Software Engineering Institute

Robin Ruefle is the team lead for the Security Operations Development and Training team within the CERT Division of the Software Engineering Institute at Carnegie Mellon University. Her focus is on the development of management, procedural, and technical guidelines and practices for the establishment, maturation, operation, and evaluation of computer security incident response teams (CSIRTs), security operation teams or centers, incident management capabilities, and insider threat programs worldwide. A second focus area has been helping organizations build career path planning frameworks, training and mentoring frameworks, competency and curricula guidance, and readiness assessments. As a member of the CERT Division, Ruefle has worked with numerous organizations to help them plan and implement their incident management and insider threat capabilities. Ruefle has been the coauthor of a variety of publications, including Handbook for CSIRTs, 2nd edition; CSIRT Services List, Defining Incident Management Processes for CSIRTs: A Work in Progress; and The Competency Lifecycle Roadmap (CLR): Toward Performance Readiness. She has participated in the development of the CSIRT Services Framework for the Forum of Incident Response and Security Teams (FIRST). She develops and delivers sessions in the CERT Division’s CSIRT and Insider Threat suites of courses. She has co-developed two instruments for evaluation of incident management capabilities, the Incident Management Capability Assessment and the Mission Risk Diagnostic for Incident Management Capabilities, and the initial version of a similar assessment, the Federal Computer Network Defense Metrics. She is a co-author of the Insider Threat Program Evaluation (ITPE) assessment instrument and the supporting courses for building an insider threat program. Ruefle received an MPIA (master of public and international affairs) and a BA in political science from the University of Pittsburgh. She has also taught courses in information technology, management information systems, and information retrieval and analysis as an adjunct faculty member in the both the continuing education and MBA programs at Chatham University and in the Graduate School of Public and International Affairs (GSPIA) at the University of Pittsburgh.

Mark Zajicek is a member of the technical staff in the CERT Division within the Software Engineering Institute at Carnegie Mellon University. Zajicek’s current work focuses on helping other organizations to build their own computer security incident response team (CSIRT) or incident management capability. As a member of the CERT CSIRT Development and Training team, Zajicek is responsible for providing guidance to new and existing CSIRTs worldwide. He has co-developed a variety of documents and training materials, and he is an instructor for a suite of several courses that provide training for CSIRT managers and technical staff. Previously, Zajicek was the daily operations team leader for the CERT Coordination Center (CERT/CC), after having joined the CERT/CC’s incident handling staff in 1992 and supported the CERT/CC during its initial start-up in 1988.