Software Engineering Institute

Bradford J. Willke

Software Engineering Institute

Bradford Willke is a senior member of the technical staff within the CERT® Program at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University. Willke is responsible for leading the Information Security Assessment and Evaluation team, and conducts research, development, and process improvement activities in risk, threat, and vulnerability management methodology related to information security management. Willke also leads projects to develop strategies and provide support for national and international critical infrastructure protection initiatives. In addition, he worked on the development of the SEI’s principle risk assessment methodology, the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE™) Method. Before joining the SEI, Willke managed technology and security operations for computing resources of the 90th Security Police Squadron, Francis E. Warren Air Force Base, Wyoming. Willke served in the United States Air Force as a law enforcement specialist and organizational computer security officer from 1993-1997. Willke holds a professional certificate in information protection and security from the University of New Haven, and received a BS in information systems technologies from Southern Illinois University at Carbondale. He received an AAS in criminal justice from the Community College of the Air Force, and has been a Certified Information System Security Professional (CISSP) since 2004.

Publications by Bradford J. Willke

Best Practices for National Cyber Security: Building a National Computer Security Incident Management Capability, Version 2.0

April 01, 2011 • Technical Report

John Haller, Samuel A. Merrell, Matthew J. Butkovic, Bradford J. Willke

In this 2011 report, an update to its 2010 counterpart, the authors provide insight that interested organizations and governments can use to develop a national incident management capability.
read
Best Practices for National Cyber Security: Building a National Computer Security Incident Management Capability

June 01, 2010 • Special Report

John Haller, Samuel A. Merrell, Matthew J. Butkovic, Bradford J. Willke

In this report, the authors provide insight that interested organizations and governments can use to develop a national incident management capability.
read
Managing Risk to Critical Infrastructures at the National Level

August 05, 2008 • Podcast

Bradford J. Willke, Julia H. Allen

In this podcast, Bradford Willke explain how protecting critical infrastructures and the information they use are essential for preserving our way of life.
learn more
Management and Education of the Risk of Insider Threat (MERIT): System Dynamics Modeling of Computer System

May 01, 2008 • White Paper

Dawn Cappelli, Akash G. Desai (Information Networking Institute, Carnegie Mellon University), Andrew P. Moore, Timothy J. Shimeall, Elise A. Weaver (Worcester Polytechnic Institute), Bradford J. Willke

In this paper, the authors describe the MERIT insider threat model and simulation results.
read
Insider Threat Study: Illicit Cyber Activity in the Government Sector

January 01, 2008 • White Paper

Eileen Kowalski (United States Secret Service), Dawn Cappelli, Bradford J. Willke, Andrew P. Moore

In this paper, the authors present the findings of a research effort to examine reported insider incidents in the government sector.
read
Management and Education of the Risk of Insider Threat (MERIT): Mitigating the Risk of Sabotage to Employers Information, Systems, or Networks

March 01, 2007 • Technical Note

Dawn Cappelli, Akash G. Desai (Information Networking Institute, Carnegie Mellon University), Andrew P. Moore, Timothy J. Shimeall, Elise A. Weaver (Worcester Polytechnic Institute), Bradford J. Willke

In this 2006 report, the authors describe MERIT insider threat model and simulation results.
read
Information Asset Profiling

June 01, 2005 • Technical Note

James F. Stevens, Richard A. Caralli, Bradford J. Willke

In this 2005 report, the authors describe IAP, a documented and repeatable process for developing consistent asset profiles.
read
Managing for Enterprise Security

December 01, 2004 • Technical Note

Richard A. Caralli, Julia H. Allen, James F. Stevens, Bradford J. Willke, William R. Wilson

In this 2004 report, the authors itemize characteristics of common approaches to security that limit effectiveness and success.
read
The Critical Success Factor Method: Establishing a Foundation for Enterprise Security Management

July 01, 2004 • Technical Report

Richard A. Caralli, James F. Stevens, Bradford J. Willke, William R. Wilson

In this report, the authors describe the critical success factor method and present theories and experience in applying it to enterprise security management.
read