Timothy Morrow
Software Engineering Institute
Tim Morrow is the situational awareness technical manager in the SEI CERT Division’s Monitoring and Response Directorate. Morrow applies architecture-centric approaches to systems-of-systems to analyze and identify potential risks to improve their cybersecurity. Morrow’s past experience includes providing acquisition and technical support for the complete lifecycle of DoD and non-DoD programs.
Publications by Timothy Morrow
-
Zero Trust Industry Day 2022: Areas of Future Research
January 25, 2023 • White Paper
Matthew NicolaiTrista PolaskiTimothy Morrow
This paper describes the future research discussed at the 2022 Zero Trust Industry Day event.
read -
Industry Best Practices for Zero Trust Architecture
December 13, 2022 • White Paper
Matthew NicolaiNathaniel RichmondTimothy Morrow
This paper describes best practices identified during the SEI’s Zero Trust Industry Day 2022, and provides ways to help organizations shift to zero trust.
read -
Zero Trust Industry Day Experience Paper
October 31, 2022 • White Paper
Timothy MorrowMary PopeckRhonda Brown
This paper describes the results of the 2022 Zero Trust Industry Day event.
read -
Panel Discussion: 2022 Zero Trust Industry Day
August 30, 2022 • Video
Timothy MorrowJose Padin (Zscaler)Jason Garbis (Appgate)
Panelists discuss areas related to zero trust that need additional research.
watch -
The 4 Phases of the Zero Trust Journey
July 07, 2022 • Podcast
Timothy MorrowMatthew Nicolai
Tim Morrow and Matthew Nicolai outline 4 steps that organizations can take to implement and maintain a zero trust architecture.
learn more -
Zero Trust Journey
October 07, 2021 • Webinar
Geoffrey T. SandersTimothy Morrow
In this webcast, Geoffrey Sanders and Tim Morrow discuss the purpose of and how to think about Zero Trust Architecture transition.
watch -
Cloud Security Best Practices Derived from Mission Thread Analysis
September 02, 2021 • Technical Report
Timothy MorrowVincent LaPianaDonald Faatz
This report presents practices for secure, effective use of cloud computing and risk reduction in transitioning applications and data to the cloud, and considers the needs of limited-resource businesses.
read -
Zero Trust: Risks and Research Opportunities
March 01, 2021 • White Paper
Geoffrey T. SandersTimothy Morrow
This paper describes a zero trust vignette and three mission threads that highlight risks and research areas to consider for zero trust environments.
read -
Situational Awareness for Cybersecurity: Beyond the Network
October 01, 2020 • Podcast
Timothy MorrowAngela Horneman
Angela Horneman and Timothy Morrow discuss the importance of looking beyond the network to gain situational awareness for cybersecurity.
learn more -
Three Federal Government/DoD Cloud Transition Issues and How to Prevent Them
July 18, 2019 • Webinar
Eileen WrubelTimothy MorrowDale Alleshouse
This webcast addressed a few of the causes for cloud transition issues, as well as identified some practices that will assist organizations as they plan to transition assets and capabilities to the cloud.
watch -
Overview of Risks, Threats, and Vulnerabilities Faced in Moving to the Cloud
July 11, 2019 • Technical Report
Timothy MorrowKelwyn PenderCarrie Lee (U.S. Department of Veteran Affairs)
This report, updated in October 2020, examines the changes to risks, threats, and vulnerabilities when applications are deployed to cloud services.
read -
Best Practices for Security in Cloud Computing
October 25, 2018 • Podcast
Donald FaatzTimothy Morrow
Don Faatz and Tim Morrow, researchers with the SEI's CERT Division, outline best practices that organizations should use to address the vulnerabilities and risks in moving applications and data to cloud services.
learn more -
Risks, Threats, and Vulnerabilities in Moving to the Cloud
October 18, 2018 • Podcast
Donald FaatzTimothy Morrow
Tim Morrow and Donald Faatz outline the risks, threats, and vulnerabilities that organizations face when moving applications or data to the cloud.
learn more -
SoS Architectures - Identifying Architecture, Engineering and Capability Challenges Early in the Lifecycle
November 18, 2015 • Presentation
Michael J. GagliardiTimothy MorrowWilliam G. Wood
The SEI has applied its Mission Thread Workshop (MTW) approach on a variety of system of systems (SoS) architectures in DoD organizations. This talk presents the MTW in the context of a DoD mission-critical SoS example.
