Governance & stewardship

CR-CMM Advisory Board.

CR-CMM is the community-driven cyber resilience capability maturity model, guided by an Advisory Board for technical integrity and strategic input. CR-CMM is sponsored and owned by High Value Target, a boutique cyber resilience firm.

View resources Start assessment

Practice
Leads

Meeting notes posted

Change request routes

Anyone from the community can submit change requests to the CR-CMM team via email, to Advisory Board members, or via LinkedIn. Meeting notes are posted on this website for transparency.

The role of the CR-CMM Advisory Board

Technical integrity, interpretation, and responsible evolution.

The Advisory Board helps guide the technical integrity, interpretation, and responsible evolution of CR-CMM. Advisory Board membership does not by itself transfer ownership or authorize official public representation, partnerships, or commercialization under the CR-CMM brand without approval. Any change request is then periodically reviewed and triaged by the Advisory Board and meeting notes are posted on this website for transparency.

Community governance

CR-CMM is the community-driven cyber resilience capability maturity model, guided by an Advisory Board for technical integrity and strategic input. Anyone from the community, especially from prominent cyber resilience subject-matter expert groups, can submit change requests to the CR-CMM team via email, to its Advisory Board members or via its LinkedIn page. Any change request is then periodically reviewed and triaged by the Advisory Board. CR-CMM is sponsored and owned by High Value Target, a boutique cyber resilience firm.

CR-CMM is made available for community benefit under its published licensing terms. High Value Target retains ownership, sponsorship, and control of official branding, external positioning, and approved commercial use.

Special advisory roles

Strategic, community, and AI guidance.

These special roles support the CR-CMM Chairman and strengthen community coordination, external perspective, and AI-related direction for the initiative.

Special role

Strategic Advisor

Phil Venables

Partner, Ballistic Ventures

Supporting the CR-CMM Chairman with strategic direction, external perspective, and senior-level guidance.

Special role

Community Lead

Surendra Narang

Palo Alto Networks

Responsible for coordinating community engagement, contributor collaboration, and participation across the cyber resilience ecosystem.

Special role

AI Lead

Lukasz Guzdziol

ISSA

Responsible for guiding the initiative's AI-related focus areas, including emerging risks, practical use cases, and implications for cyber resilience.

Current board

Practice-aligned advisors.

The Advisory Board brings together domain expertise across the ten CR-CMM practices to help review interpretation, change requests, and the ongoing evolution of the model.

Practice	Advisor	Organization
Criticality Analysis	Heath Renfrow	Fenix24
Threat-Informed Defense	Mehdi Azaouioui	Limber Security
Crisis Management	Mark Orsi, Alex Sharpe	GRF
Contingency Testing	Itay Mesholam	ISSA Cyber Resilience SIG
Offensive Testing	Piotr Borkowski	CyberArms
Situational Awareness	Rob van Os	SOC-CMM
Defensible Architecture	Perry Young	AiSP CISO SIG
Scenario Simulation	Patrick Lechner	Resion
Cyber Recovery	Carlos Recalde	Cyber Resilience Academy
System Testing	Dr. Mark Winstead	MITRE

Submit a change request

Route feedback through the official channels.

Community members, especially cyber resilience subject-matter expert groups, can submit change requests to the CR-CMM team via email, directly to Advisory Board members, or through LinkedIn.

contact@cr-cmm.org LinkedIn

Meeting notes