2026 Trusted CI Fellows Program: Expanding Knowledge and Networks

The Trusted CI Fellows program is now accepting applications from professionals and post-doctoral researchers looking to build practical cybersecurity skills for science and engineering. Fellows benefit from online workshops, mentorship, networking, and attendance at the NSF Cybersecurity Summit with travel support included. The application deadline is June 30, 2026. Interested applicants can reach out to fellows@trustedci.org with any questions and apply here. 

Over the next month, we will be highlighting this year's cohort of fellows. 

As a Senior Computational and Data Science Research Specialist in the High-Performance Computing (HPC) User Services Group at the San Diego Supercomputer Center (SDSC) at the University of California, San Diego, Martin Kandes helps provide user support services for supercomputers funded by the National Science Foundation (NSF), contributes as co-Principal Investigator to research and development projects, and is an instructor for two CyberTraining programs. However, while cybersecurity is critical to everything he does, he is not a cybersecurity professional. This is why he sought out the expertise and community of the Fellowship program through Trusted CI, the NSF Cybersecurity Center of Excellence.

“I am no expert in cybersecurity. However, I do often play one to the students, faculty, staff, and other researchers who utilize the Continuous Integration (CI) and HPC resources we provide,” jokes Kandes. “Through the Trusted CI Fellowship program, I am hearing different perspectives and learning how different cybersecurity professionals think about the types of problems that I see day-to-day. It has been eye-opening.” 

The Trusted CI Fellowship program empowers members of the scientific community with basic knowledge of cybersecurity and an understanding of Trusted CI’s services through virtual and hands-on training sessions, attending the NSF Cybersecurity Summit, and other resources. As part of the Fellowship program, Kandes is particularly interested in expanding his ongoing long-term research project for possible presentation at this year’s Cybersecurity Summit. 

For over five years, Kandes and Scott Sakai, who participated in the Trusted CI Cybersecurity Framework Cohort Program, have been running a Jupyter Notebook service for the users on the SDSC’s HPC systems. Sakai, who recently moved to a new position at Berkeley Lab, had been in charge of the security side of the project, managing and maintaining a reverse proxy service. Kandes hopes to use his Fellowship to strengthen his technical knowledge of cybersecurity technologies — such as reverse proxies — areas where he feels less confident, with the goal of continuing to advance the Jupyter notebook service.

But it is the Trusted CI community itself that is invaluable for Kandes. “I also would love to have some people in the Trusted CI community look at this project and give feedback on the security architecture as I still feel like a novice,” says Kandes, who also recently submitted a new CyberTraining proposal to the NSF. The 13-part webinar course teaches users new to HPC systems how to run their research workloads on these systems, highlighting security tips.

“Having the perspective of the cybersecurity professionals through Trusted CI will also help me bring that into the project and help this project move forward,” says Kandes.

Written by Heather Bourbeau. Originally posted on the Sustainable Horizons Institute's website on June 16 and republished with permission.

2026 Trusted CI Fellows Program: Better Teaching Through Expert Engagement

The Trusted CI Fellows program is now accepting applications from professionals and post-doctoral researchers looking to build practical cybersecurity skills for science and engineering. Fellows benefit from online workshops, mentorship, networking, and attendance at the NSF Cybersecurity Summit with travel support included. The application deadline is June 30, 2026. Interested applicants can reach out to fellows@trustedci.org with any questions and apply here. 

Over the next month, we will be highlighting this year's cohort of fellows. 

As a professor at a regional state university, Nitin Sukhija, Professor and Director of Center for Cybersecurity and Advanced Computing at Slippery Rock University of Pennsylvania, did not think he would be accepted into a program like the Fellowship Program with Trusted CI, the National Science Foundation (NSF) Cybersecurity Center of Excellence. However, at the 2025 Practice and Experience in Advanced Research Computing (PEARC) conference, he met Sustainable Horizons Institute (SHI) staff, who encouraged him to apply. The rest, they say, is history.

The Trusted CI Fellowship Program empowers members of the scientific community with basic knowledge of cybersecurity and an understanding of Trusted CI’s services. “I thought I could never apply, that the program was only open to researchers affiliated with the NSF or R1 or R2 institutions,” says Sukhija. “This program does justice to its goal of expanding the reach of cybersecurity awareness to all regions.”

Sukhija notes that at a regional university, there is a need for faculty who can explore mechanisms and current industry standards of securing large-scale data and computing cyberinfrastructure and then teach those to their students and other researchers. 

“Given the dynamic nature of my core domain, to be able to teach well, I need to understand the latest topics and challenges,” says Sukhija, whose own research is focused on cyber-resilience and scientific computing. “Through the Trusted CI Fellowship Program, we meet experts face-to-face and discuss current topics and issues. These experts give us perspectives I might not be exposed to through my academic setting. I can see what is missing in my teaching or in my research.” 

