Samuel Perl. Welcome to my site on the web. This site contains some of the research I have been involved in.
Selected Publications
- Gennari, J., Lau, S. H., Perl, S., Parish, J., & Sastry, G. “Considerations for evaluating large language models for cybersecurity tasks.” Software Engineering Institute with OpenAI - 2024
- Amy Cyphert, Sam Perl, and S. Sean Tu, J.D., Ph.D / July 8, 2024 “Artificial Intelligence Cannibalism and the Law.” Colorado Technology Law Journal. Volume 22. Issue 2.
- Tu, S. Sean, Amy Cyphert, and Samuel J. Perl. “Artificial Intelligence: Legal Reasoning, Legal Research and Legal Writing.” Minnesota Journal of Science & Technology. 25 (2023): 105.
- Cyphert, Amy, and Sam Perl. “Blockchain Safe Harbor? Applying the Lessons Learned from Early Internet Regulation.” Marquette Law Review. 107 (2023): 145.
- AlQadheeb, Arwa, Siddhartha Bhattacharyya, and Samuel Perl. “Enhancing cybersecurity by generating user-specific security policy through the formal modeling of user behavior.” Array 14 (2022): 100146.
- Tu, Sean, Amy Cyphert, and Sam Perl. “Limits of using artificial intelligence and GPT-3 in patent prosecution.” Tex. Tech L. Rev. 54 (2021): 255.
- Alfageeh, Ali, et al. “Assurance for CyberSecurity with Assume-Guarantee Reasoning.” 2019 IEEE 10th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON). IEEE, 2019.
- Ettinger, Jared. “Cyber Intelligence Tradecraft Report the State of Cyber Intelligence Practices in the United States, Rapor.” CARNEGIE-MELLON UNIV PITTSBURGH PA PITTSBURGH United States, 2019.
- I am a co-author of the Forum for Incident Response (FIRST) Computer Security Incident Response Team (CSIRT) Services Framework 2.1, referred to as the FIRST CSIRT Services Framework 2.1. It available in PDF format 2020.
- I am a co-author of an addendum to the CSIRT Services Framework called the CSIRT Roles and Competencies version 0.9.0 2022.
- Moore, Andrew P., et al. “The Critical Role of Positive Incentives for Reducing Insider Threats”. No. CMU/SEI-2016-TR-014. CARNEGIE-MELLON UNIV PITTSBURGH PA PITTSBURGH United States, 2016.
- Woods, Bronwyn, Samuel J. Perl, and Brian Lindauer. “Data mining for efficient collaborative information discovery.” Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security (WISCS 2015). ACM, 2015.
- D. Costa, M. Collins, S. Perl, M. Albrethsen, G. Silowash, and D. Spooner, “An ontology for insider threat indicators: Development and application” in Proc. of the 9th Conference on Semantic Technology for Intelligence, Defense, and Security (STIDS’14), Fairfax, Virginia, USA. CEUR Workshop Proceedings, November 2014, pp. 48–53.
- Mundie, David A., et al. “An Incident Management Ontology.” STIDS. 2014.
- Mundie, David A., Samuel J. Perl, and C. L. Huth. “Insider Threat Defined: Discovering the Prototypical Case.” JoWUA 5.2 (2014): 7-23.
- Robin Ruefle, Audrey Dorofee, David Mundie, Allen D. Householder, Michael Murray, Samuel J. Perl, “Computer Security Incident Response Team Development and Evolution”, IEEE Security & Privacy, vol.12, no. 5, pp. 16-26, Sept.-Oct. 2014, doi:10.1109/MSP.2014.89
- Mundie, David A., Sam Perl, and Carly L. Huth. “Toward an ontology for insider threat research: Varieties of insider threat definitions.” Socio-Technical Aspects in Security and Trust (STAST), 2013 Third Workshop on. IEEE, 2013
Selected External Presentations
- Blockchain and Incident Response Dealing with Blockchain Technology for Incident Responders, FIRST Regional Symposium for Latin America & Caribbean (May 2022)
- The Carnegie Mellon University Software Engineering Institute Research Review (June 2017)
- Harvesting Artifacts - Improving Useful Data Extraction from Cybersecurity Incident Reports, FIRST Conference for Incident Response (June 2017)
- Measuring Similarity Between Cyber Security Incident Reports, FIRST Conference for Incident Response(June 2017)
- A Cognitive Study to Discover How Expert Incident Responders Think, FIRST Conference for Incident Response (June 2015). Program Listing. A PDF of the slides is here.
- Discovering Patterns of Activity in Unstructured Incident Reports at Large Scale, FIRST Conference for Incident Response (June 2015). Program Listing. A PDF of the slides is here.