read -
Paying Due Diligence to Software Architecture in Acquisition
November 18, 2015 • Presentation
Michael J. GagliardiTimothy Morrow
This presentation describes approaches that the SEI has used with program offices to adopt software architecture and quality attribute practices in acquisition contexts.
read -
When and Where to Apply the Family of Architecture-Centric Methods
April 30, 2015 • Presentation
Timothy MorrowMichael J. GagliardiWilliam G. Wood
This talk covers the family of architecture-centric methods that we have developed and used with DoD and commercial customers to clarify requirements and identify risks.
read -
Architecture Best Practices for Project and Technical Leaders
November 05, 2014 • Presentation
Felix BachmannJim McHaleTimothy Morrow
This TSP Symposium 2014 presentation describes a set of architecture best practices based on commercial and government experiences in software development.
read -
Wireless Emergency Alerts: Trust Model Simulations
February 26, 2014 • Special Report
Timothy MorrowRobert W. StoddardJoseph P. Elm
This report presents four types of simulations run on the public trust model and the alert originator trust model developed for the Wireless Emergency Alerts (WEA) service, focusing on how to increase both alert originators' and the public's trust in WEA.
read -
Introduction to the Mission Thread Workshop
October 01, 2013 • Technical Report
Michael J. GagliardiWilliam G. WoodTimothy Morrow
This report introduces the Mission Thread Workshop, a method for understanding architectural and engineering considerations for developing and sustaining systems of systems. It describes the three phases of the workshop and explains the steps of each.
read -
Socio-Adaptive Systems Challenge Problems Workshop Report
June 01, 2013 • Special Report
Scott HissamMark H. KleinTimothy Morrow
This report presents a summary of the findings of the Socio-Adaptive Systems Challenge Problem Workshop, held in Pittsburgh, PA, on April 12-13, 2012.
read -
Mission Thread Workshop (MTW): Preparation and Execution
May 02, 2013 • Presentation
Michael J. GagliardiTimothy MorrowWilliam G. Wood
This presentation describes the Mission Thread Workshop (MTW) and its benefits. The three phases for conducting an MTW are explained, as well as how the MTW fits into system-of-systems architecture development and analysis.
read -
Mission Thread Workshop: Preparation and Execution
May 01, 2013 • Presentation
Timothy Morrow
A presentation from the ninth annual SATURN conference, held in Minneapolis, MN, April 29 - May 3, 2013.
read -
Supporting the Use of CERT Secure Coding Standards in DoD Acquisitions
July 01, 2012 • Technical Note
Timothy MorrowRobert C. SeacordJohn K. Bergey
In this report, the authors provide guidance for helping DoD acquisition programs address software security in acquisitions.
read -
Mission Thread Workshops: Lessons Learned in End-to-End Capability and Quality Attribute Specification for SoS Architecture Development
May 13, 2011 • Presentation
Michael J. GagliardiTimothy MorrowWilliam G. Wood
A presentation from SATURN 2011 that explains lessons learned from mission thread workshops (MTW) as an early architecture development step.
read -
Implementing Secure Coding Standards in a System Acquisition
December 04, 2009 • Presentation
John K. BergeyTimothy Morrow
In this December 2009 presentation, John Bergey and Tim Morrow explore how required secure coding standards can be specified and integrated in a system acquisition.
read -
System of Systems Quality Attribute Specification and Architecture Evaluation
October 26, 2009 • Presentation
Michael J. GagliardiWilliam G. WoodTimothy Morrow
This tutorial presentation describes an SoS Architecture Engagement in the context of a DoD mission-critical SoS example.
read -
QUASAR: A Method for the Quality Assessment of Software-Intensive System Architectures
July 01, 2006 • Handbook
Donald FiresmithPeter CapellJoseph P. Elm
This 2006 handbook documents the QUASAR (QUality Assessment of System ARchitectures) method for assessing the quality of the architecture of a software-intensive system.
read -
Integrating Software Architecture Evaluation in a DoD System Acquisition
April 06, 2005 • Presentation
Timothy Morrow
This SATURN 2005 presentation by John Bergey and Timothy Morrow of the Software Engineering Institute (SEI) discusses how to integrate software architecture evaluation in a DoD system acquisition.
read