About
Activity
-
Wow, still talking about the campout at Indiana Dunes all of these years later. Thanks Mr. Dykstra!
Wow, still talking about the campout at Indiana Dunes all of these years later. Thanks Mr. Dykstra!
Liked by Roland Varriale, CISSP
-
🌿I’m thrilled to announce the launch of The Climate Project!🌿 Our goal with The Climate Project is to provide actionable intelligence on how…
🌿I’m thrilled to announce the launch of The Climate Project!🌿 Our goal with The Climate Project is to provide actionable intelligence on how…
Liked by Roland Varriale, CISSP
-
This was a long effort and well worth it. Thanks to all the people who made this possible and contributed nights and weekends to get this done.
This was a long effort and well worth it. Thanks to all the people who made this possible and contributed nights and weekends to get this done.
Shared by Roland Varriale, CISSP
Experience & Education
Licenses & Certifications
Publications
-
Risks of Electric Vehicle Supply Equipment Integration Within Building Energy Management System Environments: A Look at Remote Attack Surface and Implications
National Cyber Summit
The rapid development of Electric Vehicle Supply Equipment (EVSE) and incorporation within more traditional industrial control systems, such as Building Management Systems (BMS) and Building Energy Management Systems (BEMS) can lead to undesirable consequences. In a desire to gain functionality, separated components are often integrated and accessible through less secure means. Furthermore, the architecture and operational environment of some devices may lead to unintended consequences based on…
The rapid development of Electric Vehicle Supply Equipment (EVSE) and incorporation within more traditional industrial control systems, such as Building Management Systems (BMS) and Building Energy Management Systems (BEMS) can lead to undesirable consequences. In a desire to gain functionality, separated components are often integrated and accessible through less secure means. Furthermore, the architecture and operational environment of some devices may lead to unintended consequences based on either physical or logical co-location. To perform analysis of the remote attack surface we used publicly available tools and data sets such as Shodan, nmap, and exploit-db’s searchsploit tool.
We will also discuss evidence of possible remote attack surface weakness across the sector, as a whole, and what the implications of weaknesses within our threat model may permit within the operating environment.Other authors -
Using Discrete Correlation Functions to Inform Vehicle Security Solutions
Transportation Review Board
In order to achieve control over certain vehicle functionality, adversarial agents frequently must spoof the speed of a moving vehicle. One way to combat this is to poll numerous signals from the vehicle network in order to evaluate the validity of a given signal. This research used discrete correlation function calculations to find pairs of signals within an automotive CAN bus network that exhibit strong correlation during normal driving conditions. This project uses data collected from a…
In order to achieve control over certain vehicle functionality, adversarial agents frequently must spoof the speed of a moving vehicle. One way to combat this is to poll numerous signals from the vehicle network in order to evaluate the validity of a given signal. This research used discrete correlation function calculations to find pairs of signals within an automotive CAN bus network that exhibit strong correlation during normal driving conditions. This project uses data collected from a vehicle CAN bus and calculates the discrete correlation function values at various lag inputs, and analyzes how this information might be used to better protect against cyber security threats against moving vehicles.
Other authors -
DOE Vehicle Technology Office Electrification Annual Progress Report (FY2019)
Department of energy
During fiscal year 2019 (FY 2019), the U.S. Department of Energy (DOE) Vehicle Technologies Office (VTO) funded early stage research & development (R&D) projects that address Batteries and Electrification of the U.S. transportation sector. The VTO Electrification Sub-Program is composed of Electric Drive Technologies, and Grid Integration activities. The Electric Drive Technologies group conducts R&D projects that advance electric motors and power electronics technologies. The Grid and Charging…
During fiscal year 2019 (FY 2019), the U.S. Department of Energy (DOE) Vehicle Technologies Office (VTO) funded early stage research & development (R&D) projects that address Batteries and Electrification of the U.S. transportation sector. The VTO Electrification Sub-Program is composed of Electric Drive Technologies, and Grid Integration activities. The Electric Drive Technologies group conducts R&D projects that advance electric motors and power electronics technologies. The Grid and Charging Infrastructure group conducts R&D projects that advance grid modernization and electric vehicle charging technologies. This document presents a brief overview of the Electrification Sub-Program and progress reports for its R&D projects. Each of the progress reports provide a project overview and highlights of the technical results that were accomplished in FY 2019.
