Thomas A. Longstaff
Software Engineering Institute
Tom Longstaff is Chief Technology Officer of the SEI. As CTO, Longstaff is responsible for formulating a technical strategy and leading the funded research program of the institute based on current and predicted future trends in technology, government, and industry.
Before joining the SEI as CTO in 2018, Longstaff was a program manager and principal cybersecurity strategist for the Asymmetric Operations Sector of the Johns Hopkins University Applied Physics Laboratory (APL), where he led projects on behalf of the U.S. government, including nuclear command and control, automated incident response, technology transition of cyber R&D, information assurance, intelligence, and global information networks.
He also was chair of the Computer Science, Cybersecurity, and Information Systems Engineering Programs and co-chair of Data Science in the Whiting School at Johns Hopkins. His academic publications span topics such as malware analysis, information survivability, insider threat, intruder modeling, and intrusion detection. He maintains an active role in the information assurance community and regularly advises organizations on the future of network threat and information assurance. He is an editor for Computers and Security, and has previously served as associate editor for IEEE Security and Privacy; general chair for the New Security Paradigms Workshop and Homeland Security Technology Conference; and numerous other program and advisory committees.
Prior to joining the staff at APL, Longstaff was the deputy director for technology for the CERT Division at the Software Engineering Institute. In his 15-year tenure at the SEI CERT Division, he helped create many of the projects and centers that made the program an internationally recognized network security organization. His work included assisting the Department of Homeland Security and other agencies to use response and vulnerability data to define and direct a research and operations program in analysis and prediction of network security and cyber terrorism events.
Longstaff received his bachelor’s degree in physics and mathematics from Boston University and his master’s degree in applied science and his Ph.D. in computer science from the University of California, Davis.
Publications by Thomas A. Longstaff
-
SEI Research Review 2022 Overview: Forging the Path
November 04, 2022 • Video
Thomas A. Longstaff
This short video provides an introduction to research topics presented at the SEI Research Review 2022.
watch -
CMU SEI Research Review 2021 Welcome and Keynote Address with Heidi Shyu
November 12, 2021 • Video
Paul NielsenThomas A. Longstaff
Paul Nielsen and Tom Longstaff introduce the CMU SEI Research Review 2021 and Heidi Shyu presents the keynote address.
watch -
SEI Research Review 2021: The Collaboration Effect
November 04, 2021 • Video
Thomas A. Longstaff
This short video provides an introduction to research topics presented at the SEI Research Review 2021.
watch -
A Discussion on DoD Software Advances and What’s Next from SEI
May 15, 2020 • Webinar
Thomas A. LongstaffJeff Boleng
SEI Chief Technology Officer Tom Longstaff interviewed Jeff Boleng, a senior advisor to the U.S. Department of Defense, on recent DoD software advances and accomplishments.
watch -
SEI Artificial Intelligence Engineering Roadmap
January 27, 2020 • Video
Thomas A. LongstaffRotem D. Guttman
Tom Longstaff and Rotem Guttman walk through the Software Engineering Institute's plans for how to advance the science of artificial intelligence engineering.
watch -
CMU SEI Research Review 2019 Project Descriptions and Posters
November 01, 2019 • Annual Report
Thomas A. Longstaff
This brochure includes descriptive information about the SEI's fiscal year 2019 research portfolio
read -
STEM + Diversity = Greater Technology Innovation
August 15, 2019 • Video
Thomas A. LongstaffGrace Lewis
Tom Longstaff and Grace Lewis discuss how the inclusion of minorities and women in science, technology, engineering, and math (STEM) careers can promote a nation's progress by increasing its ability to innovate.
watch -
Games That Work
July 18, 2019 • Video
Thomas A. LongstaffRotem D. Guttman
Tom Longstaff and Rotem Guttman discuss gamification and how the concept of serious games can be useful to improve training, especially for teaching complex and sophisticated skills to trainees at graduate levels of education and beyond.
watch -
The Future of Cyber Simulation
June 03, 2019 • Presentation
Thomas A. Longstaff
This presentation was given by Tom Longstaff as the keynote at the Cyber Simulator Showcase on June 3, 2019, and it discusses the uses and limitations of machine learning for improving cyber simulations.
read -
Leading in the Age of Artificial Intelligence
January 16, 2019 • Podcast
Thomas A. Longstaff
Tom Longstaff, who in 2018 was hired as the SEI's chief technology officer, discusses the challenges of leading a technical organization in the age of artificial intelligence.
learn more -
Computational Evaluation of Software Security Attributes
June 01, 2009 • White Paper
Gwendolyn H. WaltonThomas A. LongstaffRichard C. Linger (Oak Ridge National Laboratory)
This paper provides an introduction to the CSA approach, provides behavioral requirements for security attributes, and discusses possible application of the CSA approach.
