or other entity that to your knowledge has a financial or other material relationship with ICANN: I am Chair of RoLR, an ICANN-accredited registrar. In 2016, my employer The Shadowserver Foundation received funding from Nominet UK, an ICANN-accredited registry. In 2020, my employer The Shadowserver Foundation entered into a contractor consulting agreement with ICANN.
- Please list any business transactions that you, your employer, or immediate family member/significant other has had with ICANN within the last 5 years. As per my DOI, in 2020, my employer The Shadowserver Foundation entered into a contractor consulting agreement with ICANN. This is ongoing.
Is your participation as an SSAC member the subject of any arrangements or agreements between you and any other group, constituency, or person(s) - Please answer "yes" or "no." If the answer is "yes," please describe the arrangements or agreements and the name of the group, constituency, or person(s): No.
Maarten Aertsen
11/2023
Maarten Aertsen is an engineer interested in the legal, social, and economic factors underlying the Internet's core technologies. He works as senior internet technologist at NLnet Labs, a small, independent public benefit organization contributing to the robustness, security and reliability of the Internet and the privacy of its users. Its open-source software and work on open standards for the Domain Name System and (safe) inter-domain routing is in use globally. Maarten enjoys bridging between technical and policy audiences and brings NLnet Labs' expertise to policy-making bodies, including governments, regulators, and multi-stakeholder forums.
He holds an MSc in Telematics from the University of Twente and an MSc in cybersecurity from Leiden University's Faculty of Governance and Global Affairs and previously worked as senior advisor for the Dutch National Cyber Security Centre (NCSC-NL) and as advisor on privacy and security for Deloitte Risk Services.
Disclosure of Interest
- Please identify your current employer(s) and position(s):
NLnet Labs, a not-for-profit foundation as senior internet technologist - Please identify the type(s) of work performed at #1 above:
Open standards and open-source software development. NLnet Labs also provides expertise to policy making bodies, including governments, regulators, and multi-stakeholder forums. We regularly are consulted by a range of companies and organizations, including ICANN. - Please identify any board or committee positions that you hold that might be perceived as influencing your expressed point of view, irrespective of whether they are voluntary.
None at the time of writing. - Please list any financial or other material relationship beyond de minimus stock ownership that you or your employer has with any individual, company, or other entity that to your knowledge has a financial or other material relationship with ICANN:
NLnet Labs does the occasional consultant job for ICANN and its stakeholders. We collaborate with and are sponsored by various parties in the industry; see our annual reports for details. - Please list any business transactions that you, your employer, or an immediate family member/significant other has had with ICANN within the last 5 years.
As far as I know, NLnet Labs has had contracts with ICANN in the last 5 years on the following subjects, none of which I was directly involved in:- ITHI tools review (end 2017/begin 2018, tools used by https://ithi.research.icann.org/
- DNSSEC metrics study, with SIDN (See
https://www.sidnlabs.nl/en/news-and-blogs/dnssec-metrics-the-state-of-the-art-and-recommendations-for-the-future) - RSSAC028 measurements with SIDN
https://features.icann.org/rssac028-technical-analysis-naming-scheme-used-individual-root-servers https://indico.dns-oarc.net/event/46/contributions/1003/attachments/951/1768/RSSAC028 - Representation on the ISO 3166 MA and liaison function to ISO Technical Committee 46 Workgroup 2.
- Is your participation as an SSAC member the subject of any arrangements or agreements between you and any other group, constituency, or person(s)? Please answer "yes" or "no." If the answer is "yes," please describe the arrangements or agreements and the name of the group, constituency, or person(s):
no.
Gautam Akiwate
11/2023
Gautam Akiwate is a Postdoctoral Researcher at Stanford University. During his PhD at UC San Diego, he worked on the security and resilience of the DNS ecosystem. His research lies at the intersection of security and networking and is primarily concerned with how attackers leverage byzantine trust relationships between various entities on the Internet to undermine the security and stability of the Internet. Previously, he worked on a range of things right from mobile computing, kernels, to next generation storage systems.
SAC Disclosure of Interest – Gautam Akiwate -
- Please identify your current employer(s) and position(s).
Stanford University, Postdoctoral Researcher - Please identify the type(s) of work performed at #1 above.
I work on various aspects of Internet security, and resiliency spanning DNS hijacks, BGP hijacks, registrar name management, email security, use of blocklists, and other topics. - Please identify any board or committee positions that you hold that might be perceived as influencing your expressed point of view, irrespective of whether they are voluntary.
None - Please list any financial or other material relationship beyond de minimus stock ownership that you, your employer, or an immediate family member/significant other has with ICANN or with any individual, company, or other entity that to your knowledge has a current or planned financial or other material relationship with ICANN.
None - Please list any business transactions that you, your employer, or an immediate family member/significant other has had with ICANN within the last 5 years.
None - Is your participation as an SSAC member the subject of any arrangements or agreements between you and any other group, constituency, or person(s)? Please answer “yes” or “no.” If the answer is “yes,” please describe the arrangements or agreements and the name of the group, constituency, or person(s).
No.