Matthew J. Butkovic
Software Engineering Institute
Matthew Butkovic is the Technical Director of the Cyber Risk and Resilience Assurance Directorate in the CERT Division of the Carnegie Mellon University Software Engineering Institute (CMU SEI).
Matt performs critical infrastructure protection research and develops methods, tools, and techniques for evaluating capabilities and managing risk. This includes addressing the challenges of complex supply chains.
Matt teaches graduate level cybersecurity policy courses at the CMU Heinz College of Information Systems and Public Policy. He also is an instructor, focused on organizational resilience and supply chain risk management, for the Heinz CISO and CRO Executive Certificate Programs.
Matt has more than 20 years of managerial and technical experience in information technology (particularly information systems security, process design, and audit) in the banking and manufacturing sectors.
He is a Certified Information Systems Security Professional (CISSP) and Certified Information Systems Auditor (CISA) and earned degrees at the University of Pittsburgh (BA) and Pennsylvania State University (MS).
Publications by Matthew J. Butkovic
-
AI at the SEI
May 19, 2022 • Video
Michael MattarockMatthew J. Butkovic
In this episode, Matt Butkovic, talked with Michael Mattarock, about the SEI’s efforts to apply AI techniques to address national security mission needs while leading a national initiative to build a new discipline of AI Engineering.
watch -
The Silver Thread of Cyber in the Global Supply Chain
October 28, 2021 • Podcast
Matthew J. Butkovic
Matt Butkovic, technical director of risk and resilience in the SEI's CERT Division, discusses with Suzanne Miller the importance of cyber in the global supply chain and his team's work with the World Economic Forum.
learn more -
Opportunities for Women in Cybersecurity
August 24, 2021 • Video
Matthew J. ButkovicEbonie McNeilSharon Mudd
SEI staff members discuss careers in cybersecurity, and share the highlights of their work at the SEI, as well as challenges and lessons learned along the way.
watch -
How I Learned to Stop Worrying and Love SLAs
May 11, 2021 • Webinar
Matthew J. Butkovic
In this webcast, Matt Butkovic and Alan Levine discuss how cybersecurity SLAs are vital to the success of third-party relationships and a core component of sound governance.
watch -
SolarWinds Hack: Fallout, Recovery, and Prevention
February 10, 2021 • Webinar
Matthew J. ButkovicArt Manion
The recent SolarWinds incident demonstrated the challenges of securing systems when they are the product of complex supply chains.
watch -
Cyber Workforce Development and the Cybersecurity Engineer
September 24, 2020 • Video
Dennis M. AllenMatthew J. Butkovic
Matthew Butkovic interviews Dennis Allen on how the Cyber Workforce Development (CWD) team aims to reduce the cost and shorten the time required to build cybersecurity expertise and amplify that expertise to a globally distributed workforce.
watch -
Risk Management for the Enterprise–How Do You Get Executives to Care About Your Risks?
August 20, 2020 • Webinar
Brett TuckerMatthew J. Butkovic
In this webcast, Brett Tucker and Matthew Butkovic discuss the OCTAVE FORTE process. Attendees learned about the fundamental steps of the process and how they might apply them in their own organization.
watch -
Organizational Resilience in a Time of Crisis
June 25, 2020 • Webinar
Matthew J. ButkovicRoberta (Bobbie) Stempfley
An organization can demonstrate operational resilience, when faced with both cyber and physical disruptions, if it focuses on the fundamentals and makes data-driven risk decisions.
watch -
Cyber Hygiene: Why the Fundamentals Matter
October 17, 2019 • Webinar
Matthew J. ButkovicRandall F. TrzeciakMatthew Trevors
In this webcast, as a part of National Cybersecurity Awareness Month, our experts provided an overview of the concept of cyber hygiene, which addresses simple sets of actions that users can take to help reduce cybersecurity risks.
watch -
Cyber Hygiene: Why the Fundamentals Matter
October 16, 2019 • Presentation
Matthew J. ButkovicMatthew TrevorsRandall F. Trzeciak
In this webcast, as a part of National Cybersecurity Awareness Month, our experts will provide an overview of the concept of cyber hygiene, which addresses simple sets of actions that users can take to help reduce cybersecurity risks.
read -
Insider Threats: Your Questions. Our Answers.
September 23, 2019 • Webinar
Matthew J. ButkovicRandall F. TrzeciakDaniel L. Costa
In this webcast, as a part of National Insider Threat Awareness Month, our experts provided an overview of the ongoing research in this area, and answered questions about how the threat landscape continues to evolve.
watch -
What Is Cyber Hygiene?
