ACM CODASPY ‘20 is the 10th ACM Conference on Data and Application Security and Privacy. Sung Kim and I have been working on some research involving creating models that can be used in proactive cyber defense practices. We will be presenting at the conference on March.
ACM Inroads, a peer-reviewed magazine serving professionals interested in advancing computing education on a global scale, published an article I wrote together with Sal Petrilli.
The title of the article is The computing orientation seminar and it is available in the ACM Digital Library.
My students and I were featured in the news of Adelphi University’s president, Dr. Riordan.
The article is part of a series of experiential learning at Adelphi University.
It describes how work done in IT to conduct ongoing phishing awareness training to Adelphi employees trickled into the classroom, and continued on work that I have been doing with two of my students. For their senior project, the students are working on developing a gamified phishing similation platform.
CFO Magazine is a monthly magazine that writes for chief financial officers and other financial executives in companies in the U.S. Some time ago, the magazine’s deputy editor, David Katz, interviewed me. What started out as a general discussion about managing cyberrisk started to focus on the changing landscape of how cyberdefense influences system architecture. Specifically, we ended up discussing the BeyondCorp model that is often associated with deperimeterization and zero-trust.
Katz took these ideas and wrote them up in a very nice article that was published on February 26, 2019. The article, The Other Side of the Network is available online.
At least three times during a tenure track, Adelphi University grants all tenure track faculty at the ability to reduce teaching load by three credits in order to focus on research.
This semester, I received my second research release. I intend to spend it on a few projects:
Phishing is commonly accepted as the most effective initial attack vector by which organizations are breached. There is much anecdotal “lore” as to how to improve the ability of human actors to recognize scams, but, in fact, not a great amount of research has been conducted in this field. I intend to develop a few ideas and field-test them
Conceptual modeling is a technique used to enhance our understanding of complex systems. In our world, Threat Modeling is a frequently recognized term. Can current threat modeling techniques be improved?
One of the foundational concepts of CSIRTs was that, through information sharing, threats would be identified early enough to be mitigated on time. Today, many vendors sell “Threat Intelligence”. But, is there a good understanding as to what constitutes good threat intel? How can SOCs use threat intelligence more effectively?
What does a typical workflow of a SOC look like? How can those workflows managed more effectively?
In all of these projects, I hope to include students. If you are interested in any of these topics, please stop by my office!