Jose A. Morales
CERT
Jose Morales is a researcher with the CERT® Division at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. He has conducted research in cybersecurity since 1998 with a current focus on behavior-based malware analysis and detection, suspicion assessment theory and implementation, mobile malware, and malware distribution networks. He has extensive experience in building dynamic analysis systems for executable programs on various platforms. He graduated with a Ph.D. in Computer Science from Florida International University in 2008. Before coming to Carnegie Mellon, he was a post-doctoral research fellow at the Institute for Cyber Security at the University of Texas, San Antonio. He is co-founder and moderator of the Hispanics in Computing email list. He is a Senior Member of the ACM and the IEEE.
Publications by Jose A. Morales
-
Implementing Pipelines to Automate Container Maintenance in Highly Regulated Environments
April 27, 2022 • Presentation
Rob McCarthyJose A. Morales
This session was presented by Rob McCarthy and Jose Morales at DevSecOps Days Pittsburgh, held virtually April 27, 2022.
read -
Challenges to Implementing DevOps in Highly Regulated Environments
May 28, 2020 • Podcast
Hasan YasarJose A. Morales
Hasan Yasar and Jose Morales discuss challenges to implementing DevOps in highly regulated environment (HREs), exploring issues such as environment parity, the approval process, and compliance.
learn more -
Guide to Implementing DevSecOps for a System of Systems in Highly Regulated Environments
April 08, 2020 • Technical Report
Jose A. MoralesRichard TurnerSuzanne Miller
This Technical Report provides guidance to projects interested in implementing DevSecOps (DSO) in defense or other highly regulated environments, including those involving systems of systems.
read -
DevOps in Highly Regulated Environments
June 27, 2019 • Podcast
Hasan YasarJose A. Morales
Hasan Yasar and Jose Morales discuss the process, challenges, approaches, and lessons learned in implementing DevOps in the software development lifecycle in highly regulated environments.
learn more -
Implementing DevOps Practices in Highly Regulated Environments
April 02, 2018 • White Paper
Jose A. MoralesHasan YasarAaron Volkmann
In this paper, the authors layout the process with insights on performing a DevOps assessment in a highly regulated environment.
read -
Using Malware Analysis to Identify Overlooked Security Requirements
March 23, 2017 • Presentation
Nancy R. MeadJose A. Morales
This presentation describes initial research conducted by CERT and Carnegie Mellon to determine if malware report databases were amenable to automated processing to identify flaws
read -
Compliance Signaling Games: Toward Modeling the Deterrence of Insider Threats
April 08, 2016 • Article
William CaseyJose A. MoralesEvan Wright
In this paper, the authors analyze how the dynamics of compliance games illuminate the effectiveness or risks of an organizational policy.
read -
Enhancing Mobile Device Security
November 30, 2015 • Webinar
Jose A. Morales
Jose Morales discusses mobile device security enhancements with defensive and offensive uses.
watch -
Using Malware Analysis to Improve Security Requirements on Future Systems
August 25, 2015 • Conference Paper
Nancy R. MeadJose A. Morales
In this paper, the authors propose to improve how security requirements are identified.
read -
A Method and Case Study for Using Malware Analysis to Improve Security Requirements
January 09, 2015 • Article
Nancy R. MeadJose A. MoralesGregory Paul Alice
In this article, the authors propose to enhance software development lifecycle models by implementing a process for including use cases based on previous cyberattacks.
read -
Characterizing and Prioritizing Malicious Code
May 29, 2014 • Podcast
Jose A. MoralesJulia H. Allen
In this podcast, Jose Morales discusses how to prioritize malware samples, helping analysts to identify the most destructive malware to examine first.
learn more