The Founders
Four original members, known as The Founders, founded The SABSA Institute as a vehicle to develop and promote the SABSA education and training programme, and to be the centre for on-going research and development of the SABSA IP. It existed at first as a concept from 2007 but was formally incorporated as a Community Interest Company under UK company law on 11th March 2013. The founders are David Lynas and Zika Milenkovic, as well as John Sherwood and Matt Whelan (both deceased).
Matt Whelan passed away after a long illness before we could bring the Institute to full incorporation, but his huge contribution to the development process is remembered in the annual prize awarded for the “Best” Advanced SABSA Exam Answer submitted by SABSA Practitioner or Master candidates. “Best” does not necessarily mean the exam answer receiving the highest mark from examiners. Rather, to commemorate the enormous contribution by our greatly missed colleague and fellow founder Matt Whelan, the Founders, with the support of the Whelan family, evaluate exam answers that reflect Matt’s defining characteristics including: innovation, determination and succeeding against the odds.
The prize is known as “The Founders’ Matt Whelan Commemorative Award” and has a cash value of GBP 500. The annual period for the award now runs from 1st October to 30th September, and the award is announced at the Gala Dinner at COSAC (Republic of Ireland) each year.
Board of Trustees
Currently in 2026 the international Board of Directors comprises the following members:
David Lynas CEO, The SABSA Institute (UK) David has over 43 years of experience in Information Security. He is a co-author of the SABSA Blue Book and “Enterprise Security Architecture”, as well as the Head of the SABSA Institute. He is also the Founder and Chairman of COSAC and SABSA World Congress.
|
|
Subsequently Zika was co-founder with Catalina Lechner in 1994 of ALC Training (www.alctraining.com.au) providing IT seminars throughout Australia, New Zealand and Asia-Pacific. ALC had a number of firsts including: first seminar in Australia on the internet (November 1994); first seminar in Australia on eCommerce (May 1998); seminars on information security as early as 1995 (including seminars with John Sherwood); launched ITIL in Singapore and Malaysia (July 1998). With business partner Matt Whelan, ALC held the first SABSA Foundation certificate courses in the world in Sydney (March 2007) and Singapore (May 2007). |
Managing Director, ALC Group (Australia) Gareth Watters
Gareth Watters is a Graduate of the Australian Institute of Company Directors (GAICD), has been a company director for 10+ years, and is a cybersecurity expert with a technology career spanning 20+ years. Gareth’s background has included security architecture, design, operations, and engineering, as well as Governance, Risk and Compliance (GRC) consulting experience. He also has experience in Enterprise Security Architecture (ESA), Managed Security Services (MSS), Cloud Security and securing Operational Technology (OT).
Kathleen Mullin
CIO | CISO MyCareGorithm (USA) Kathleen Mullin is an influential Information Security practitioner and international speaker with 25+ years of experience in Accounting, Internal Audit, Information Technology and Cybersecurity. Her credentials include an MBA as well as CISSP, CDPSE, SABSA SCF, and NACD.DC certifications.
She has been CISO at various organisations, focusing primarily on healthcare. Most recently, she is CIO|CISO for MyCareGorithm.
Throughout her career, Kate has volunteered and contributed to Information Security as a profession, including serving on multiple Board and Advisory positions. Currently, she is Chair of The SABSA Institute EMEA-NA Liaison Group.
Email: kathleen.mullin@sabsainstitute.org
Glen Bruce
Glen Bruce has over 50 years of in-depth experience in IT and Security consulting, systems management and technical implementations. He spent the first 20 years of his career developing and supporting Canada-wide online Insurance and Banking systems and networks, which included programming the first online, full function ATM in Canada over 47 years ago. For the last 30 years, Glen has acted as an Information and Cyber Security Consultant for major organisations such as HP, IBM and Deloitte. He was a key member of the team that developed the global security architecture methodology used by IBM Global Services to deliver security architectures worldwide. Glen has also co-authored the book, ‘Security in Distributed Computing: Did You Lock the Door?’ which was published by Prentice-Hall.
Glen is the previous Chair of The SABSA Institute EMEA-NA Liaison Group and presently leads the SABSA Enhanced NIST Cybersecurity Framework (SENC) Working Group of TSI. Glen holds numerous security certifications and has maintained his CISSP certification for over 25 years.
Regular Board teleconference meetings are held on the fourth Monday of each calendar month, and two face-to-face meetings are held in early October at COSAC in the Republic of Ireland, and in early March at COSAC APAC in Australia each year.
