Call for Nominations: Regulatory and Standards SIG Leadership (Chair and Vice-Chair)

[riaankleinhans]

---

📢 Call for Nominations: Regulatory and Standards SIG Leadership

The Governing Board has officially approved the formation of the Regulatory and Standards Special Interest Group (SIG). This SIG is dedicated to addressing regulatory, compliance, and standards-related matters for Confidential Computing.

In alignment with our commitment to transparency and open-source best practices, this GitHub Issue serves as the formal platform for collecting nominations for the inaugural leadership roles: Chair and Vice-Chair.

---

1. Roles Open for Nomination

We are seeking nominations for the following two positions:

Role	Key Responsibilities include:
Chair	Leading SIG meetings, setting agendas, defining the SIG's charter and initial OKRs, and representing the SIG to the Governing Board and wider community.
Vice-Chair	Supporting the Chair in all duties, leading specific sub-committees or workstreams, and assuming the Chair’s duties when necessary.

---

2. Nomination Process

All nominations must be submitted by commenting on this GitHub Issue. Self-nominations are strongly encouraged. This shifts the process from traditional mailing list nominations to an open, public record.

Nomination Deadline: [Insert Date and Time (e.g., Friday, January 10, 2026, 23:59 UTC)]

3. Submission Requirements

To submit a nomination, please create a single, dedicated comment on this issue containing the following information clearly organized:

1. Role Nominated For: (Chair or Vice-Chair)
2. Nominee Name and Affiliation:
3. Short Professional Biography: (Maximum 250 words, detailing relevant experience in regulatory/standards domains)
4. Contribution Statement/Vision: (Maximum 300 words. Please articulate what you will bring to the role and your vision for the SIG's direction, including defining its initial charter and objectives.)

Example Submission Format:

**Role Nominated For:** Chair

**Nominee Name and Affiliation:** Jane Doe, Acme Corp

**Short Professional Biography:**
Jane Doe is a ten-year veteran of technology policy and compliance, specializing in GDPR and CCPA enforcement within cloud environments. She has previously served on the governance board for the [Example Standards Body] and holds a Master’s degree in Cyber Law.

**Contribution Statement/Vision:**
My primary goal is to establish the Regulatory and Standards SIG as the definitive source for common terminology and best practices, bridging the gap between technical implementation and regulatory policy. I will prioritize quickly defining the SIG’s charter and focusing our first six months on a white paper that clearly outlines regulatory alignment for Confidentially Computing, building on initial commitments from Huawei and Intel.

[maglearning]

Role Nominated For: Vice-Chair
Nominee Name and Affiliation: Michael Guzman, JP Morgan Chase
Short Professional Biography:
Michael Guzman is a cybersecurity executive with over twenty years of experience leading security engineering, governance, and risk management programs in complex, highly regulated environments. He currently serves as Executive Director and Principal Cybersecurity Architect at JPMorgan Chase, where he leads a team of cloud security engineers responsible for architectural assurance, threat modeling, policy development, and oversight of controls for public cloud and SaaS workloads. Michael regularly briefs senior leadership and Board-level audiences and advises internal and external regulators on the effectiveness and coverage of cloud governance models.

His career reflects deep expertise in secure-by-design architectures and the practical application of confidential computing to strengthen trust boundaries. Prior to his current role, Michael supported cloud security and privacy initiatives at Meta and served as an Assurance Consultant with AWS. In that capacity, he worked directly with C-suite stakeholders, acted as a PCI QSA, and guided regulated organizations through secure cloud migration strategies aligned to PCI DSS, SWIFT, and FFIEC requirements. He also developed and delivered ISACA-, ISC²-, and SANS-accredited security awareness programs.

Earlier at JPMorgan Chase, Michael led PCI strategy initiatives and managed a global infrastructure engineering team, overseeing audit responses, vendor governance, and multi-platform operations.

Michael holds a Bachelor of Applied Science in Cyber Operations with a focus on Cyber Law & Policy from the University of Arizona. He maintains industry certifications including CISSP, CISA, CPDSE, and multiple AWS specialties. He brings a governance-focused, mission-driven perspective to the Confidential Computing Consortium Governance SIG.