-
Automating ECU Identification for Vehicle Security
IEEE
The field of vehicular cybersecurity has received considerable media and research attention in the past few years. Given the increasingly connected aspect of consumer automobiles, along with the inherent danger of these machines, there has been a call for experienced security researchers to contribute towards the vehicle security domain. The proprietary nature of Controller Area Network (CAN) bus messages, however, creates a barrier of entry for those unfamiliar, due to the need to identify…
The field of vehicular cybersecurity has received considerable media and research attention in the past few years. Given the increasingly connected aspect of consumer automobiles, along with the inherent danger of these machines, there has been a call for experienced security researchers to contribute towards the vehicle security domain. The proprietary nature of Controller Area Network (CAN) bus messages, however, creates a barrier of entry for those unfamiliar, due to the need to identify what the messages on a given vehicle's bus are broadcasting. This work aims to automate the process of correlating CAN bus messages with specific Electronic Control Unit (ECU) functions in a new vehicle, by creating a machine learning classifier that has been trained on a dataset of multiple vehicles from different manufacturers. The results show that accurate classification is possible, and that some ECUs that broadcast similar vehicle dynamics broadcast similar CAN messages.
Other authors -
-
Auto Detection of ECU Labels
MORS Symposium
Detection of electronic control units on cars is labor intensive and tedious. This information is necessary in order to interact with vehicles utilizing a control area network (CAN) bus. To reduce the amount of interaction and time needed for this identification we posit that supervised machine learning classifiers can be utilized to assist in this labeling through a statistical analysis of the transmission frequency, message contents, and bus location.
-
Cleaning from the Inside Out: Deconstruction of Botnets
MORS Symposium
Botnets are an increasing threat to both organizations and individuals. Users at the mercy of botnet operators may observe telltale signs of infection such as internet connectivity loss, antivirus malfunction, or a slowdown in normal computer operations. Despite these inconvenience there are legal implications to your computer being utilized for illicit activities. In our research we propose a methodology that mirror the original infection vector in order to gain access to an entity within the…
Botnets are an increasing threat to both organizations and individuals. Users at the mercy of botnet operators may observe telltale signs of infection such as internet connectivity loss, antivirus malfunction, or a slowdown in normal computer operations. Despite these inconvenience there are legal implications to your computer being utilized for illicit activities. In our research we propose a methodology that mirror the original infection vector in order to gain access to an entity within the botnet. From that point there are several methods being utilized to fingerprint and scan for additional hosts and cleanse them in a large scale fashion. This research is hugely divergent from current approaches which target high value entities within the botnet infrastructure.
-
A Survey of Current Work on Vehicle Security and Vehicle Security Considerations
George Mason University, Center for Infrastructure Protection
A high level overview of some of the technologies that are used within vehicle systems and some possible implications of the inherent vulnerabilities that they contain
-
Cybersecurity in Industrial Control Systems
Society of Military Engineers
Industrial Control Systems and Supervisory Control and Data Acquisition (ICS/SCADA) systems are some of the hardest to protect due to their historical physical access-only nature. This significance, in relation to cybersecurity, as well as other security implications are discussed an consequently some approaches towards hardening networks to enable more secure operations
-
VTIS: A Volunteered Traveler's Information System
ACMGIS-IWCTS
VTIS is a dynamic notification system that takes in a user's route and calculates the time-delay imposed by disruptions to the normal traversal. The disruptions are calculated by using crowdsourced notifications. This is accomplished by the creation of a client side application for notification display and a server infrastructure that will process and store the event information. We have devised a system that will generate personalized notifications for users based on a provided path, temporal…
VTIS is a dynamic notification system that takes in a user's route and calculates the time-delay imposed by disruptions to the normal traversal. The disruptions are calculated by using crowdsourced notifications. This is accomplished by the creation of a client side application for notification display and a server infrastructure that will process and store the event information. We have devised a system that will generate personalized notifications for users based on a provided path, temporal range, and set of transportation modes. At a high level, the functionality of this system is to identify events that affect the user's route and notify the user of these events. The VTIS will provide a multimodal notification system based on information mined from Twitter data and volunteered information from VTIS users. This information will be stored to create a repository of transportation events., This repository will be queried to notify affected users of events that may affect their route.. Although this outlined problem has been solved previously, our approach is novel in several ways: (1)accounting for multiple modes, (2)combining user input with mined data, and the (3)modeling method used to calculate effects on the user's route. Some of these methods have been implemented separately; however, a comprehensive system has not been constructed that includes all of these items.
