Current Work
Some of My Latest Projects
Book Project: Cyber Vaccines
Embracing cyberattack strategies for cyberdefense
This book describes my latest line of research on both technical and social cyber vaccines. I re-engineer strategies used by attackers and turn them against the hackers.
Research Paper: Defensive Social Engineering
Negotiating with cyber terrorists using social engineering techniques
Most attacks begin with some type of social engineering, which involves manipulating the victim on the other side of a keyboard to disclose information. We can turn social engineering around and use it against the hackers using a negotiation framework.
Book Project: Executive Handbook for Cyber Risk Management
Briefing executive leadership on the fundamentals of cyber risk
This book provides an overview of what executives need to know about cyber risk management. We answer essential questions leadership will be asked by employees, shareholders and the board on cyber risk.
Research Paper: The Vaccum of Space Cybersecurity
Identifying the gaps and recommending solutions for Space Asset and Satellite Cybersecurity
We interact with satellites and space assets almost every day without even realizing it. These systems are often entirely insecure. I identify gaps and offer recommendations for building a Space System ISAC.
Research Agenda: Cyber Risk and Cyber Insurance
Establishing a research agenda and framework for thinking about cyber risk and cyber insurance issues
Collaborating with Swiss Re and other leading insurance and reinsurance providers, we are developing a comprehensive roadmap to systematically address cyber risk as a research topic.
Research Paper: Transforming Cyber Security Education
Conducting trials of new cyber security education strategies called High Fidelity Live eXercises (HIFLIX)
Collaborating with NASA JPL and CyberSecurity@CSAIL, we tested and documented a new form of cyber education that involves a montessori-approach to teaching cybersecurity skills. HIFLIX involves real system environments for hands-on education benefiting both students and the system owners/operators.