Advisory Council
The Advisory Council will be a panel of industry experts invited by the Board of Trustees to provide strategic advice to the Board. It will have an advisory function only and will have no powers of direct governance. However, it will provide the Board of Trustees with an independent source of input to keep in touch with the evolving world stage for risk management and security.
SABSA Academic Board
The Academic Board oversees all matters concerning the SABSA Education, Training and Certification programme. This Board comprises the Chief Education Officer, the Chief Architect, the Deputy Chief Architect and all accredited trainers. The Chief Education Officer is the chair of the Academic Board.
The Chief Education Officer is responsible for the development, approval and management of all education and training IP materials and is accountable to the Board of Trustees for maintaining the high quality of these materials. The Chief Education Officer coordinates all development activities regarding new training materials and new courses, and refreshing previous course versions with new IP or improved presentation materials.
The role of the Academic Board is to ensure that all training materials conform and are consistent with the definitive SABSA IP Body of Knowledge and Competencies, as approved by the Chief Architect and the Chief Education Officer.
The Board of Trustees only oversees education and training materials by ensuring that the relevant subject matter expertise has been deployed in the development and approval of the courseware, and that well-defined processes are in place and are followed to achieve this. SME content development and approval of the courseware is the role of the appointed subject matter experts and the Academic Board.
The Academic Board is responsible for reviewing, contributing to and developing the learning objectives in the Competency Framework, under the leadership of the Chief Education Officer, who has ultimate accountability to the Board of Trustees for the content and quality of the Competency Framework.
The Academic Board is also responsible for ensuring that all training materials are ‘teachable’ and address the required competencies, and that all trainers are competent to teach the courseware. The Chief Education Officer is accountable to the Board of Trustees for these matters.
Working Groups and Intellectual Property Development
The Chief Architect (assisted by the Deputy Chief Architect) co-ordinates the initiation of new IP development projects (except the development of new education and training materials). Each project has a working group of members of The SABSA Institute who are subject matter experts (SMEs) in the relevant field.
The Board of Trustees approves the formation of IP Development Working Groups. Any new project must first produce a Project Charter setting out the scope and goals of the project. The Board of Trustees must approve this Project Charter for it to be valid. A detailed process is used to ensure that project charter development and approval is consistent and fair across all projects.
The Chief Architect is responsible and accountable for coordinating the development of the Project Charter and submission to the Board of Trustees for approval. After Board approval the Project Charter may be published.
Work in progress may not be published until it has been finalised and approved for release by the Board of Trustees. All applicable processes must be completed at the appropriate stages of the development, approval and publication of new IP.
All work in progress must be marked as ‘Confidential’ and all members of working groups must be made aware that leaked publications are a serious violation of trust that have the potential for bringing the reputation of TSI into question. The Board of Trustees is accountable and responsible for protecting the reputation of TSI, by ensuring that there are in place adequate processes for controlling the development, approval, release and publication of SABSA IP.
The Board of Trustees has final approval rights on the release of new IP to ensure that the highest possible quality is maintained and that no materials are released that may have a negative impact on the reputation of TSI. The Board of Trustees will pay attention to the acceptability of official SABSA IP materials in all cultures around the world. The Board of Trustees will also pay attention to all legal matters pertaining to the publication official SABSA IP, such as: Do we own it? Are we violating anyone else’s copyright? Is it libellous or defamatory? Is it legal?
The Board of Trustees only oversees subject matter expert (SME) content by ensuring that the relevant subject matter expertise has been deployed in the development and approval of the IP materials, and that well-defined processes are in place and are followed to achieve this. SME content development and approval is the role of the appointed subject matter experts.
Members of the Board of Trustees may also be SMEs in some areas, but they should ensure that they segregate their different roles according to the specific processes in which they play these roles.
In cases where The SABSA Institute decides to collaborate with another similar organisation (such as The Open Group) there must be a formal legally binding agreement between the two organisations on the roles and responsibilities of the participant organisations and on the ownership of IP that will arise from the collaboration.
The Chief Architect is responsible and accountable for ensuring that the development and approval processes have been followed, and for reporting to the Board of Trustees in documented form on the completeness of the processes. All decisions must be traceable prior to approval by the Board of Trustees of new IP for release and publication (except education and training IP materials, which fall under the remit of the Chief Education Officer).
The Chief Architect will report periodically to the Board of Trustees on progress in active projects. These reports will be status reports, not content reports.