read -
Results of SEI Independent Research and Development Projects (FY 2006)
July 01, 2007 • Technical Report
Christopher J. AlbertsEileen C. ForresterSuzanne Garcia-Miller
This report describes the IRAD projects that were conducted during fiscal year 2006 (October 2005 through September 2006).
read -
Evolving Business Models, Threats, and Technologies: A Conversation with CERT's Deputy Director for Technology
December 26, 2006 • Podcast
Thomas A. LongstaffJulia H. Allen
In this podcast, participants discuss how business models are evolving as security threats become more covert and technology enables information migration.
learn more -
Technology Foundations for Computational Evaluation of Software Security Attributes
December 01, 2006 • Technical Report
Gwendolyn H. WaltonThomas A. LongstaffRichard C. Linger (Oak Ridge National Laboratory)
In this 2006 report, the authors describe foundations for computational security attributes technology.
read -
Ultra-Large-Scale Systems: The Software Challenge of the Future
June 01, 2006 • Book
Peter H. FeilerKevin Sullivan (University of Virginia)Kurt C. Wallnau
Ultra-Large-Scale Systems: The Software Challenge of the Future is the product of a 12-month study of ultra-large-scale (ULS) systems software.
read -
Wish List
July 22, 2004 • Presentation
Thomas A. Longstaff
In this article, Soumyo D. Moitra describes the data needed to plan network security, particularly related to acquiring and deploying network sensors systems.
read -
SEI Independent Research and Development Projects
October 01, 2002 • Technical Report
Steve CrossKurt C. WallnauEileen C. Forrester
This report describes the IR&D projects that were conducted during fiscal year 2002 (October 2001 through September 2002).
read -
Survivable Network Analysis Method
September 01, 2000 • Technical Report
Nancy R. MeadRobert J. EllisonRichard C. Linger (Oak Ridge National Laboratory)
This report, published in 2000, describes the SNA method developed at the SEI's CERT Coordination Center. The SNA method guides stakeholders through an analysis process intended to improve system survivability when a system is threatened.
read -
Case Study in Survivable Network System Analysis
September 01, 1998 • Technical Report
Robert J. EllisonRichard C. Linger (Oak Ridge National Laboratory)Thomas A. Longstaff
In this report, the authors present a method for analyzing the survivability of distributed network systems and an example of its application.
read -
The Architecture Tradeoff Analysis Method
July 01, 1998 • Technical Report
Rick KazmanMark H. KleinMario R. Barbacci
This paper presents the Architecture Tradeoff Analysis Method (ATAM), a structured technique for understanding the tradeoffs inherent in the architectures of software-intensive systems.
read -
Steps in an Architecture Tradeoff Analysis Method: Quality Attribute Models and Analysis
May 01, 1998 • Technical Report
Mario R. BarbacciPeter H. FeilerMark H. Klein
This paper presents some of the steps in an emerging architecture tradeoff analysis method (ATAM).
read -
The Architecture Tradeoff Analysis Method
April 01, 1998 • White Paper
Rick KazmanMark H. KleinMario R. Barbacci
This paper presents the Architecture Tradeoff Analysis Method (ATAM), a structured technique for understanding the tradeoffs inherent in design.
read -
Survivable Network Systems: An Emerging Discipline
November 01, 1997 • Technical Report
David FisherRichard C. Linger (Oak Ridge National Laboratory)Howard F. Lipson
This 1997 report describes the survivability approach to helping assure that a system that must operate in an unbounded network is robust in the presence of attack and will survive attacks that result in successful intrusions.
read -
Report to the President's Commission on Critical Infrastructure Protection
January 01, 1997 • Special Report
James EllisDavid FisherThomas A. Longstaff
This 1997 report identifies threats to and vulnerabilities of the Internet and estimates the cascade effect that a successful, sustained attack on the Internet would have on the critical national infrastructures set out in Executive Order 13010.
read -
A Case Study in Requirements for Survivable Systems
January 01, 1996 • White Paper
Robert J. EllisonRichard C. Linger (Oak Ridge National Laboratory)Thomas A. Longstaff
This case study summarizes the application and results of applying the SNA method to a subsystem of a large-scale, distributed healthcare system.
read -
Quality Attributes
December 01, 1995 • Technical Report
Mario R. BarbacciMark H. KleinThomas A. Longstaff
This report describes efforts to develop a unifying approach for reasoning about multiple software quality attributes.
read -
Results of a Workshop on Research in Incident Handling
September 01, 1993 • Special Report
Thomas A. Longstaff
This document contains the results of the first CERT Invitational Workshop on Research in Incident Handling, held at the Software Engineering Institute in November 1992.
read