Other authorsSee publication -
PHPDBC: A PHP Database Connector
University of Scranton
A PHP class has been devised to encapsulate the functionality of a database connector while excluding the underlying DBMS used. This is extremely important in the design of robust PHP systems that use database integration.
-
Modeling and Simulation of Star Polymers in Two Dimensions
American Society for Engineering Education
We have simulated ideal linear and star polymers on a two-dimensional square lattice.
Random numbers are used to decide upon the direction of polymer growth. Each
configuration so generated forms an independent sample for statistical averaging. The
mean-square radius of gyration, <S2>, and its error have been computed for polymers
with two arms (linear chains) , and three, four, five or six arms. The data fit the expected
scaling laws. The g ratio…We have simulated ideal linear and star polymers on a two-dimensional square lattice.
Random numbers are used to decide upon the direction of polymer growth. Each
configuration so generated forms an independent sample for statistical averaging. The
mean-square radius of gyration, <S2>, and its error have been computed for polymers
with two arms (linear chains) , and three, four, five or six arms. The data fit the expected
scaling laws. The g ratio, <S2> star / <S2>linear, is in excellent agreement with the
theoretical predictions of Zimm and Stockmeyer, who showed that g = (3 f - 2) / f 2 ,
where f is the number of branches in the star polymer.Other authors -
-
Emancipation from Physical Security Using UAS
MORS Symposium
The widespread use of unmanned aerial systems (UAS) lends itself to additional attack surface that was previously secured through physical security means. By leveraging UAS we can empower a penetration tester to gain a foothold into a network through means that would previously be thwarted through the guns, gates, guards physical security paradigm.
Courses
-
Algorithms
CS401
-
Artificial Intelligence
CS411
-
Data and Text Mining
CS583
-
Database Systems
CS480
-
Database Systems
SE523
-
Engineering of Software Systems
SE516
-
Formal Methods and Models
SE507
-
Interactive and Time Critical Systems Design
SE521
-
Introduction to Networking
CS450
-
Introduction to Software Development
SE501
-
Mathematics of Software Engineering
SE500
-
Requirements, Analysis and Software Specification
SE504
-
Research Methods in Computer Science
CS590
-
Secure Computer Systems
CS470
-
Software Generation and Maintenance
SE519
-
Software Project Management
-
-
SpatioTemporal Database Systems
CS580
Honors & Awards
-
Career Pathways Featured Scientist
Louis Stokes Midwest Center of Excellence
The Louis Stokes Midwest Center of Excellence (LSMCE) was created in 2012 to communicate best practices, tools, and information garnered from the Louis Stokes Alliances for Minority Participation (LSAMP) consortium to a broader audience. LSMCE will serve as a national hub of information for scholars to access data, models, and funding opportunities in broadening participation of underrepresented minority (URM) students in Science, Technology, Engineering, and Math (STEM). Additionally, the…
The Louis Stokes Midwest Center of Excellence (LSMCE) was created in 2012 to communicate best practices, tools, and information garnered from the Louis Stokes Alliances for Minority Participation (LSAMP) consortium to a broader audience. LSMCE will serve as a national hub of information for scholars to access data, models, and funding opportunities in broadening participation of underrepresented minority (URM) students in Science, Technology, Engineering, and Math (STEM). Additionally, the Center will begin assisting 28 Midwestern non-LSAMP schools with developing strategies to improve their URM students’ performance, persistence and success in STEM degree programs and provide opportunities for their faculty and students to participate in STEM activities including workshops/conferences, webinars and research internships.
