Timothy J. Shimeall
Software Engineering Institute
Dr. Timothy Shimeall is a senior member of the technical staff with the CERT Network Situational Awareness Group of the Software Engineering Institute, where he is responsible for overseeing and participating in the development of analysis methods in the area of network systems security and survivability. This work includes development of methods to identify trends in security incidents and in the development of software used by computer and network intruders. Of particular interest are incidents affecting defended systems and malicious software that are effective despite common defenses. Tim is also an Adjunct Professor at Carnegie Mellon University, with teaching and research interests focused on information survivability. Before joining Carnegie Mellon University, Tim was an Associate Professor at the Naval Postgraduate School in Monterey, California. He taught a variety of topics in software engineering, systems and security and supervised numerous masters and Ph.D. theses. He has taught courses for a variety of educational institutions and private corporations, in both local and distance learning formats.
Publications by Timothy J. Shimeall
-
Improving Analytics Using Enriched Network Flow Data
April 24, 2023 • Webinar
Timothy J. ShimeallKatherine Prevost
In this webcast, Tim Shimeall and Katherine Prevost discuss how to use IPFIX-formatted data with detail derived from deep packet inspection (DPI) to provide increased confidence in identifying behavior.
watch -
IPFIX and DPI Information in a Big Data Environment
February 06, 2023 • Presentation
Katherine PrevostTimothy J. Shimeall
This presentation describes several tools for processing IPFIX flow data with DPI details.
read -
Sensing in Hybrid Clouds
February 02, 2022 • Video
Timothy J. Shimeall
Tim Shimeall delivered this presentation at FloCon 2022 on January 13, 2022. Watch the video and download the slides.
watch -
Ransomware: Evolution, Rise, and Response
February 18, 2021 • Podcast
Marisa MidlerTimothy J. Shimeall
Marisa Midler and Tim Shimeall, analysts with the SEI's CERT Division, discuss steps and strategies that organizations can adopt to minimize their exposure to the risks and threats associated with ransomware.
learn more -
Methods for Testing and Qualifying Analytics
August 19, 2020 • Presentation
Timothy J. Shimeall
This presentation describes a process for testing analytics and qualifying them to be used to inform ongoing network defense.
read -
An Updated Framework of Defenses Against Ransomware
August 18, 2020 • White Paper
Timur D. SnokeTimothy J. Shimeall
This report, loosely structured around the NIST Cybersecurity Framework, seeks to frame an approach for defending against Ransomware-as-a-Service (RaaS) as well as direct ransomware attacks.
read -
Data Driven Security Challenges
August 18, 2020 • Presentation
Timothy J. Shimeall
This presentation discusses data driven security challenges in network security.
read -
Solving Current Cyber Challenges: Academic and Industry Collaboration
June 19, 2020 • Webinar
Timothy J. ShimeallTimur D. Snoke
The chasm between what academia researches and what industry uses in cyber is wide. By building mutually beneficial collaborations between the two, we can improve algorithms, datasets and techniques that are applicable to the real-world.
watch -
Applying Best Practices in Network Traffic Analysis
November 29, 2018 • Podcast
Timothy J. ShimeallTimur D. Snoke
Tim Shimeall and Timur Snoke, both researchers in the SEI's CERT Division, highlight some best practices (and application of these practices) that they have observed in network traffic analysis.
learn more -
How to Be a Network Traffic Analyst
September 13, 2018 • Podcast
Timothy J. ShimeallTimur D. Snoke
Tim Shimeall and Timur Snoke, researchers in the SEI's CERT Division, examine the role of the network traffic analyst in capturing and evaluating ever-increasing volumes of network data.
learn more -
Four Valuable Data Sources for Network Security Analytics
December 05, 2017 • Webinar
Timothy J. Shimeall
This webinar focused on the development and application of combined data analytics and offered several examples of analytics that combine domain resolution data, network device inventory and configuration data, and intrusion detection.
