Tom Scanlon
CERT
Thomas Scanlon holds a doctoral degree in Information Systems and currently is a researcher in the SEI’s CERT Division. He has more than 10 years of industry experience with Fortune 500 companies. Scanlon currently specializes in applied research topics related to secure software engineering, such as authentication and authorization, secure software development, automated testing tools, cyber threat modeling, and the Risk Management Framework (RMF). During the past 2 years, he has worked directly with the Joint Federated Assurance Center (JFAC) within the Department of Defense on the prototyping and selection of software testing tools and developing guidelines for others on selecting appropriate software testing tools.
Publications by Tom Scanlon
-
CERT Applied Data Science for Cybersecurity
March 23, 2023 • Video
Tom Scanlon
In this SEI Cyber Minute, Tom Scanlon introduces the new CERT Applied Data Science for Cybersecurity Professional Certificate.
watch -
Deepfakes 101
November 07, 2022 • Presentation
Shannon GallagherTom Scanlon
This presentation by Shannon Gallagher and Thomas Scanlon was delivered virtually at Deepfakes Day 2022 on August 30, 2022.
read -
7 Steps to Engineer Security into Ongoing and Future Container Adoption Efforts
February 25, 2021 • Podcast
Tom ScanlonRichard Laughlin
Thomas Scanlon and Richard Laughlin discuss seven steps that developers can take to engineer security into ongoing and future container adoption efforts.
learn more -
10 Types of Application Security Testing Tools and How to Use Them
February 07, 2019 • Podcast
Tom Scanlon
Thomas Scanlon, a researcher in the SEI's CERT Division, discusses the different types of application security testing tools and provides guidance on how and when to use each tool.
learn more -
DoD Developer’s Guidebook for Software Assurance
December 14, 2018 • Special Report
William NicholsTom Scanlon
This guidebook helps software developers for DoD programs understand expectations for software assurance and standards and requirements that affect assurance.
read -
Threat Modeling: A Summary of Available Methods
August 09, 2018 • White Paper
Nataliya ShevchenkoTimothy A. ChickPaige O'Riordan
This paper discusses twelve threat modeling methods from a variety of sources that target different parts of the development process.
read