Contribution Statement/Vision:
My vision for contributing to the CCC Regulatory and Standards SIG is to position confidential computing as a strategic enabler of regulatory compliance, audit assurance, and digital trust—especially as organizations accelerate cloud modernization and adopt emerging technologies such as AI. Today, regulatory expectations continue to expand while traditional architectures struggle to deliver verifiable assurance. Confidential computing, with its isolation guarantees and hardware-backed attestation, provides a practical and scalable solution to bridge this governance gap.

If elected Vice-Chair, I intend to advance this mission through three strategic contributions.

First, I will champion the development of governance-aligned reference models that formally map confidential computing capabilities to established and emerging regulatory frameworks—including PCI DSS, NIST CSF, FFIEC, SWIFT, GDPR, and evolving governmental policies. This work will help create a shared language that auditors, regulators, and technology leaders can consistently rely upon when evaluating enclave-based architectures across diverse use cases.

Second, I will drive the creation of outcome-based guidance that demonstrates how confidential computing can function as a primary, mitigating, or compensating control. This includes showing how attestation, isolation boundaries, and verifiable execution enhance assurance for a wide range of workloads, such as cloud-hosted applications, sensitive analytics pipelines, and AI inference environments.

Third, I will promote broader cross-sector collaboration—engaging cloud providers, financial institutions, technology companies, standards bodies, academia, and government regulators. The objective is to ensure confidential computing is embedded into the next generation of compliance norms, whether applied to on-premises systems, cloud-native compute, data-sharing ecosystems, regulated workloads, or emerging technologies like AI.

My commitment is to help the CCC establish confidential computing as a foundational governance cornerstone that reduces compliance friction, strengthens organizational risk posture, and elevates digital trust across industries.

[solcates]

Role Nominated For: Chair or Vice-Chair

Nominee Name and Affiliation: Solomon Cates, Google Cloud

Short Professional Biography: Solomon Cates is a technology and cybersecurity executive with over 30 years of experience protecting the world's most critical data. He currently leads strategy, policy, and product management for Enterprise, Regulated, Confidential, and Sovereign products at Google Cloud, where he manages a portfolio that includes HSMs, KSMs, Confidential Computing, TPMs, and TEE products. Prior to Google, Solomon held key leadership roles at Thales—including CTO, VP of Technology Strategy, and Principal Technologist—and served as CISO and CSO at Vormetric.

His career has been dedicated to pioneering Trusted Execution Environments (TEEs), Confidential Computing, and enclave architectures. With a deep foundation in Key Management, HSMs, and Attestation, Solomon has partnered with global financial institutions, multinational enterprises, nation-states, and the US Intelligence Community to architect resilient, rights-enforcing systems. He maintains active, collaborative relationships with key regulators, aiming to bridge the gap between deep technical implementation and global policy. He is committed to "True Sovereignty For All," dedicated to bringing balance to the possession, custody, and control of data and systems.

Contribution Statement/Vision:
My goal is to serve the Regulatory and Standards SIG in establishing Confidential Computing (CC) as a universal cornerstone of critical infrastructure.

To achieve this, I will facilitate a collaborative environment focused on three primary objectives:

• Defining a "Universal" Charter: I will guide the creation of a Charter focused on universal use cases that bind CC to mainstream adoption. We must bridge the gap between provider capabilities and consumer compliance needs, demonstrating how Attestation and enclave architectures serve as the definitive proof of auditability and trust.

• Harmonization & Advocacy: Drawing on my work with bodies like NIST, ANSSI, and BSI, I will support the SIG in ensuring our standards are legally recognized and acceptable. We will help move CC into the mainstream by proving that hardware-backed Attestation and Key control are the viable paths to meeting modern regulatory demands.

• Active & Inclusive Leadership: I am committed to setting an agenda where "policy meets physics." I will ensure the SIG acts as a bridge for vendors, partners, and regulated industries (Finance, Healthcare, Public Sector) to collaboratively create artifacts that operationalize trust—clarifying exactly how technical primitives map to regulatory controls.

