Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library


How to Be a Network Traffic Analyst

  • “Part of it is the ability to use a wide variety of tools to answer questions about what is happening on the network and to figure out ways to go past inference and supposition and to get facts that can actually provide support for the hypothesis that you’re coming up with.
  • Watch

  • Listen

    Loading Podcast.....
  • Related

  • Abstract

    We are now in the zettabyte ([ZB]; 1000 exabytes [EB]) era with annual global IP traffic expected to reach 3.3 ZB per year by 2021, according to Cisco. The role of the analyst in capturing and evaluating ever-increasing volumes of network traffic enables defenders of large-scale organizational networks to generate security alerts and identify intrusions. To achieve network situational awareness, organizations must understand the mission activity on their network and the threats to that activity (referred to as network situational awareness). In this podcast, Tim Shimeall and Timur Snoke, researchers in the SEI’s CERT Division, examine the role of the network traffic analyst in capturing and evaluating this data.

  • Transcript
  • Audio

About the Speaker

  • Timothy J. Shimeall

    Timothy J. Shimeall is a senior member of the technical staff with the SEI’s CERT Division where he oversees and participates in the development of analysis methods in the area of networked systems security and survivability. His work includes development of methods to identify trends in security incidents and in the development of software used by computer and network intruders. Of particular interest are incidents affecting defended systems and malicious software that are effective despite common defenses.
    Before joining the SEI, Shimeall was an associate professor at the Naval Postgraduate School in Monterey, Calif. He was an instructor on a variety of topics in software engineering, information warfare, and security, and supervised in excess of 30 M.S. theses and three Ph.D. theses. He has taught courses for a variety of educational institutions and private corporations, in both local and distance learning formats.


  • Timur D. Snoke

    Timur Snoke is a member of the technical staff and the Situational Awareness Team in SEI’s CERT Division.  His primary focus is identifying gaps in network security capabilities to support the research and development of new sources and methods for network defense.  Prior to joining the SEI, Snoke worked in a variety of capacities for ISPs and private companies in the health care, hospitality, financial, and transportation industries. He also worked in secondary and higher education, and in the federal and civilian government sectors.