March 07, 2019 • Video
Eliezer KanalMatthew J. Butkovic
This SEI Cyber Talk episode introduces the concept of cyber hygiene, which identifies simple practices that can help reduce cybersecurity risks.
watch -
Digital Footprints: Managing Privacy and Security
July 24, 2018 • Webinar
Matthew J. ButkovicLena Pons
With the recent Cambridge Analytica news and the rollout of the General Data Privacy Rule (GDPR) in Europe, there are many questions about how social media data privacy is managed and how it could be managed.
watch -
CYBURGH, PA: Using Process to Tame Technology
January 12, 2016 • Article
Matthew J. Butkovic
In this teQ Magazine article, Matt Butkovic discusses the role process plays solving today's cybersecurity challenges.
read -
Resilience Panel Discussion
November 30, 2015 • Webinar
Matthew J. ButkovicKatie C. Stewart
CERT researchers discuss risk management and resilience.
watch -
Supply Chain Risk Management: Managing Third Party and External Dependency Risk
March 26, 2015 • Podcast
John HallerMatthew J. ButkovicJulia H. Allen
In this podcast, Matt Butkovic and John Haller discuss approaches for more effectively managing supply chain risks, focusing on risks arising from “external entities that provide, sustain, or operate Information and Communications Technology (ICT)."
learn more -
Lessons in External Dependency and Supply Chain Risk Management
December 12, 2014 • Webinar
John HallerMatthew J. Butkovic
In this webinar, John Haller and Matthew Butkovic of the CERT Division of the Software Engineering Institute will discuss real-world incidents, including recent industrial control system attacks and incidents affecting Department of Defense capabilities.
watch -
CERT® RMM User Panel Discussion: USPIS, DHS, DoE, SunGard, & Lockheed Martin
June 17, 2014 • Webinar
Matthew J. Butkovic
Watch the CERT® RMM User Panel discuss their experiences implementing RMM from the SEI Virtual Event, CERT® Operational Resilience: Manage, Protect and Sustain
watch -
Department of Homeland Security Cyber Resilience Review (Case Study)
June 17, 2014 • Webinar
Matthew J. Butkovic
Watch Matthew Butkovic discuss the "Department of Homeland Security Cyber Resilience Review (Case Study)" from the SEI Virtual Event, CERT® Operational Resilience: Manage, Protect and Sustain
watch -
Using the Cyber Resilience Review to Help Critical Infrastructures Better Manage Operational Resilience
November 26, 2013 • Podcast
Kevin Dillon (Department of Homeland Security)Matthew J. ButkovicJulia H. Allen
In this podcast, the presenters explain how CRRs allow critical infrastructure owners to compare their cybersecurity performance with their peers.
learn more -
Advancing Cybersecurity Capability Measurement Using the CERT-RMM Maturity Indicator Level Scale
November 07, 2013 • Technical Note
Matthew J. ButkovicRichard A. Caralli
In this report, the authors review the specific and generic goals and practices in CERT-RMM to determine if a better scale could be developed.
read -
Cybersecurity SLAs: Managing Requirements at Arm's Length
June 26, 2013 • Presentation
Matthew J. Butkovic
presentation from the June 2013 CERT Symposium on Cyber Security Incident Management for Health Information Exchanges
read -
Considering Security and Privacy in the Move to Electronic Health Records
December 20, 2011 • Podcast
Deborah Lafky (Healthcare Information Technology (HIT) Security/Cybersecurity)Matthew J. ButkovicJulia H. Allen
In this podcast, participants discuss how using electronic health records bring many benefits along with security and privacy challenges.
learn more -
Best Practices for National Cyber Security: Building a National Computer Security Incident Management Capability, Version 2.0
April 01, 2011 • Technical Report
John HallerSamuel A. MerrellMatthew J. Butkovic
In this 2011 report, an update to its 2010 counterpart, the authors provide insight that interested organizations and governments can use to develop a national incident management capability.
read -
Conducting Cyber Exercises at the National Level
February 22, 2011 • Podcast
Brett Lambo (U.S. Department of Homeland Security)Matthew J. ButkovicJulia H. Allen
In this podcast, participants discuss exercises that help organizations, governments, and nations prepare for, identify, and mitigate cyber risks.
learn more -
Best Practices for National Cyber Security: Building a National Computer Security Incident Management Capability
June 01, 2010 • Special Report
John HallerSamuel A. MerrellMatthew J. Butkovic
In this report, the authors provide insight that interested organizations and governments can use to develop a national incident management capability.
read