I look forward to the opportunity to serve this SIG, working together to bring Confidential Computing into the mainstream as a trusted environment for building mission-critical systems across all industries.

[jinyier]

Role Nominated For: Chair

Nominee Name and Affiliation: Yier Jin, Huawei

Short Professional Biography:
Yier Jin is the Chief Scientist in Trust Domain in Huawei. He is also a professor in the University of Science and Technology of China (USTC). Before joining Huawei, he was the IoT Endowed Professor in the Department of Electrical and Computer Engineering (ECE) in the University of Florida (UF). He received his PhD degree in Electrical Engineering in 2012 from Yale University after he got the B.S. and M.S. degrees in Electrical Engineering from Zhejiang University, China, in 2005 and 2007, respectively. His research focuses on the areas of hardware security, confidential computing, embedded systems design and security, trusted hardware intellectual property (IP) cores and hardware-software co-design for modern computing systems.

Contribution Statement/Vision:
My main goal in leading the newly established Regulatory and Standards SIG is to expand the confidential computing ecosystem. I have been promoting techniques related to confidential computing and privacy-preserving computing for many years. While I strongly believe that confidential computing offers a promising future for protecting data in the era of AI, many companies dedicated to this area are still struggling to survive. The reason is fairly simple: the ecosystem for confidential computing is not fully developed. As one of the most important steps toward that goal, we need to create an international consensus that confidential computing is indeed a viable solution—or at least one of the primary solutions. As a representative to ISO, I have already been promoting confidential computing standards for years. I will work closely with colleagues from other leading companies to prepare and promote standards and white papers. Recognition of confidential computing by governments will help pave the way for the wide acceptance of these technologies.

[matguzzo]

Role Nominated For: Vice-Chair

Nominee Name and Affiliation: Mateus Guzzo, TikTok

Short Professional Biography:
Guzzo is a Community and Developer Advocate with over a decade of experience in cross-industry and multi-stakeholder collaboration and communication. Prior to joining TikTok, Guzzo served as a Program Manager at the Berkman Klein Center for Internet & Society at Harvard University, specialized in building multilateral engagement between industry, government, and civil society, with a focus on standarts and open-source solutions. Guzzo’s academic background combines communication and technology, with training from the University of Campinas and the University of California, San Diego. In addition, Guzzo is an Advisory Board Member for OpenUK’s State of Open Conference, contributing to thought leadership in open technology and regulatory innovation.

Contribution Statement/Vision
The CCC's Regulatory and Standards SIG faces the pivotal challenge of building trust and accelerating adoption of confidential computing across the regulatory landscape. This can be achieved by:

• Translating Complex Technology for Regulators: Transforming technical concepts like Trusted Execution Environments (TEEs) and confidential VMs into clear, engaging, and verifiable guidance for regulators and policymakers, ensuring they understand how these technologies protect data-in-use and support compliance with frameworks such as GDPR, DSA, DMA, and the AI Act.
• Establishing a Common Language and Reference Framework: Co-leading the SIG, in partnership with the Outreach Committee, to develop practical resources—white papers, policy briefs, and best practice guides—that demystify confidential computing and provide concrete pathways for compliance and adoption, supporting our ecosystem more broadly. These resources aim at bridging the gap between technical implementation and regulatory requirements, making confidential computing accessible to organizations of all sizes.
• Fostering Multilateral Collaboration: Building open dialogue between technology providers, regulators, and civil society to ensure standards are inclusive, future-proof, and globally aligned. This will include hosting and attending focused events that emphasize the importance of robust and flexible data protection paradigms that adapt to evolving legal landscapes.
• Championing Transparency and Attestation: Promoting transparency through attestation mechanisms, enabling regulators and industry to “trust and verify” that data is processed as intended—addressing persistent concerns about data leakage and unauthorized access, especially in highly regulated sectors such as finance, insurance, and advertising.

My vision is to position the SIG as the trusted space for harmonizing technical innovation with regulatory requirements, acting as a facilitator between regulators and consortium members.