Capturing the Expertise of Cybersecurity Incident Handlers

August 2015 • Podcast

Presenter Samuel J. Perl, Richard O. Young Interviewer Julia H. Allen

In this podcast, Dr. Richard Young, a professor with CMU, and Sam Perl, a member of the CERT Division, discuss their research on how expert cybersecurity incident handlers react when faced with an incident.

Publisher:

CERT

Subjects

Incident ManagementIncident Management

Listen

Abstract

In this podcast, Dr. Richard Young, a professor with Carnegie Mellon’s Tepper School of Business, teams with Sam Perl, a member of the CERT Division’s Enterprise Threat and Vulnerability Management team, to discuss their research on how expert cybersecurity incident handlers think, learn, and act when faced with an incident.

The research study focuses on critical cognitive factors that such experts use to make decisions when faced with a complex incident, including how to deal with critical information that is missing. Study results may be used to enhance the knowledge and skills of less experienced responders.

About the Speaker

Samuel J. Perl

Samuel J. Perl is a member of the CSIRT (Computer Security Incident Response Team) development team within the CERT® Division at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. He has been with CERT since 2011 and has worked in a variety of areas, including insider threat, vulnerability assessment, security incident data analysis, and incident management team development. Prior to joining CERT, Perl gained over 10 years of industry experience working with client organizations to manage their most challenging IT security risk issues. Perl holds a Master of Science degree in Information Security Management and a Bachelor of Science in Information Systems from Carnegie Mellon University.

Richard O. Young

Richard O. Young is Teaching Professor of Management Communication at the Tepper School of Business, Carnegie Mellon University in Pittsburgh, PA. He received his Ph.D. in Rhetoric from Carnegie Mellon in 1989 with a dissertation on the cognitive processes of expert and novice management consultants and their clients. Young is a regular presenter at national conferences on business communication. He is also the author of How Audiences Decide: A Cognitive Approach to Business Communication (2011). His current research focus is cybersecurity expertise and the shared mental models of cybersecurity teams.

Julia H. Allen

Julia Allen is a principal researcher within the CERT® Division at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. Allen’s areas of interest include operational resilience, security governance, and measurement and analysis. Prior to this technical assignment, Allen served as acting director of the SEI for an interim period of six months as well as deputy director/chief operating officer for three years. Her degrees include a Bachelor of Science in Computer Science (University of Michigan) and a Master of Science degree in Electrical Engineering (University of Southern California). Allen is the author of The CERT Guide to System and Network Security Practices (Addison-Wesley 2001) and moderator for the CERT Podcast Series: Security for Business Leaders. She is a co-author of Software Security Engineering: A Guide for Project Managers (Addison-Wesley 2008) and CERT Resilience Management Model (RMM): A Maturity Model for Managing Operational Resilience (Addison-Wesley 2010).

Software Engineering Institute