Meet the Chairs: Working Group 4 Privacy and Security

The ISAO Standards Organization is continuing its blog series, Meet the Chairs, to celebrate the men and women who have volunteered their time to develop voluntary standards and guidelines for the creation and functioning of ISAOs. The Privacy and Security working group, led by David Turetsky, Carl Anderson, and Norma Krayem, have an enormous amount of experience and are valued as leaders in the organization. All were active in writing and editing ISAO SP 4000: Protecting Consumer Privacy in Cybersecurity Information Sharing and ISAO SP 8000: FAQs for ISAO General Counsels. They are currently working on ISAO 400-1: State and Local Jurisdictions: Cybersecurity and Privacy Information Sharing Measures.



David Turetsky brings more than 35 years in senior roles in business, government, the legal industry, and now academia. He is Professor of Practice at the College of Emergency Preparedness, Homeland Security and Cybersecurity at the University at Albany, part of the State University of NY. Before that, he was co-leader of global law firm Akin Gump’s cybersecurity, privacy and data protection practice, which he joined after serving as a senior official with the Federal Communications Commission (FCC).  Most of his FCC tenure was spent as Chief of the Public Safety and Homeland Security Bureau. In that capacity he led the FCC’s efforts to improve the nation’s cybersecurity and represented the FCC in White House–led interagency policymaking, including to implement the President’s Executive Order on Improving Critical Infrastructure Cybersecurity and the Presidential Policy Directive on Critical Infrastructure Security and Resilience, and as a member of the Executive Committee created by the President’s Executive Order on National Security and Emergency Preparedness Communications.

Mr. Turetsky has also served as a senior officer of a broadband telecom services provider that he helped to bring public; as the federal-court appointed Management Trustee to run mobile wireless communications services businesses in certain rural areas until divested to preserve competition pursuant to merger consent decrees; in the U.S Department of Justice as Deputy Assistant Attorney General for Antitrust, for civil and regulatory; and in a variety of other law firm, entrepreneurial, and public policy-focused roles.

In addition to attaining his B.A. from Amherst College, magna cum laude, and his J.D. from the University of Chicago Law School, Mr. Turetsky also studied at the London School of Economics and Political Science from 1977 to 1978.



Carl Anderson is HITRUST’s Chief Legal Officer and Senior Vice President of Government Affairs.

In this role, Anderson is responsible for the company’s corporate, external, government, and legal affairs. Anderson plays a key role at HITRUST, leading a team that is responsible for the company’s legal work, its intellectual property portfolio, global security, privacy, and public policy.

Anderson joined HITRUST in 2017.  Previously he served as a Vice President at Van Scoyoc Associates where he used his legislative and executive branch experience to create tailored government relations strategies to achieve results for his clients.  As Van Scoyoc, he served on the firm’s Crisis Management Team, managing congressional relations during client investigations and public relations efforts.

Before joining Van Scoyoc Associates, Anderson served as a counsel for the House Committee on Energy and Commerce where he managed many high profile industry investigations.  Upon graduating from law school, he was selected into the United States Department of Justice Attorney General’s Honors Program.  Anderson was appointed a Special Assistant U.S. Attorney for the District of Columbia in 2007.

Anderson is a native Washingtonian.  He received his J.D. from the Columbus School of Law at Catholic University and a B.A. from Virginia Tech.



Norma Krayem serves as Senior Policy Advisor and Co-Chair of the Cybersecurity and Privacy Team at Holland & Knight.  Ms. Krayem has held executive-level positions in the U.S. Departments of State, Commerce, and Transportation, as well as a consultant at the Federal Emergency Management Agency.  She has more than 20 years of experience in the national and international arena, having served both in government and the private sector. She works with public sector and Fortune 500 clients to develop strategies designed to build and maintain a competitive edge. She specializes in the impacts of cyber and privacy issues in critical sectors, including banking and financial services, insurance, energy, communications, health, transportation and many others.

Using her diverse experience, she helps clients navigate complex national and international issues, utilizing creative, leading-edge and practical approaches to solve problems. Key to this is the ability to help clients understand current and evolving policy and regulatory regimes that go hand-in-hand with new dynamic technology solutions, including FinTech, multifactor authentication, Smart Grid, intelligent vehicles (V2V and V2I), Health Information Technology and much more. Inherent to this is an understanding on the need to manage the new world of “Big Data” and the “Internet of Things,” and helping clients focus the need for both “privacy by design” as well as “security by design.

She works closely with key decision makers in Congress, White House, DHS, Treasury, DOC, DOT, DOE, DOD, HHS as well as the FCC, SEC, NRC, FERC and many more.