Samuel J. Perl

CERT

Samuel J. Perl is a member of the CSIRT (Computer Security Incident Response Team) development team within the CERT® Division at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. He has been with CERT since 2011 and has worked in a variety of areas, including insider threat, vulnerability assessment, security incident data analysis, and incident management team development. Prior to joining CERT, Perl gained over 10 years of industry experience working with client organizations to manage their most challenging IT security risk issues. Perl holds a Master of Science degree in Information Security Management and a Bachelor of Science in Information Systems from Carnegie Mellon University.

Publications by Samuel J. Perl

Cyber Intelligence Tradecraft Report: The State of Cyber Intelligence Practices in the United States (Study Report and Implementation Guides)

May 21, 2019 • Collection

Jared Ettinger April Galyardt Ritwik Gupta

This report details the findings of a study the SEI conducted at the request of the United States Office of the Director of National Intelligence. In the report, we present current best practices and common challenges in cyber intelligence.
view
Incident Management Capability Assessment

December 19, 2018 • Technical Report

Audrey J. Dorofee Robin Ruefle Mark Zajicek

The capabilities presented in this report provide a benchmark of incident management practices.
read
The Critical Role of Positive Incentives for Reducing Insider Threats

December 15, 2016 • Technical Report

Andrew P. Moore Jeff Savinda Elizabeth A. Monaco

This report describes how positive incentives complement traditional practices to provide a better balance for organizations' insider threat programs.
read
An Insider Threat Indicator Ontology

May 10, 2016 • Technical Report

Daniel L. Costa Michael J. Albrethsen Matthew L. Collins

This report presents an ontology for insider threat indicators, describes how the ontology was developed, and outlines the process by which it was validated.
read
Capturing the Expertise of Cybersecurity Incident Handlers

August 27, 2015 • Podcast

Samuel J. Perl Richard O. Young Julia H. Allen

In this podcast, Dr. Richard Young, a professor with CMU, and Sam Perl, a member of the CERT Division, discuss their research on how expert cybersecurity incident handlers react when faced with an incident.
learn more
An Incident Management Ontology

November 25, 2014 • Conference Paper

Dave Mundie Robin Ruefle Audrey J. Dorofee

In this paper, the authors describe the shortcomings of the incident management meta-model and how an incident management ontology addresses those shortcomings.
read
An Ontology for Insider Threat Indicators

November 24, 2014 • Conference Paper

Daniel L. Costa Matthew L. Collins Samuel J. Perl

In this paper, the authors describe their ongoing development of an insider threat indicator ontology.
read