Cyber Supply Chain Committee

The Supply Chain Committee’s goal is to facilitate industry, government, and academia interaction in policy, legislative, legal and technical areas directly related to increased resiliency and protecting against supply chain cyber threats and vulnerabilities.  Such interaction is intended to promote the development of a secure, resilient and reliable supply chain and to provide for an exchange of information and views between industry, academia, government and military representatives.  The effective cooperation between these groups is essential to establish and maintain U.S. superiority in supply chain cyber security.


John Serrano, Mission Assurance Supplier Management, Missile Defense & Protective Systems Division, Northrop Grumman

Jeff Chang, Principal Information Assurance Engineer and Supply Chain Cybersecurity Officer, Lockheed Martin,


John Serrano
John Serrano is the Northrop Grumman Missile Defense & Protective Systems Division Mission Assurance Supplier Management point of contact in Huntsville,  Alabama. John helped develop Northrop Grumman Mission System’s Sector Cybersecurity Supply Chain Risk Management policies and procedures and has developed plans for several programs and proposals. John started working for Northrop Grumman in 1999 as a Reliability Engineer and has held various positions to include Senior Quality Engineer, Software Quality Engineer, and Supplier Quality Assurance. John is both a hardware and software quality engineer with certifications for AS9100 and CMMI L5.

John has a Masters of Science degree in System Engineering, and a Bachelors of Science  in Industrial Engineering from the University of Alabama in Huntsville. John also is certified by the American Society of Quality (ASQ) in Reliability, Quality, and he is a Six Sigma Black Belt

Jeff Chang
Jeff is a Principal Information Assurance Engineer and Supply Chain Cybersecurity Officer within Lockheed Martin. He has 30 plus years of experience in Information Assurance and Technology, Supply Chain Management and Operational Improvement.  By working closely with Corporate Information Security, Programs, Buyers/Subcontract Administrators, Lockheed Martin Suppliers and Exostar (3rd party secured acquisition portal provider), Jeff has been able to formulate an integrated Supply Chain Cyber Risk Management framework to manage Supply Chain cyber risks while ensuring Supply Chain compliance with internal acquisition procedures as well as FAR and DFAR regulations and NIST SP 800-171 requirements. 

Jeff holds a Bachelor of Science degree in Computer Science from Long Island University and a Master’s degree in Organizational Leadership and Strategic Change from University of Denver.  Jeff is also a trained Lean Six Sigma Master Black Belt.