× I'm excited to announce that I have receieved MedCrypt's Fellowship for Medical Device Usable Security Research. Read the press release

   

Welcome!


Overview

I am currently a Ph.D. student in the Tufts Security & Privacy Lab studying computer security and human factors. Specifically, my research focuses on the intersection of security, cyber-physical systems, and human factors. I am particularly interested in critical infrastructure, such as medical devices and industrial control systems, and how to achieve "secure by design." When I worked on Wall St, I was investing in healthcare companies that underwent security incidents. These types of incidents were nothing new to me. While I was in college, Stuxnet was discovered, and I was in the audience when Secretary Panetta discussed the need to prioritize cybersecurity shortly after his now famous, "cyber-Pearl Harbor" speech. As I observed all this, the cogs in my head started to turn. Why is securing these systems difficult? What are the underpinning questions that impede this?

My goal is to develop technology and data-driven processes & tools that protect critical systems and allow users of these technologies, whether clinicians or energy grid operators, to focus on what they are experts on rather than worry about security.


A Brief History of Time

Before Tufts, I wore sveral different hats in a vareity of industries. I've spent the past decade working in various positions related to behavioral science. I have experience in capital markets, defense, and politics. Some highlights include: co-founding a startup that developed technology augmenting situational awareness for Army Special Forces, studying portfolio manager behavior at a prominent hedge fund (before joining a portfolio team), helping political campaigns with digital analytics, and coordinating the cybersecurity for a presidential campaign.

I was born in New York City but grew up in London. My undergraduate degree was in Government with a focus on International Financial Regulation from Georgetown; I looked at the implementation of Basel II/III in the EU and the proliferation of US-originated instruments in the European debt market. I still enjoy the occasional discussion about capital requirements and bank liquidity. I highly recommend The Ascent of Money by Niall Ferguson on the history of money and banking.

Since leaving politics as a job, I have continued to stay active in civic affairs and have worked as a poll worker for several election cycles. I enjoy going outdoors and unique adventures! Some highlights include: doing an ice skating marathon in Finland twice, winning the Hoffman Trophy at Intercollegiate Offshore Regatta my final year of university, and backpacking two sections of the Appalachian Trail. I also enjoy wine and finding the perfect pairing for any occasion, and I've been working towards becoming a Certified Sommelier.


All things Academia


Research Overview

My research focuses on how to secure critical infrastructure, both in design and in operational environments. You can think of my research as management consulting focused on medical device security professionals. I apply theories from organisational behaviour, applied behavioural psychology, and human-computer interaction to cybersecurity problems related to medical devices. This approach requires me to be knowledgeable in security, medical devices, and psychology/sociology.


Publications

Critical Infrastructure Security:

Coming soon!


Other Publications:

A Comparison of Account-Focused and Content-Focused Warnings on User Trust of Twitter Content. Ronald Thompson, Santana Koring'ura, Marshini Chetty, and Daniel Votipka. SOUPS Poster 2022. Link.


Talks, Workshops, and Conference Presentations

Hacking Healthcare (in)Security with Whiteboards. Emerging Scholars Program, Tufts University. Fall 2022.

Threat Modeling Medical Devices. CS 151: Privacy, Security, and Data, Tufts University. Fall 2022.

Ransomware & Hospitals: What cybersecurity incidents mean for patient care. Health Care Ethics, Georgetown University. Summer 2022.


Teaching

Teaching Assistant

CS 151: Privacy, Security, and Data, Tufts University. Fall 2022. Gave guest lectures on SQL and Threat Modeling.


Service

Conference Organizing

Workshop on Security Information Workers, Organizing Committee. 2022 - Pres.

Conference & Journal Reviewing

Computers & Security, Article Reviewer. 2022.

USENIX Security Symposium, Sub-reviewer. 2021 - 2023.

IEEE Symposium on Security and Privacy, Sub-reviewer. 2023.

Privacy Enhancing Technologies Symposium, Sub-reviewer. 2022.

Symposium on Usable Privacy and Security, Sub-reviewer. 2022.

ACM Conference on Computer and Communications Security, Sub-reviewer. 2021.


My Work with Industry



Partnerships & Funding

Fellowship for Medical Device Usable Security Research. MedCrypt. 2023.

Medical Device Security Co-Op (Threat Modeling and Vulnerability Management). MedCrypt. 2022 - Pres.


Publications

59 Percent Likely Hostile. Daniel Eichelr and Ronald Thompson. War on the Rocks 2020. Link.


Talks & Workshops

Threat Modeling Workshop. CyberMed Summit. November 2022.

Medical Device Threat Modeling Study. Health Sector Coordinating Council. January 2022. Link to recording.


NOTE: I have also conducted trainings with companies that are tailored specifically to their needs.