The Trusted CI Fellows Program has opened invaluable professional and intellectual doors for Sukhija, forging connections that have enriched his career. His participation has also served as a powerful example for his students, demonstrating what they themselves can achieve. Following his example, two of his students applied for the NSF Trusted CI Scholars Program for 2026–2027, and one was selected.

Sukhija continues to share his knowledge and expand his network beyond his own university. Since he became a Trusted CI Fellow, Sukhijia has given several talks, including a tutorial at a regional cybersecurity summit on quantum machine learning (QML) applied to cybersecurity education. His tutorial explored how making experiential modules can help students learn real-world scenarios and QML for cybersecurity.

“Through this program,” Sukhija says, “I had more exposure to research topics in seven months than going to conferences for five years.”

Written by Heather Bourbeau. Originally posted on the Sustainable Horizons Institute's website on June 9 and republished with permission.

Incorporating AI-Targeted Questions into the Vendor Procurement Process

As artificial intelligence becomes embedded in both operational technology (OT) and traditional IT products, procurement teams face a growing challenge: how to evaluate the security, privacy, and risk implications of AI-driven capabilities before purchase. Fortunately, there are established tools designed to make this process more structured and effective, and recent updates make these tools even more valuable.

When procuring products that include artificial intelligence or machine learning capabilities, procurement teams should refer to the AI-specific section of the HECVAT (Higher Education Community Vendor Assessment Toolkit). Originally developed to help higher education institutions assess vendor risk, the HECVAT has evolved to address modern concerns, including those introduced by machine learning and AI-enabled systems.

The HECVAT is distributed as an Excel workbook containing multiple worksheets/tabs. The HECVAT "AI" tab was added in version 4 and provides a structured set of security and privacy questions designed to evaluate how a vendor develops, secures, and manages its AI systems. This includes areas such as data handling, model training, access controls, bias management, transparency, and incident response. The AI tab goes beyond traditional security assessments by asking vendors to disclose how a product uses AI, what data it processes, how models are trained, and what safeguards are in place to prevent misuse or unintended outcomes. This level of insight is especially important when evaluating both OT and IT systems, where AI features may not always be obvious but can introduce significant risk. Examples of systems using AI features introducing risk might include “smart,” “adaptive,” or “intelligent” features on new HVAC devices, security cameras, and door locks. Such systems could track potentially sensitive information, such as user behavior, and upload that data to the cloud for analysis.

Trusted CI has recently updated its Guide to the Use of the Vendor Procurement Matrix. The latest update explicitly references the HECVAT AI tab, reinforcing its importance as part of a comprehensive vendor assessment strategy. By requiring vendors to complete the HECVAT AI tab as part of procurement workflows, especially when using the Trusted CI Vendor Procurement Matrix, organizations can ensure they are asking the right questions at the right time.

Using the HECVAT AI tab helps procurement teams identify risks that may not be covered by traditional security reviews, such as unauthorized model access, exposure of sensitive training data, or weaknesses in third-party AI services. By requiring vendors to complete the HECVAT AI tab, institutions can ensure a more consistent and thorough evaluation of AI-related risks across products.

This capability is particularly relevant in environments where AI is increasingly embedded in critical functions, from predictive maintenance tools in OT systems to AI-powered analytics platforms in IT environments. Understanding these underlying AI components is essential to maintaining security, privacy, and operational integrity.

If you have questions or suggestions on this topic, please contact Trusted CI at help@trustedci.org.

2026 Trusted CI Fellows Program: Finding Your Voice and Being Heard

The Trusted CI Fellows program is now accepting applications from professionals and post-doctoral researchers looking to build practical cybersecurity skills for science and engineering. Fellows benefit from online workshops, mentorship, networking, and attendance at the NSF Cybersecurity Summit with travel support included. The application deadline is June 30, 2026. Interested applicants can reach out to fellows@trustedci.org with any questions and apply here. 

Over the next month, we will be highlighting this year's cohort of fellows. 

Meet Pengyin Shan

As a senior research software engineer at the National Center for Supercomputing Applications at the University of Illinois Urbana-Champaign, Pengyin Shan’s work centers on developing accessible research applications for complex datasets. While she has no background in cybersecurity, as a coder working with high-performance computing (HPC) centers, Shan recognized the urgency of developing a deeper understanding of cybersecurity needs. This prompted her to apply to the Fellowship Program at Trusted CI, the National Science Foundation (NSF) Cybersecurity Center of Excellence. 

The Trusted CI Fellowship Program empowers members of the scientific
community with different perspectives and knowledge of cybersecurity and an understanding of Trusted CI’s services through virtual and hands-on training sessions, attending the NSF Cybersecurity Summit, and other resources. “Each week brought something I had not expected, whether that was a new way of thinking about cybersecurity, an NSF program that I had not previously engaged with, or a speaker sharing timely insights from an emerging domain,” says Ms. Shan. “The format of the learning is not like a regular classroom; it is more engaging.”