watch -
Four Valuable Data Sources for Network Security Analytics
October 04, 2017 • Presentation
Timothy J. Shimeall
This webinar will focus on the development and application of combined data analytics and will offer several examples of analytics that combine domain resolution data, network device inventory and configuration data.
read -
Building Analytics for Network Flow Records
May 11, 2017 • Webinar
Timothy J. ShimeallMatthew Heckathorn
Learn how to identify network flow characteristics and metrics that support understanding traffic
watch -
Network Flow and Beyond
September 29, 2016 • Podcast
Timothy J. Shimeall
In this podcast, Timothy Shimeall discusses approaches for analyzing network security using and going beyond network flow data to gain situational awareness to improve security.
learn more -
Planning Curricula for the Network Traffic Analyst of 2018-2020
January 11, 2016 • Presentation
Timothy J. Shimeall
This FloCon 2016 presentation describes the likely skills, abilities, and challenges for network traffic analysts in the next three to five years.
read -
Merging Network Configuration and Network Traffic Data in ISP-Level Analyses
January 11, 2016 • Presentation
Timothy J. Shimeall
This presentation was given in January 2016 at FloCon, a network security conference that provides a forum for large-scale network flow analytics.
read -
Network Flow Analysis in Information Security Strategy
January 12, 2015 • Presentation
Timothy J. Shimeall
In this presentation from FloCon 2015, Tim Shimeall describes a series of analytics keyed to the strategies they support.
read -
Introduction to Information Security: A Strategic-Based Approach
April 15, 2014 • Book
Timothy J. ShimeallJonathan Spring
The authors provide a strategy-based introduction to providing defenses as a basis for engineering and risk-management decisions in the defense of information.
read -
Quilt: A System for Distributed Temporal Queries of Security Relevant Heterogeneous Data
January 13, 2014 • Presentation
Timothy J. ShimeallGeorge Jones
In this presentation, Tim Shimeall and George Jones describe Quilt, a distributed data query engine that allows for a broach range of data and that supports temporal relationships.
read -
Advanced SiLK Analysis
January 13, 2014 • Presentation
Geoffrey T. SandersTimothy J. Shimeall
In this presentation, Geoff Sanders and Tim Shimeall provide analysts with knowledge and skills to create, display, and use prefix maps.
read -
2013 IEEE Symposium Quilt Poster
May 19, 2013 • Poster
Timothy J. ShimeallGeorge Jones
This poster describes Quilt, a system for distributed queries of security-relevant data.
read -
Quilt: A System for Distributed Queries of Security-Relevant Data
May 19, 2013 • Presentation
Timothy J. ShimeallGeorge JonesDerrick Karimi
In this presentation, the authors describe Quilt, a system for distributed queries of security-relevant data.
read -
The Limitations of Analysis at Scale
January 07, 2013 • Presentation
Timothy J. Shimeall
In this presentation, Timothy Shimeall describes the analysis of large-scale network traffic.
read -
Limitations of Traffic Analysis at Large Scale
January 07, 2013 • Presentation
Timothy J. Shimeall
In this presentation, Timothy Shimeall describes the analysis of large-scale network traffic.
read -
Behavioral Whitelists of High Volume Web Traffic to Specific Domains
January 07, 2013 • Poster
George JonesTimothy J. Shimeall
This poster shows how to facilitate incident analysis by creating whitelists of external domains that receive large volumes of traffic.
read -
Common Sense Guide to Mitigating Insider Threats, Fourth Edition
December 01, 2012 • Technical Report
George SilowashDawn CappelliAndrew P. Moore
In this report, the authors define insider threats and outline current insider threat patterns and trends.
read -
Network Situational Displays from Network Flow Data
January 09, 2012 • Presentation
Timothy J. Shimeall
In this presentation, Timothy Shimeall describes the difficulties and goals associated with network flow data displays.
read -
Analytical Evaluation Framework
August 08, 2011 • Presentation
Timothy J. Shimeall
In this presentation, given at GFIRST 2011, Tim Shimeall provides a framework for evaluating network traffic analysis tools.
