2016-2017 Cybersecurity Fellows
Subject: Internet Infrastructure
Adrienne Allen is a cybersecurity consultant with Slalom Consulting out of San Francisco, where she focuses on risk management and cyber incident response planning in critical infrastructure and innovation-space technology organizations. Formerly a lead associate with Booz Allen Hamilton, Allen worked closely with the Department of Homeland Security and public-private partnerships on IT policy and critical infrastructure cyber risk management. Allen has also worked with international governments and industry bodies to benchmark incident response capabilities and develop national and sector-level cyber incident response frameworks and governance. Allen graduated from the University of Virginia, holds a certificate in applied intelligence from Mercyhurst University, and holds an M.A. in global security strategy from Johns Hopkins University, where she concentrated on internet governance and security policy.
Subject: The Problem of Attribution
Nicole Becher is the Director of Cyber Operations at Fractal Industries. She specializes in application security, red teaming, penetration testing, malware analysis, and computer forensics. Previously, she worked for a financial regulator on cyber-readiness of financial institutions and regulation for bitcoin and virtual currencies. As an adjunct instructor at New York University, Becher teaches courses on offensive and defensive computer security, network security, web application security, and computer forensics. She is also a chapter leader for OWASP Brooklyn (Open Web Application Security Project). Becher is also a fellow of the Madison Policy Forum, a cybersecurity-focused policy group bridging military, government, and industry.
Subject: State and Local Policy on Cybersecurity Insurance for Small Businesses
Regine Bonneau is the founder and CEO of R|B Advisory LLC in Orlando, focusing on cybersecurity, risk management, compliance, forensic audits, privacy, and e-discovery. She also serves as chairperson for project management with the International Consortium of Minority Cybersecurity Professionals. Prior to her work in cybersecurity risk, she worked in mortgage brokerage services and then in forensic underwriting conducting risk assessments on mortgage-backed securities. She has been a keynote speaker for Microsoft during small business week and is a member of the Information System & Technology Program Advisory Committee for South University, as well as numerous groups and associations for risk and cybersecurity. Bonneau was born in Haiti and raised in New York City. She has her master’s degree in accounting and financial management and her bachelor’s degree in business administration and finance from Strayer University. She speaks English, Creole, Spanish, and French.
Subject: Chinese Cyber Governance and Command and Control
John Costello is a Senior Analyst for Cyber and East Asia at Flashpoint. He is a former Congressional Innovation Fellow for majority staff in the U.S. House of Representatives Committee on Oversight and Government Reform. During his time on the Hill John helped investigate the 2015 breach into the Office of Personnel Management and helped oversee Federal IT management. Previously John was a research analyst at Defense Group Inc. where he concentrated on Chinese cyber espionage, information warfare, and intellectual property theft. John is also a US Navy veteran, former NSA Analyst, and is fluent in Mandarin Chinese, having graduated with honors from the Defense Language Institute. John's insights have appeared in Wired, Wall Street Journal, New York Times, Reuters, and Jamestown China Brief. John's research focuses on Chinese cyber forces, evolving technology and innovation environment, and quantum technologies.
Subject: Risk Modeling in Cyber Security
Jason Crabtree is the CEO of Fractal Industries, where he leads an effort focused on developing next-generation operational risk management and situational awareness tools and information sharing in multi-spatial, multi-temporal distributed systems. Crabtree is a licensed professional engineer and complex adaptive systems aficionado with a strong background in modeling, simulation, and data analysis. He also serves as a contributor and consultant for global strategic analysis and geopolitical risk management firms, including Oxford Analytica. Crabtree has worked extensively on large-scale cyberspace modeling, analysis, and risk management technology research, to include supporting ongoing work within the Defense Advance Research Agency's cyberspace portfolio. He earned his master’s in engineering from the University of Oxford and his bachelor’s in civil engineering from West Point.
Subject: Cybersecurity for Multi-Agent Systems in the Internet of Things
Adam Elkus is a Ph.D. student in computational social science at George Mason University. He also currently serves as a technology research analyst for Crucial Point, LLC and as a columnist at War on the Rocks. Elkus's work has been published in Slate, Foreign Policy, Armed Forces Journal, and other publications. He holds a B.A. in diplomacy and world affairs from Occidental College and a M.A. in security studies from Georgetown University. Elkus's research interests are in computational modeling of adversarial decision behavior with multi-agent system models.