The interactive approach to learning also means that Ms. Shan’s non-traditional background helps cybersecurity experts further refine their approaches to certain problems. “The gathering with previous fellows at the 2025 NSF Cybersecurity Summit truly excited me. Hearing their experiences, learning about the cybersecurity challenges they are tackling, and seeing the strong sense of collaboration within the Trusted CI community made me feel welcomed and motivated to contribute my own perspectives and experiences,” says Shan. “Now I am able to provide feedback to experts, and together we can figure out the best way to adopt some of the cybersecurity practices into the research software engineering.”

The Trusted CI Fellowship experience has also helped Ms. Shan become a better coder who pays greater attention to cybersecurity. “Previously my priority was what my collaborator or what my user wanted, but going forward, I will also consider the security perspective,” says Ms. Shan. “Like I might say to a collaborator, ‘We can twist this feature so that we not just give you a great user experience, but we also keep your data and your identity safe.’”

She is currently researching the security of research software communication channels, with a focus on how AI-mediated tools are reshaping the threat landscape. She would like to share her findings at the next Cybersecurity Summit and is developing a project to address the security vulnerabilities she identified during her fellowship.

“As a Fellow, I have learned things that I never expected to learn and have been inspired to explore topics I had never thought about before,” says Shan. “This experience has opened my mind, allowed me to connect with a great community, and broadened my future research and career options.”

Written by Heather Bourbeau. Originally posted on the Sustainable Horizons Institute's website on June 2 and republished with permission.

Trusted CI Hosts the First Regional Cybersecurity Summit at the University of Alabama

Last month, Trusted CI partnered with the University of Alabama to host the first Regional Cybersecurity Summit in Tuscaloosa. The two-day agenda (April 21st - 22nd) was modeled off our Annual Summit, with a focus on inviting a group of attendees located in the southeastern region of the US.

The two days of content were split between workshops and a poster session on day 1, and a plenary session of talks and panel discussions on day 2. Highlights on day 1 include training sessions on: security log analysis, Zeek network security monitoring software, software security, security tabletop exercises, quantum machine learning, and a Scholarship for Service panel. The day ended with a welcome reception and poster session. 

Meet the 2026 Trusted CI Scholars: Becoming the Next Generation of Cybersecurity Leaders

We are proud to introduce the 2026 Trusted CI Scholars, a group of talented undergraduate and graduate students committed to securing our digital future: Bennie Ferguson, Simon Araneda, Nolan Koch, Waratchaya Luangphairin, and Jessica Wooley.

The Trusted CI Scholars Program is more than just a training initiative; it is a gateway for emerging cybersecurity professionals to immerse themselves in the frontlines of digital defense. By providing hands-on experience and direct mentorship from the nation’s leading cybersecurity experts, we aim to equip these students with the tools necessary to build a secure and resilient digital ecosystem. 

Please join us in welcoming our  2026 Trusted CI Scholars.

From May through October, our scholars will engage in a rigorous curriculum designed to bridge the gap between academic theory and professional practice. The program includes bi-monthly webinars led by cybersecurity experts, along with opportunities for collaboration, mentorship, and applied learning. 

Now Open - 2026 NSF Cybersecurity Summit Call for Proposals

It is our pleasure to announce that the 2026 NSF Cybersecurity Summit (Oct 27-29, Irvine) Call for Proposals is now open! The Summit Program Committee seeks proposals for:

• Plenary presentations and Panel talks
• Workshops and Trainings
• Birds of a Feather (BoFs) and Project-specific meetings
• Poster session
• TLP:AMBER or RED talks 

We welcome your proposals relevant to a broad range of topics related to the operational cybersecurity of NSF cyberinfrastructure and programs. We encourage proposals that address topics impacting the NSF CI Community. These include, but are not limited to:

• Cybersecurity aspects of Research Security (Ex: The 14 NSF Critical Controls)
• Security of AI use in research environments
• Procurement, commercial tools, impacts on Controls, leverage in cybersecurity operations, etc.
• Regulatory compliance
• Securing cloud-based technologies
• Network security and defense
• HPC security
• Digital forensics and incident response
• Case studies and lessons learned
• Zero-trust architecture implementation 

More detail and guidance on submitting proposals can be found here:
https://www.trustedci.org/2026-cfp

The deadline for plenary, workshop, training, BoF, and project meeting submissions is Tuesday, June 30th. 

Poster and TLP:AMBER or RED submissions are due Monday, October 5th.

Thank you on behalf of the Program and Organizing Committees. We look forward to receiving your proposals and hope to see you in October in Irvine!