10 Jan 2019
At least three times during a tenure track, Adelphi University grants all
tenure track faculty at the ability to reduce teaching load by three credits
in order to focus on research.
This semester, I received my second research release. I intend to spend it
on a few projects:
-
Phishing is commonly accepted as the most effective initial attack
vector by which organizations are breached. There is much anecdotal “lore”
as to how to improve the ability of human actors to recognize scams, but, in
fact, not a great amount of research has been conducted in this field. I
intend to develop a few ideas and field-test them
-
Conceptual modeling is a technique used to enhance our understanding of
complex systems. In our world, Threat Modeling is a frequently
recognized term. Can current threat modeling techniques be improved?
-
One of the foundational concepts of CSIRTs was that, through information
sharing, threats would be identified early enough to be mitigated on time.
Today, many vendors sell “Threat Intelligence”. But, is there a good
understanding as to what constitutes good threat intel? How can
SOCs use threat intelligence more effectively?
-
What does a typical workflow of a SOC look like? How can those workflows
managed more effectively?
In all of these projects, I hope to include students. If you are interested
in any of these topics, please stop by my office!
04 Apr 2018
My students and I were featured in the newsletter of Adelphi University’s
president, Dr. Riordan.

The article describes work I have been doing with Jai Punjwani and Mateusz
Gembarzewski on electronic voting and blockchain approaches to maintain the
votes register, and on work I have been doing with Vlad Verba, in which we
dive into the world of speech-enabled devices, such as Google Home and
Amazon Alexa.
08 Oct 2017
SIGITE 2017 has wrapped up and the
conference
proceedings
have been published.
Our paper is available here,
or in the ACM Digital
Library.
24 Jul 2017
During the Spring semester of the 2016/2017 academic year, I collaborated
with Salvatore
Petrilli
(Adelphi University, Mathematics) on a study that investigated if realistic
gamified simulations of cybersecurity attack scenarios enhances outcomes of
cybersecurity education. Such simulations are increasingly popular in
cybersecurity training and are referred to as Capture-the-Flag (CTF)
sessions.
Intuitively and anecdotally, the answer is affirmative. It only makes
sense that playing a game based on realistic scenarios has a positive
outcome of a player’s abilities.
However, as important as intuition is, science looks for measurable facts.
Our study was designed to look at a few criteria:
- Do students enjoy the subject matter more by participating in a CTF?
- Does participating in a CTF deepen understanding of theoretical
cybersecurity concepts?
- Does participating in a CTF develop offensive and defensive cybersecurity skills?
While our sample size was relatively small, the study confirmed that
participating in a CTF does indeed, through enjoyment and engagement,
students are willing to spend more time on mastering the practical skills
discussed in class. Our research were less definitive about deepening
theoretical understanding, but we are currently designing a follow-up study
that focuses on those aspects.
Based on our study, we wrote a paper that will be published in the
conference proceedings of the Special Interest Group for IT Education
(SIGITE) and Research in Information Technology (RIIT), which is part of the
Association for Computing Machinery (ACM).
When the paper is published, I’ll post full details here.
21 Jul 2017
I was fortunate enough to have been able to spend this past week at
Brookhaven National Laboratories with several of my
Adelphi colleagues. Brookhaven (BNL) is one of 17 U.S. National Laboratories
that is tasked by the Department of Energy to conduct research in a wide
range of topics.

BNL describes its mission as “to advance fundamental research in nuclear and
particle physics to gain a deeper understanding of matter, energy, space,
and time; apply photon sciences and nanomaterials research to energy
challenges of critical importance to the nation; and perform
cross-disciplinary research on climate change, sustainable energy, and
Earth’s ecosystems.”
We spent the week learning how BNL could benefit from introducing more
scientific computing into academic curriculae.
Scientific Computing is an interesting field, since it brings together the
Sciences (biology, physics, chemistry, etc.) with Computer Science and
Mathematics. Most cutting-edge research requires researchers to be
proficient in mathematical and computational techniques. Unfortunately, that
is not always how colleges and universities teach their undergraduate
students.
By engaging in a week-long workshop with colleagues from different
disciplines, we developed a deeper (and better) mutual appreciation of the
nature of the work that we all do, and we identified a variety of skills
that may be useful across the disciplines.
We have some ideas how we can improve ways in which we collaborate, and how
we can incorporate teaching scientific computing in our daily practices. It
was a week well spent.
Updated July 22, 2017: Typo fixes