- Building our Insider Threat Ontology, Carnegie Mellon Ontology community group 2014
- Converting the Incident Management Body of Knowledge to an Ontology, The 3rd International Workshop on Security Ontologies and Taxonomies held in conjunction with the 9th International Conference on Availability, Reliability and Security (ARES 2014), Fribourg, Switzerland (Sept 2014)
- Identifying the Root Causes of Propagation in Submitted Incident Reports (using the Broad Street taxonomy), FIRST Conference for Incident Response 2014 Technical Track, Boston, Ma (June 2014)
- Preliminary metrics created from exploratory data analysis of incident data, FIRST Conference for Incident Response 2014 - Metrics Special Interest Group, Boston, MA (June 2014)
- Metrics for analyzing the cost of a cybersecurity incident, FIRST Conference for Incident Response 2013 - Metrics Special Interest Group, Bangkok, Thailand (June 2013)
- Insider Threat Edge Cases, Rochester security summit (RSS), Rochester, NY (October 2013)
Selected Articles and Podcasts
- SEI Podcast, August 2024, Evaluating Large Language Models for Cybersecurity Tasks: Challenges and Best Practices - In this podcast from the Carnegie Mellon Software Engineering Institute, Jeff Gennari and Sam Perl discuss applications for LLMs in cybersecurity, potential challenges, and recommendations for evaluating LLMs.
- I led the development of an implementation guide for Cyber Threat Frameworks in the SEI Cyber Intelligence Tradecraft Report: The State of Cyber Intelligence Practices in the United States (Study Report and Implementation Guides) (May 2019)
- Improving Data Extraction from Cybersecurity Incident Reports, SEI Blog, September 2017
- Stress Management and Mistake Minimization, CERT Insider Threat Blog, (Part 8 of 20: CERT Best Practices to Mitigate Insider Threats Series), June 2017
- SEI Podcast Capturing the Expertise of Cybersecurity Incident Handlers, August 2015
- New CERT Tool Speeds Artifact Extraction and Analysis. The Cyobstract Repository is on the SEI Github Page. Cyobstract is a cyber observables extraction tool that uses regular expressions on cyber incident reports. It quickly pulls indicators and other cyber information from these reports. It takes free text as input and provides relevant information for incident response (IR) in a structured format as output.
- We built another tool called Cyber Ticket Studio. Cyber Ticket Studio (CTS) is a Shiny app that enables you to link cybersecurity incident tickets and view interactive visualizations of the incident data. CTS helps you identify previously unknown connections among reported cybersecurity incidents.
- you can download a copy of the OWL file for of our insider threat indicator ontology
Student Advisory
- I sometimes serve as a thesis advisor to graduate students working on cybersecurity, formal methods, ontologies, and more.
- 2020 - Florida Institute of Technology Enhancing Cybersecurity by Generating User-Specific Security Policy through the Formal Modeling of User Behavior
- 2019 - Florida Institute of Technology Assume-Guarantee Reasoning Using a Cyber Security Ontology
- 2017 - CMU - I was a co-customer (with Scott Fahlman) for a capstone project for a group students in the CMU MITS masters program called “Security Detection Using Scone.” The students used a high performance open source knowledge base (KB) system called Scone to describe an organization and its system details. The system details included a range of systems and their components, connections, software, versions, packages, etc.), some set of cyberthreat vulnerabilities, and then be able to watch and alert on potential internal problems that should be addressed based upon external cyberthreat news. The students posted a demo video of their project on Youtube
Teaching
I also teach as an adjunct instructor on cybersecurity and related topics
- Adjunct instructor at Carnegie Mellon University in the Heinz College. I teach 95-810 Blockchain Fundamentals. (2020 - ongoing)
- Adjunct instructor at Carnegie Mellon University in the Information Systems Department. I teach 67-309 Special Topics: Information Assurance. (2018 - ongoing)
- Adjunct instruct in the West Virginia University Honors college. I taught a class on Internet Information Security (Spring 2019)
- Instructor for the CERT Foundations of Incident Management (FIM is a 4-5 day workshop on incident handling for cybersecurity professionals)
- Instructor and co-designer for the CERT Advanced Incident Handling Course (AIH follows FIH and is a 4 day workshop on incident handling for cybersecurity professionals))
- Helped to develop, run, and present an “Incident Handling Exercise” at the International Cyber Defense Workshop (June 2013). You can read about the 2013 ICDW program here.
- Helped develop a CERT training course on Information Sharing for CSIRTs and other types of training as well.
Conferences and Panels
- I am serving as a co-editor for a special edition of the “Digital Threats: Research and Practice (DTRAP)” ACM Journal for Incident Response (2023 - ongoing)
- I am serving as a publicity co-chair for the 2020 IEEE 21st International Conference on Information Reuse and Integration for Data Science. The conference will be held August 11 - August 13, 2020 at the Tuscany Hotel, Las Vegas, Nevada, USA.
- I served on the Threat Model Panel for the Critical Security Controls (CSC) in 2015. The Threat Model Task Panel ensured [the CSC] reflected real attacks and threats, driven by the knowledge of the participants and the enterprises they represent. The panel also examined the process, surveyed and worked with available threat information sources, and created stronger, more formal linkage between authoritative threat data, the Critical Security Controls (CSC), and Risk Management Frameworks which have or imply use of such threat models. Note: After a merger with the Center for Internet Security, the CSC are now know as the CIS.