Organizations
-
National Institute of Standards and Technology (NIST) National Initiative for Cybersecurity Education (NICE) Working Group on Promoting Career Discovery
Co-Chair
- PresentThis Working Group will focus on the NICE Strategic Plan goal to Promote the Discovery of Cybersecurity Careers and Multiple Pathways. The group will conduct an ongoing environmental scan of programs, projects, and initiatives related to this strategic plan’s goals and objectives to assess the scope and sufficiency of efforts. The group will also identify gaps where more attention and effort is needed. The group will identify strategies and tactics to implement the corresponding objectives…
This Working Group will focus on the NICE Strategic Plan goal to Promote the Discovery of Cybersecurity Careers and Multiple Pathways. The group will conduct an ongoing environmental scan of programs, projects, and initiatives related to this strategic plan’s goals and objectives to assess the scope and sufficiency of efforts. The group will also identify gaps where more attention and effort is needed. The group will identify strategies and tactics to implement the corresponding objectives to this goal. The group will also develop corresponding metrics to measure progress and success. https://www.nist.gov/itl/applied-cybersecurity/nice/community/community-coordinating-council/promote-career-discovery
-
Secret Service Electronic Crimes Task Force
Board Member, Academic Chair
- PresentThe role of the U.S. Secret Service (USSS) has gradually evolved since the agency's 1865 inception, from its initial mandate – suppressing the counterfeiting of U.S. currency – to protecting the integrity of the nation's financial payment systems. During this time, as methods of payment have evolved, so has the scope of the USSS mission. Computers and other chip devices are now the facilitators of criminal activity or the target of such, compelling the involvement of the USSS in combating…
The role of the U.S. Secret Service (USSS) has gradually evolved since the agency's 1865 inception, from its initial mandate – suppressing the counterfeiting of U.S. currency – to protecting the integrity of the nation's financial payment systems. During this time, as methods of payment have evolved, so has the scope of the USSS mission. Computers and other chip devices are now the facilitators of criminal activity or the target of such, compelling the involvement of the USSS in combating cybercrime. The perpetrators involved in the exploitation of such technology range from traditional fraud artists to violent criminals - all of whom recognize new opportunities to expand and diversify their criminal portfolio. To bring these perpetrators to justice, the USSS developed a new body, the Electronic Crimes Task Force (ECTF), to increase the resources, skills and vision by which State, local, and federal law enforcement agencies team with prosecutors, private industry and academia to fully maximize what each has to offer in an effort to combat criminal activity. The common purpose is the prevention, detection, mitigation, and aggressive investigation of attacks on the nation's financial and critical infrastructures. The agency's first ECTF, the New York Electronic Crimes Task Force, was formed based on this concept in 1995.
-
Argonne National Laboratory Introduce a Girl to Engineering Day (IGED)
Mentor
- PresentArgonne’s IGED gives young female students a unique opportunity to discover engineering careers alongside world-class scientists and engineers. Participants will enjoy motivational presentations by female Argonne employees, tour Argonne’s cutting-edge research facilities, connect with a mentor, engage in hands-on engineering experiments, and compete in a team challenge – all designed specifically for middle school-aged girls.
-
Argonne National Laboratory Science Careers in Search of Women
Organizing Committee Member
- PresentEach year, WIST partners with Argonne’s Educational Programs to host the Science Careers in Search of Women (SCSW) conference. SCSW inspires young women to pursue careers in science, bringing them into the laboratory for a day of lectures, tours, career booth exhibits, and mentoring. SCSW offers female high school students an extraordinary opportunity to explore STEM professions and areas of interest through interaction with Argonne’s world-class women scientists and engineers.
-
National Cyber Summit
Program Committee Member
- PresentThe National Cyber Summit is a multi-track cyber security event held annually with an expectation of about 1500 participants and more than 60 exhibitors. The event features tracks dedicated to technical, organizational, and research topics to address the entire cyber threat landscape.
-
Information Security Undergraduate Research (INSuRE)
Technical Director
- PresentMentoring undergraduate and graduate students in cyber security research methodologies and practices on a semester by semester basis. Research problems have spanned IoT security, botnet analysis, and V2X testbed and use case development.
