About
Dr. Thomas P. Scanlon is a Senior Research Scientist and Technical Manager in the CERT Division of the Software Engineering Institute at Carnegie Mellon University. He leads the CERT Data Science technical program which incorporates artificial intelligence, machine learning, and statistical analyses to develop solutions for cybersecurity challenges. Additionally, Dr. Scanlon performs applied research in the areas of software engineering, DevSecOps, cyber risk management, usability & HCI, threat modeling, and supply chain security. Prior to joining the SEI, he worked for more than a decade in IT leadership roles with Fortune 500 companies. Dr. Scanlon coauthored the DoD Developer’s Guidebook for Software Assurance as part of sponsored research for the Join Federated Assurance Center (JFAC). He is a frequent speaker at conferences, including having presented at O’Reilly Open Source Conference (OSCON), IEEE Workshop on Big Data for Cybersecurity (BigCyber), (ISC)² Security Congress, ACT-IAC Imagine Nation, and also regularly participates in webinars and podcasts. In addition to publishing many SEI technical reports, he has published at refereed venues. Recent publications include “Critical Factors for Open Source Advancement in the U.S. Department of Defense” in IEEE Software and co-authoring “Security Impacts of Sub-optimal DevSecOps Implementations in Highly Regulated Environments” in ACM Proceedings of the 15th International Conference on Availability, Reliability and Security. Dr. Scanlon is a recipient of an Information Security Leadership Awards (ISLA®) award as an “MVP” partner to the U.S. Government from (ISC)², the world’s largest nonprofit association of certified cybersecurity professionals, for his participation in the development of cybersecurity guidelines for program managers and developers.