John Haller
Software Engineering Institute
John Haller is an SEI alumni employee.
John Haller is a member of the technical staff on the Cybersecurity Assurance team within the CERT® Division at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. As a member of this team, Haller performs research on critical infrastructure protection, focusing on methods, tools and techniques for managing external dependency and third party risk. Prior to joining CERT in 2010, Haller was analyzing cybercrime attacks on the financial industry in collaboration with a U.S. law enforcement agency. Haller, a U.S. Army veteran, received his Juris Doctor (cum laude) and Master in Public and Internationaal Affairs from the University of Pittsburgh and is also a Certified Information Systems Security Professional (CISSP).
Publications by John Haller
-
Assessing DoD System Acquisition Supply Chain Risk Management
May 01, 2017 • Article
Christopher J. AlbertsJohn HallerCharles M. Wallen
In this Crosstalk article, the authors discuss the growing challenge of cyber risks in the defense supply chain.
read -
Managing Third Party Risk in Financial Services Organizations: A Resilience-Based Approach
September 27, 2016 • White Paper
John HallerCharles M. Wallen
A resilience-based approach can help financial services organizations to manage cybersecurity risks from outsourcing and comply with federal regulations.
read -
Global Value Chain – An Expanded View of the ICT Supply Chain
July 18, 2016 • Podcast
Edna M. Conway (Cisco Systems, Inc.)John HallerLisa R. Young
In this podcast, Edna Conway and John Haller discuss the global value chain for organizations and critical infrastructures and how this expanded view can be used to improve ICT supply chain management, including risks to the supply chain.
learn more -
SEI Cyber Minute: Using Smart Service Level Agreements (SLAs)
July 13, 2016 • Video
John Haller
John Haller discusses "Using Smart SLAs."
watch -
Supply Chain Risk Management: Managing Third Party and External Dependency Risk
March 26, 2015 • Podcast
John HallerMatthew J. ButkovicJulia H. Allen
In this podcast, Matt Butkovic and John Haller discuss approaches for more effectively managing supply chain risks, focusing on risks arising from “external entities that provide, sustain, or operate Information and Communications Technology (ICT)."
learn more -
Lessons in External Dependency and Supply Chain Risk Management
December 12, 2014 • Webinar
John HallerMatthew J. Butkovic
In this webinar, John Haller and Matthew Butkovic of the CERT Division of the Software Engineering Institute will discuss real-world incidents, including recent industrial control system attacks and incidents affecting Department of Defense capabilities.
watch -
Identifying a Shared Mental Model Among Incident Responders
March 12, 2013 • Conference Paper
Robert FloodeenJohn HallerBrett Tjaden
In this paper, the authors explore how effective communication might be improved by the development of a mental model internalized by the group's technical staff prior to an incident.
read -
Best Practices for National Cyber Security: Building a National Computer Security Incident Management Capability, Version 2.0
April 01, 2011 • Technical Report
John HallerSamuel A. MerrellMatthew J. Butkovic
In this 2011 report, an update to its 2010 counterpart, the authors provide insight that interested organizations and governments can use to develop a national incident management capability.
read -
Public-Private Partnerships: Essential for National Cyber Security
November 30, 2010 • Podcast
Samuel A. MerrellJohn HallerPhilip Huff (Arkansas Electric Cooperative Corporation)
In this podcast, participants explain that knowledge of software assurance is essential to ensure that complex systems function as intended.
learn more -
Establishing a National Computer Security Incident Response Team (CSIRT)
August 19, 2010 • Podcast
Jeffrey J. CarpenterJohn HallerJulia H. Allen
In this podcast, participants discuss how essential a national CSIRT is for protecting national and economic security and continuity.
learn more -
Best Practices for National Cyber Security: Building a National Computer Security Incident Management Capability
June 01, 2010 • Special Report
John HallerSamuel A. MerrellMatthew J. Butkovic
In this report, the authors provide insight that interested organizations and governments can use to develop a national incident management capability.
read