2017 Science of Security Summer Workshop @ NCSU

Wednesday, June 21

Despite the resources dedicated to cyber security research and development, many of the core problems in cyber strategy have received little attention. Phrases such as "the human attack surface", "optimizing security through obscurity", and "vulnerability portfolio entropy" may sound like misnomers but are quite useful for reasoning about cyber strategy. My talk will cover numerous methodologies, tools, and results that my company has developed and used for building AI, models, and serious games to help large organizations reason about cyber defense, attack, exploitation, and the underlying economics.

Analysis of SoS Lablet security papers/articles: Collaborative Activity - Laurie Williams

• Security Paper Rubric
• Paper Evaluation Form
• Humans hard problem Lablet paper
• Metrics hard problem Lablet paper
• Policy hard problem Lablet paper
• Resilience hard problem Lablet paper

Analysis of external security papers/articles: Collaborative Activity - Munindar Singh

• Humans hard problem external paper
• Metrics hard problem external paper
• Policy hard problem external paper
• Resilience hard problem external paper

Thursday, June 22

Many of the security problems organizations and users face today are caused by vulnerabilities in application software. Yet all too often, software security focuses on detecting vulnerabilities after they have been implemented, rather than preventing such vulnerabilities from being committed in source code to begin with. My research group is examining a developer-centered approach to application security, examining how to provide interactive security tools for developers that support them in preventing and remediating vulnerabilities in the context of their existing tools and processes. The goal is to engage developers in the software security endeavor through interactive support at various touchpoints within the development lifecycle.

Industry Panel

• Tony Jeffs, Cisco Systems
  • Responsible for Cisco’s Advanced Cyber Security Research Team
  • Experience in IT, Supply Chain, and Semiconductor Manufacturing
  • Background in Secure Development Methodology, Product & Business Development, Product Management, and Operations
• Charlotte Scheper, RTI
  • Program director in RTI’s Research Computing Division
  • Experience in developing and managing research programs
  • Background in system development and assessment methods for dependable systems, data sharing frameworks for cyber security, and system security certification
• Pyreddy Reddy, NC Department of Heath and Human Services (DHHS)
  • Chief Information Privacy and Security Officer
  • Responsible for Privacy and Security initiatives for DHHS
  • Responsible for federal, state and department privacy and security regulatory requirements – HIPAA, IRS, SSA, VR
• Jacquie McKenna, Credit Suisse,
  • Senior Cyber Threat Intelligence Analyst. 
  • Experience in developing people, processes and technology related to cyber intelligence operations. 
  • Background in intelligence analysis and cryptologic linguistics within the US government intelligence apparatus.

Questions to seed the discussion:

• What do you perceive as the most significant security problem(s) in your organization and/or business domain?
• What can academic researchers do (or not do) to build better collaborative partnerships with industry or government agencies?