More activity by Roland
-
After serving as the regional director in North America for the IACIPP, I am pleased to continue my engagement with the organization in Europe. I…
After serving as the regional director in North America for the IACIPP, I am pleased to continue my engagement with the organization in Europe. I…
Liked by Roland Varriale, CISSP
-
The IEEE Transportation Electrification Conference and Expo (ITEC2024) started today! I am excited to present my research paper entitled “P-HIL Model…
The IEEE Transportation Electrification Conference and Expo (ITEC2024) started today! I am excited to present my research paper entitled “P-HIL Model…
Liked by Roland Varriale, CISSP
-
Last week I officially completed my masters degree from the Georgetown University Security Studies Program. I got a lot out of it, and I look forward…
Last week I officially completed my masters degree from the Georgetown University Security Studies Program. I got a lot out of it, and I look forward…
Liked by Roland Varriale, CISSP
-
View my verified achievement from Security Blue Team.
View my verified achievement from Security Blue Team.
Liked by Roland Varriale, CISSP
-
At 4:30 pm ET at #SCSPAI2024, Oak Ridge National Laboratory's Director of AI Programs, Prasanna Balaprakash, will be discussing secure, trustworthy…
At 4:30 pm ET at #SCSPAI2024, Oak Ridge National Laboratory's Director of AI Programs, Prasanna Balaprakash, will be discussing secure, trustworthy…
Liked by Roland Varriale, CISSP
-
I am excited to add a few more letters after my name as I am now an IAPP Fellow of Information Privacy!
I am excited to add a few more letters after my name as I am now an IAPP Fellow of Information Privacy!
Liked by Roland Varriale, CISSP
-
We’re hiring! Join Argonne National Laboratory as a Science Communications Coordinator. We're looking for someone passionate about sharing the…
We’re hiring! Join Argonne National Laboratory as a Science Communications Coordinator. We're looking for someone passionate about sharing the…
Liked by Roland Varriale, CISSP
-
Interoperability is key to a convenient, reliable EV charging network. Join K. Shankari from the Joint Office Standards and Reliability Team at the…
Interoperability is key to a convenient, reliable EV charging network. Join K. Shankari from the Joint Office Standards and Reliability Team at the…
Liked by Roland Varriale, CISSP
-
We are looking for a pilot/demonstration partner for EVrest, an EV charge station management system and driver mobile app we developed at Argonne…
We are looking for a pilot/demonstration partner for EVrest, an EV charge station management system and driver mobile app we developed at Argonne…
Liked by Roland Varriale, CISSP
-
Cybersecurity is important for reliable EV charging. Check out this third in a series of blog posts from CESER about cybersecurity in EV charging…
Cybersecurity is important for reliable EV charging. Check out this third in a series of blog posts from CESER about cybersecurity in EV charging…
Liked by Roland Varriale, CISSP
-
https://appfl.ai Our DOE-funded privacy-preserving federated learning package #APPFL has moved to a new website address to better serve our users…
https://appfl.ai Our DOE-funded privacy-preserving federated learning package #APPFL has moved to a new website address to better serve our users…
Liked by Roland Varriale, CISSP
-
Marian Merritt and Susana Barraza from the NICE team are at the #WiCySConference in Nashville this week! Be sure to stop by our booth to say "hello!"…
Marian Merritt and Susana Barraza from the NICE team are at the #WiCySConference in Nashville this week! Be sure to stop by our booth to say "hello!"…
Liked by Roland Varriale, CISSP
Other similar profiles
-
Amanda Theel
Workforce Development | Developing Cybersecurity Talent
Connect -
Alec Poczatek
Connect -
Charles Varriale
Press Release Administrator at Worldwide Branding
Connect -
Madeline Smith
Owner, Madeline Pet Clothier
Connect -
Damisleydis Fonseca
Ingeniera en Ciencias Informáticas
Connect -
Madeline Smith
Connect -
Jamil Siddique
Consulting Director, Product Security @ CNA Insurance
Connect -
Andrew Craig
Connect -
Francesca Varriale
Junior Business Developer / Account Manager / Content Marketing Creator / Communication Specialist /
Connect -
Matt Schroeder
Connect
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore More