John Sabo


Consultant— Data Privacy and Cybersecurity

John Sabo, CISSP, is an independent consultant on data privacy and cyber security, with an extensive background in privacy, cyber security and critical infrastructure protection policies and practices in both the private sector and government. He is active in the development of privacy standards in the OASIS standards development organization.   

John chairs the OASIS “Privacy Management Reference Model (PMRM)” Technical Committee and the OASIS IDTrust Member Section Steering Committee. He is also a member of the OASIS “Privacy by Design Documentation for Software Engineers (PbD-SE)” Technical Committee.    

In his industry career, John most recently was Senior Director, Global Government Relations, at CA Technologies, providing technology policy leadership for CA in industry and government-led data cyber security, privacy, and critical infrastructure protection initiatives and industry consortia from 2000 to 2012. Prior to his career at CA Technologies, John was Business Development Director in IBM’s Network Computing Software Division.  

John served as member of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee and was a long-term member of the NIST Information Security and Privacy Advisory Board. John has also served as a board member and President of the Information Technology-Information Sharing and Analysis Center (IT-ISAC), was a member of the IT Sector Coordinating Council, and was Chair of the ISAC Council (now National Council of ISACs).

In his government career, John was Director of the U.S. Social Security Administration’s Electronic Services Staff, culminating a 24-year government career, including senior management roles. He founded the agency’s Web-based online services program and represented the agency in cross-government committees developing policies and implementations for e-government services, security and privacy-compliant identity systems

Contributing to formal consultations and expert panels, John is an invited speaker at international security and privacy conferences, has authored published journal articles, and contributes to technical studies on security, privacy and trust issues.  

John holds degrees from King’s College (Pennsylvania) and the University of Notre Dame, and is a Certified Information Systems Security Professional (CISSP).