Subject: Expanding Cyber Education
Mark Hagerott, CAPT, USN (Ret), is the chancellor of the North Dakota University System, a multiple campus university system, and holds joint academic appointments (nontenure) in both the humanities and engineering schools. Prior to his move to the Dakotas, he served as the deputy director and distinguished professor of cyber operations and policy at the Center for Cyber Studies at the U.S. Naval Academy. Previously, Hagerott spent many years in the Navy as a nuclear engineer and ship commander, and also served as a White House fellow and held posts in strategy and programs in the Pentagon. He is a graduate of the U.S. Naval Academy and holds an M.A. in economics and politics from Oxford University ,where he was a Rhodes Scholar. Hagerott also earned a Ph.D. in science and technology studies from the University of Maryland.
Subject: The Malware Economy
Trey Herr, Ph.D., is a fellow with the Belfer Center's Cyber Security Project at the Harvard Kennedy School. His work focuses on trends in state-developed malicious software, the structure of criminal markets for malware components, and the proliferation of malware. Herr is co-editor of Cyber Insecurity—Navigating the Perils of the Next Information Age, an edited volume on cybersecurity policy. He previously worked with the Department of Defense to develop a risk assessment methodology for information security threats. He holds a Ph.D. and an MA in political science from George Washington University and a BS in theatre and political science from Northwestern University, where he helped found Politics & Policy.
Subject: Securing the Internet of Things
Jason Hong is an associate professor in the Human-Computer Interaction Institute at Carnegie Mellon University. He is also the co-founder of Wombat Security Technologies, a company founded in 2008 to deliver software-based cyber security awareness and training solutions to companies seeking to educate their employees. Hong’s research focuses primarily on usable privacy and security and mobile computing. He is also the author of Design of Sites: Patterns for Creating Winning Websites (Prentice Hall, 2007). Hong is a graduate of the Georgia Institute of Technology and earned his Ph.D in computer science from the University of California at Berkeley.
Subject: Preserving the Common–Insights from Biosecurity
Kendall Hoyt is an assistant professor at the Geisel School of Medicine at Dartmouth where she studies U.S. biodefense policy and biomedical research and development strategy. She is also a lecturer at the Thayer School of Engineering at Dartmouth College where she teaches courses on technology and biosecurity. She is the author of Long Shot: Vaccines for National Defense (Harvard University Press, 2012), and is a visiting researcher at the Centre for Global Health Policy at the University of Sussex. Hoyt received her Ph.D. at the Massachusetts Institute of Technology. Prior to obtaining her degree, she worked in the White House Office of Science and Technology Policy, the Washington, D.C. office of McKinsey and Company, and the Center for the Management of Innovation and Technology at the National University of Singapore.
Alex Kreilein is cofounder and managing partner of SecureSet, which is a Denver-based cybersecurity services company. He serves as chief technology officer to the firm and leads the cybersecurity startup accelerator, which makes strategic investments into early state cybersecurity companies. He leads business development efforts, government engagement, vendor relations, and technical security research. Previously, Kreilein served as a lead cybersecurity strategist at the Department of Homeland Security as a guest researcher for the National Institute of Standards & Technology. He holds an MS from CU Boulder’s College of Engineering and Applied Science and an MA from the U.S. Naval War College.
Robert M. Lee
Subject: Industrial Cyber Security through Education
Robert M. Lee is founder and CEO of the cybersecurity company Dragos Security LLC, a SANS Institute course author and researcher, and a PhD candidate at Kings College London. Robert gained his start in cyber security as an Air Force cyber warfare operations officer in the U.S. intelligence community.
Until January 2017, Michaelidis served as a key Obama Administration communicator on security, public safety, and community preparedness issues. As director of speechwriting for the Department of Homeland Security (DHS) he led message development and coordination across the third largest cabinet-level agency of the federal government. Most recently, he advised top DHS officials on communicating with the private sector and the American public about cybersecurity risks. Before joining the Obama Administration in 2009, Dr. Michaelidis spent a decade creating compelling policy campaigns at a major public research university, influential think tanks, and a growing public affairs firm. An outside foreign policy advisor to the 2008 Barack Obama and 2004 John Kerry presidential campaigns, he has BA and MA degrees from the University at Buffalo, SUNY, and a PhD in history from the University of Maryland, College Park.
Subject: Identifying and Overcoming Barriers to Cleaning up Web-based Malware
Tyler Moore is the Tandy assistant professor of cyber security and information assurance in the Tandy School of Computer Science at the University of Tulsa. His research focuses on the economics of information security, cybercrime measurement, and the development of policy for strengthening security. He is also interested in digital currencies, critical infrastructure protection, and digital forensics. Moore directs the security economics lab at TU and serves as director of StopBadware, a non-profit anti-malware organization. He is a founding editor-in-chief of the Journal of Cybersecurity, a new interdisciplinary journal published by Oxford University Press. Prior to joining TU, he was a postdoctoral fellow at the Center for Research on Computation and Society at Harvard University, the Hess visiting assistant professor of computer science at Wellesley College, and an assistant professor at Southern Methodist University. A British Marshall Scholar, Moore completed his PhD at the University of Cambridge, and he holds BS degrees in computer science and applied mathematics from the University of Tulsa.
Subject: The Market for Vulnerabilities
Katie Moussouris is the founder and CEO of Luta Security, which offers gap analysis and guidance on ISO 29147 vulnerability disclosure. Prior to that, Moussouris helped the U.S. Department of Defense start the government's first bug bounty program, called "Hack the Pentagon" and has worked on Microsoft's bug bounty programs and Microsoft vulnerability research. Moussouris is an invited technical expert selected to assist directly in the U.S. Wassenaar negotiations on the inclusion of intrusion software and intrusion software technology. She is also a subject matter expert for the U.S. National Body of the International Standards Organization and a visiting scholar with the MIT Sloan School, doing research on the vulnerability economy and exploit market. Moussouris is a Harvard Belfer affiliate, and an advisor for the Center for Democracy & Technology.
Sarah Myers West
Sarah Myers West is a doctoral student and the Wallis Annenberg Graduate Research Fellow at the Annenberg School for Communication and Journalism, focusing her work on information controls and Internet governance. She received her BA with distinction in media studies and foreign affairs from the University of Virginia and masters in public diplomacy from the University of Southern California where she was a foreign language and area studies fellow. Her ongoing research centers on the role of technology companies as international political actors, and the implications this has for internet governance, privacy, security, and freedom of expression. In addition, she has worked at the Berkman Center for Internet and Society, is the managing editor for Global Voices Advocacy’s Netizen Report, and joined the Electronic Frontier Foundation in the summer of 2015 as their Google policy fellow.
Subject: State and Local Cybersecurity Efforts
Nussbaum is an assistant professor of homeland security and cybersecurity in the College of Emergency Preparedness, Homeland Security and Cybersecurity at the University at Albany. He is an affiliate scholar at the Center for Internet and Society at Stanford Law School and a senior fellow at the George Washington University’s Center for Cyber and Homeland Security. He is also a 2016 military-business cybersecurity fellow with the Madison Policy Forum. Formerly, he served as senior intelligence analyst with the state of New York’s Office of Counter Terrorism. He has a doctorate and a master’s degree in political science from the Rockefeller College of Public Affairs at the University at Albany, and a bachelor’s degree in political science from Binghamton University.
Subject: Cyber Insurance
Harvey Rishikof is a senior counsel in Crowell & Moring’s Privacy & Cybersecurity and Governments Contracts group in Washington, D.C. He specializes in national security, civil and military courts, terrorism, international law, civil liberties, and constitutional law. Prior to joining the firm, Rishikof was the dean of faculty at the National War College and former chair of the department of National Strategy, legal counsel to the deputy director of the FBI, federal law clerk to Leonard I. Garth (Third Circuit), and AA to the Chief Justice of the United States. He also previously served as dean of Roger Williams University School of Law. Throughout his career, Rishikof has served on numerous committees and held multiple positions in government focusing on cybersecurity investigations. Most recently, he was the senior policy advisor to the National Counterintelligence Executive, the agency responsible for counterintelligence and insider threat management across the federal government. He is a graduate of McGill University and earned an M.A. from Brandeis University, an M.A. from National War College, and a J.D. from New York Law School.
Subject: Wiping Out Low-Level Cyber Crime
Terry Roberts is the founder and president of Whitehawk, Inc. Previously, Roberts was the vice president for cyber engineering and analytics at TASC. From 2009 to 2015, Roberts was the executive director of the Carnegie Mellon Software Engineering Institute, leading the technical body of work for the entire U.S. Interagency and establishing the Carnegie Mellon Cyber Intelligence Consortium and the Emerging Technology Center. Prior to that, Roberts was the deputy director of naval intelligence, where she focused on naval communications, information warfare, and intelligence. Earlier, Roberts served as the director of requirements and resources for the Office of the Under Secretary of Defense for Intelligence. Roberts is the co-chair of the Intelligence and National Security Alliance Cyber Council and four task force efforts, a member of the AFCEA intelligence committee, the naval intelligence professionals board of directors and the cyber education advisory board of directors for the U.S. Naval Academy and Marymount University.
Subject: Artificial Intelligence, Ethics, and Governance in Cybersecurity
Heather Roff's research interests pertain to international ethics, security, and emerging military technology, particularly cyber warfare, lethal autonomous weapons, and unmanned systems. She is also interested in the Responsibility to Protect doctrine, international humanitarian law, and the philosophy of Immanuel Kant. She is a senior research fellow in the department of politics and international relations at the University of Oxford and a research scientist in the Global Security Initiative at Arizona State University. She also is a fellow in New America’s Future of War project.
Subject: Proactive Cyber Threat Intelligence
Paulo Shakarian, Ph.D. is a Fulton Entrepreneurial Professor (tenure-track) at Arizona State University where he directs the Cyber-Socio Intelligent System (CySIS) Laboratory—specializing in cybersecurity, social network analysis, and artificial intelligence. He has written numerous articles in scientific journals and has authored several books, including Elsevier’s Introduction to Cyber-Warfare and Cambridge’s forthcoming Darkweb Cyber Threat Intelligence Mining. He is a recipient of the Air Force Young Investigator award, DURIP award, DoD Minerva award, FOSINT-SI Best Paper, MIT Tech. Review “Best of 2013,” and was a DARPA Service Chief’s fellow. Previously, Shakarian was an officer in the U.S. Army where he served two combat tours in Iraq, earning a Bronze Star and the Army Commendation Medal for Valor. He also worked as an assistant professor at West Point. Shakarian is also the founder and CEO of IntelliSpyre, a firm specializing in cyber threat intelligence mined from the darkweb. Shakarian holds a Ph.D. and M.S. in computer science from the University of Maryland, College Park, and a B.S. in computer science from West Point (with a depth of study in information assurance).
Subject: Women in the Cybersecurity Workforce
Ambareen Siraj, Ph.D. is the director of the NSA/DHS accredited Cybersecurity Education, Research, and Outreach Center at Tennessee Tech University (TTU) and associate professor with the department of computer science at TTU. She is also founder and chair of the Women in Cybersecurity (WiCyS) Initiative. Her research is in the areas of situation assessment in network security, secure communication in smart grid, and security education. She holds a PhD in computer science with a concentration in information assurance from Mississippi State University. She is the program director of NSA/NSF Gen Cyber Camps at TTU. She leads several NSF Projects including “Tennessee Cybercorps: A Hybrid Program in Cybersecurity.”
Subject: Encryption and National Security
Allison Stanger is the Russell Leng ’60 professor of international politics and economics and founding director of the Rohatyn Center for International Affairs at Middlebury College. She is the author of One Nation Under Contract: The Outsourcing of American Power and the Future of Foreign Policy and the forthcoming Life, Liberty, and the Pursuit of Leaks: The Story of Whistleblowing in America, both with Yale University Press. She is working on a new book titled Consumers Versus Citizens: How the Internet Revolution is Remaking Global Security and Democracy’s Public Square. At Middlebury, she teaches courses on the politics of virtual realities and cybersecurity. She is a member of the Council on Foreign Relations and received her Ph.D. in political science from Harvard University.
Subject: Cybersecurity at the State Level
David Weinstein is the chief technology officer for the state of New Jersey. Prior to this June 2016 appointment, Weinstein served as New Jersey’s chief information security officer and cybersecurity advisor with the New Jersey Office of Homeland Security and Preparedness. Outside of Trenton, Weinstein was a senior civilian at United States Cyber Command in Fort Meade, Md., as well as a cyber risk consultant with Deloitte and Touche. Weinstein has been recognized by Forbes as a “top 20 cyber policy expert” and he is an “influencer” for the Christian Science Monitor’s security and privacy project. He is the author of the forthcoming chapter “Information Sharing at the State and Local Level,” published in Cyber Insecurity: Navigating the Perils of the Information Age (Rowan & Littlefield Publishers, Inc.).
Also affiliated with the Cybersecurity Fellowship at New America:
Josephine Wolff is entering her second year as a New America national fellow, for which she will write a book about a series of cybersecurity incidents over the course of the past decade, tracing their economic and legal aftermath and their impact on the current state of technical, social, and political lines of defense. She received her Ph.D. from MIT in 2015 and is joining the Rochester Institute of Technology faculty in the public policy and computing security departments. She is also a faculty associate at the Harvard Berkman Center for Internet & Society. Her writing has appeared in Slate, The Atlantic, Scientific American, The New Republic, Newsweek, and the New York Times Opinionator blog. She has an A.B. in mathematics from Princeton University.