05 Apr 2019
My students and I were featured in the news of Adelphi University’s
president, Dr. Riordan.
The
article
is part of a series of experiential learning at Adelphi University.
It describes how work done in IT to conduct ongoing phishing awareness training
to Adelphi employees trickled into the classroom, and continued on work that
I have been doing with two of my students. For their senior project, the
students are working on developing a gamified phishing similation platform.
27 Feb 2019
CFO Magazine is a monthly magazine that writes for
chief financial officers and other financial executives in companies in the
U.S. Some time ago, the magazine’s deputy editor, David
Katz, interviewed
me. What started out as a general discussion about managing cyberrisk
started to focus on the changing landscape of how cyberdefense influences
system architecture. Specifically, we ended up discussing the
BeyondCorp
model that is often associated with deperimeterization and zero-trust.
Katz took these ideas and wrote them up in a very nice article that was
published on February 26, 2019. The article, The Other Side of the
Network
is available online.
10 Jan 2019
At least three times during a tenure track, Adelphi University grants all
tenure track faculty at the ability to reduce teaching load by three credits
in order to focus on research.
This semester, I received my second research release. I intend to spend it
on a few projects:
-
Phishing is commonly accepted as the most effective initial attack
vector by which organizations are breached. There is much anecdotal “lore”
as to how to improve the ability of human actors to recognize scams, but, in
fact, not a great amount of research has been conducted in this field. I
intend to develop a few ideas and field-test them
-
Conceptual modeling is a technique used to enhance our understanding of
complex systems. In our world, Threat Modeling is a frequently
recognized term. Can current threat modeling techniques be improved?
-
One of the foundational concepts of CSIRTs was that, through information
sharing, threats would be identified early enough to be mitigated on time.
Today, many vendors sell “Threat Intelligence”. But, is there a good
understanding as to what constitutes good threat intel? How can
SOCs use threat intelligence more effectively?
-
What does a typical workflow of a SOC look like? How can those workflows
managed more effectively?
In all of these projects, I hope to include students. If you are interested
in any of these topics, please stop by my office!
04 Apr 2018
My students and I were featured in the newsletter of Adelphi University’s
president, Dr. Riordan.
The article describes work I have been doing with Jai Punjwani and Mateusz
Gembarzewski on electronic voting and blockchain approaches to maintain the
votes register, and on work I have been doing with Vlad Verba, in which we
dive into the world of speech-enabled devices, such as Google Home and
Amazon Alexa.
08 Oct 2017
SIGITE 2017 has wrapped up and the
conference
proceedings
have been published.
Our paper is available here,
or in the ACM Digital
Library.