read -
Exploring the Interactions Between Network Data Analysis and Security Information/Event Management
January 10, 2011 • Presentation
Timothy J. Shimeall
In this presentation, Timothy Shimeall explores the interaction of data analysis and security event management and new approaches to be explored.
read -
A Temporal Logic For Network Flow Analysis
January 11, 2010 • Presentation
Timothy J. Shimeall
In this presentation, Tim Shimeall discusses temporal logic adaptations of flow analysis and how formalization of time relationships can help improve flow analysis methods.
read -
Flow Analysis for Network Situational Awareness
January 11, 2010 • Presentation
Timothy J. Shimeall
In this presentation, given at FloCon in January 2010, Tim Shimeall discusses networks, external events and trends, and network dependencies and analysis.
read -
Using the Facts to Protect Enterprise Networks: CERT's NetSA Team
December 01, 2009 • Podcast
Timothy J. ShimeallJulia H. Allen
In this podcast, Timothy Shimeall describes how network defenders and business leaders can use NetSA measures to protect their networks.
learn more -
Detecting Spam and Spam Responses
January 12, 2009 • Presentation
Timothy J. Shimeall
In this presentation, Tim Shimeall discusses email, spam, and using flow-based analysis to investigate email-based behaviors.
read -
Education in Flow Analysis
January 12, 2009 • Presentation
Timothy J. Shimeall
In this presentation, Tim Shimeall discusses ways to address education in flow analysis at the undergraduate, graduate, and professional levels.
read -
Common Sense Guide to Prevention and Detection of Insider Threats 3rd Edition – Version 3.1
January 01, 2009 • White Paper
Dawn CappelliAndrew P. MooreRandall F. Trzeciak
In this paper, the authors present findings from examining insider crimes in a new way and add new practices that were not present in the second edition.
read -
Management and Education of the Risk of Insider Threat (MERIT): System Dynamics Modeling of Computer System
May 01, 2008 • White Paper
Dawn CappelliAkash G. Desai (Information Networking Institute, Carnegie Mellon University)Andrew P. Moore
In this paper, the authors describe the MERIT insider threat model and simulation results.
read -
Anonymizing Network Flow Data
January 07, 2008 • Presentation
Timothy J. Shimeall
In this presentation, Tim Shimeall discusses network flow data anonymization, subnet preserving and collapsing, host preserving and collapsing, and ports.
read -
Predicting Future Botnet Addresses With Uncleanliness
May 09, 2007 • Conference Paper
Michael CollinsTimothy J. ShimeallSid Faber
In this paper, the authors discuss whether we can effectively predict future bot locations.
read -
Management and Education of the Risk of Insider Threat (MERIT): Mitigating the Risk of Sabotage to Employers Information, Systems, or Networks
March 01, 2007 • Technical Note
Dawn CappelliAkash G. Desai (Information Networking Institute, Carnegie Mellon University)Andrew P. Moore
In this 2006 report, the authors describe MERIT insider threat model and simulation results.
read -
Simulating Insider Cyber-Threat Risks: A Model-Based Case and a Case-Based Model
August 11, 2005 • White Paper
Eliot Rich (University at Albany State University of New York)Howard F. LipsonDave Mundie
In this paper, the authors identify actions that may inadvertently lead to increased vulnerability to threats from employees, contractors, and clients.
read -
Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors
May 01, 2005 • Special Report
Tara Conway (National Threat Assessment Center)Susan Keverline (National Threat Assessment Center)Michelle Keeney (United States Secret Service)
In this report, the authors seek to close the gaps in the literature that make it difficult for organizations to fully understand the insider threat.
read -
Preliminary System Dynamics Maps of the Insider Cyber-Threat Problem
January 01, 2005 • White Paper
David F. Andersen (University at Albany State University of New York)Elise A. Weaver (Worcester Polytechnic Institute)Aldo Zagonel (University at Albany, Rockefeller College of Public Affairs and Policy)
This paper discusses the preliminary system dynamic maps of the insider cyber-threat and describes the main ideas behind the research proposal.
read