research & standards

A Plethora of Standards and Guidance for OT / IoT Security In my research into OT and IoT systems security, I have come across a plethora of guidance and standards from various organizations and standards bodies. To some extent, this wide range of guidance is difficult to get your arms around to figure out what […]

Recently, I was talking with my daughter, the engineer, about testing. She is the lead engineer for payload integration and test for a large NASA space telescope. Our discussion got me to thinking about cyber testing and test metrics. From her space telescope perspective, it is very expensive to conduct tests, with some tests requiring […]

Many years ago I was hosting a series of workshops on a variety of security topics. One of those topics dealt with role-based, attribute-based, and policy-based access control approaches and I was lucky to get Mr. Dave Ferraiolo as one of my presenters for the workshop. Dave has been a long-time evangelist for NIST on […]

Autonomous vehicles (AVs) have been given considerable attention lately, and for good reason, as large tech giants such as Google, Apple, Amazon and of course Tesla have invested hundreds of millions into the development of AVs. More than 60 cities around the globe have driverless car testing programs either ongoing or in preparation, and nearly […]

I have always had a deep appreciation for the skills of a good pentester. However, elite pentesters – those who rule their craft and make magic happen on their keyboards – are generally quite rare.  So I was excited when I met one – the subject of this interview – at a recent Dreamport session. […]

I attended my first DHS S&T Showcase 3 years ago and since then I have looked forward eagerly each year to see what new cyber technologies are emerging from the shadows due to the funding provided by DHS. DHS S&T steps in to help cyber start-ups and government researchers in many ways to get new […]

I have attended several conferences where researchers and practitioners describe some type of early warning system for cyber attacks. Some predictive systems involve the sharing of threat intelligence of attackers’ TTPs; others involve forecasting of cyber attacks based on data from network telescopes, honeypots, and automated intrusion detection / prevention systems; some use information from […]

I recently attended the Fifteenth Annual Forum on Financial Information Systems and Cybersecurity: A Public Policy Perspective at the University of Maryland. The forum was hosted by Professors Lawrence A. Gordon, Martin P. Loeb, and William Lucyshyn. You may remember the interview I did with Professor Gordon a while back on his collaboration with Professor […]

In my research on various security topics I kept running across the work of Professor Al-Shaer, whether I was investigating SDN and security, security automation and orchestration, network resiliency, IoT security, autonomous security, and much more. So I was delighted to meet him in person when we both attended the same conference this fall. His […]