Trusted CI Webinar: No Harness, No Problem: Extending Fuzzing’s Reach via Oracle-guided Harness Generation, Monday September 22nd @ 10am Central

University of Utah's Stefan Nagy is presenting the talk, No Harness, No Problem: Extending Fuzzing’s Reach via Oracle-guided Harness Generation, on Monday September 22nd at 10am, Central time.

Please register here.

As NIST estimates that today's software contains up to 25 bugs per 1,000 lines of code, the prompt discovery of exploitable flaws is now crucial to mitigating the next big cyberattack. Over the last decade, the software industry mitigated increasing complexity by turning to a lightweight approach known as fuzzing: automated testing that uncovers program bugs through repeated injection of randomly-mutated test cases. Academia and industry have extensively studied fuzzing's three main challenges—input generation, program feedback collection, and, most critically, code harnessing—accelerating fuzzing to find many more vulnerabilities in less time. However, the critical nature of scientific computing—multi-purpose software toolkits, bespoke APIs, and high-performance environments—demands analogous advances in the vetting of scientific cyberinfrastructure. 

In this talk, I will showcase my group's research on automatic code harnessing, a key step toward making fuzzing scalable to today's complex scientific libraries. First, I will introduce our core approach Oracle-guided Harnessing: a technique that mutationally constructs and refines fuzzing harnesses using only library headers, validated through correctness oracles spanning compilation, execution, and coverage. Next, I will discuss our extensions of this approach to the C and Python library ecosystems, where it has uncovered over 70 previously-unknown security vulnerabilities and logical bugs across widely-used codebases. Finally, I will outline my vision for synergistic harnessing techniques that combine emergent large-language-model–driven methods with our Oracle-guided strategies, charting a path toward fully automatic, broadly applicable, and error-free harnessing.

Speaker Bio: 

Dr. Stefan Nagy is an Assistant Professor in the Kahlert School of Computing at the University of Utah, where he directs the FuTURES³ Lab. His work lies at the intersection of software engineering, computer systems, and security, with a focus on making automated vetting of software and systems more effective and efficient irrespective of kernel, architecture, and source code. His research frequently appears at top venues such as ICSE, USENIX Security, and ACM CCS, and has led to the discovery of more than 200 previously-unknown software bugs and security vulnerabilities (futures.cs.utah.edu/bugs). He holds a PhD from Virginia Tech and a BS from the University of Illinois at Urbana-Champaign.

---

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Secure Your Hotel Room for the NSF Cybersecurity Summit Before September 19

 

Time is running out to book your hotel room for this year's NSF Cybersecurity Summit in Boulder, CO!

The deadline to reserve your room at the discounted group rate is September 19th, and availability is limited.

Reserve your hotel room

This annual Summit brings together cybersecurity practitioners, technical leaders, and risk managers from the NSF Major Facilities and Cyberinfrastructure community. Attendees will also include key stakeholders and thought leaders from across the scientific and cybersecurity landscapes.

There is still time to register for this year's Summit—the deadline is October 6. If you have any questions or need assistance, please reach out to us.

Register for this year's Summit

We hope to see you in Boulder!

Summit Organizing and Program Committee

Trusted CI Celebrates Sixth Cohort Graduation & Opens Call for 2026 Engagement

Trusted CI’s sixth Framework Cohort, “Foxtrot”, successfully completed the six-month program of training and workshop engagement focused on learning and applying the Trusted CI Framework. The Cohort members entered the engagement with a commitment to adopting the Framework at their organizations. They then worked closely with Trusted CI to gather facility information and create validated self-assessments of their cybersecurity programs based on the Framework. Each organization also emerged with a draft Cybersecurity Program Strategic Plan (CPSP) identifying priorities and directions for further refining their cybersecurity programs. Foxtrot cohort included the following research-oriented organizations:

 ALMA  |  DERConnect  |  UC Davis  |  US ATLAS  |  ZEUS

The foundation of the cohort program is the Trusted CI Framework. The Framework was created as a minimum standard for cybersecurity programs. In contrast to cybersecurity guidance focused narrowly on cybersecurity controls, the Trusted CI Framework provides a more holistic and mission-focused standard for managing cybersecurity. For these organizations, the cohort was their first formal training in the Trusted CI Framework “Pillars” and “Musts” and how to apply these fundamental principles to assess their cybersecurity programs.

Feedback on the program from cohort participants has been strongly positive:

"Participating in the Trusted CI Cohort was an excellent experience and brought significant value to our team. As a research group working at the intersection of the power grid and renewable energy, cybersecurity is critical for both our daily operations and the broader transition to smarter, more connected technologies. The cohort facilitators provided expert guidance and a practical framework that helped us clarify our cybersecurity risks, baseline controls, stakeholder responsibilities, and more. Through their collaborative and thorough approach, we developed an actionable, strategic plan and gained a holistic understanding of our security posture. With this training, we feel empowered and better prepared to implement a robust cybersecurity program, strengthening both our research and industry collaborations."

 - Keaton Chia, R&D Engineer and Project Manager, DERConnect 

 

 2026 Framework Cohort Call for Participation Open

Trusted CI has a few spots left for the 2026 Framework Cohort engagement (starting January 2026). To learn more or to submit the interest form for your organization, visit trustedci.org/framework/cohort-participation. 

Engagement with RISC

Concurrent with leading Foxtrot, Trusted CI continued quarterly engagement with graduates of the five previous Framework cohorts through the Research Infrastructure Security Community (RISC). Trusted CI established RISC as a community of practice to provide a forum for cohort graduates to expand their cybersecurity knowledge, share experiences, and build relationships within the NSF research cyberinfrastructure community.

For more information, please contact us at framework@trustedci.org.

Registration now open: 2025 NSF Cybersecurity Summit – October 20–23 in Boulder, CO

We’re excited to announce that registration is now open for the 2025 NSF Cybersecurity Summit, taking place October 20–23, 2025, at the UCAR Center Green Campus and NSF NCAR in Boulder, Colorado.

This annual Summit brings together cybersecurity practitioners, technical leaders, and risk managers from the NSF Major Facilities and Cyberinfrastructure community. Attendees will also include key stakeholders and thought leaders from across the scientific and cybersecurity landscapes.

🔹 Explore the 2025 Program
Check out this year’s engaging sessions and speakers.

🔹 Register to Attend
Please complete your registration by October 6, 2025.

🔹 Plan Your Stay
Trusted CI has secured hotel accommodations for Summit attendees.

If you have any questions, please don’t hesitate to reach out. Please send an email to summit@trustedci.org

We look forward to seeing you in Boulder this October!

Trusted CI Webinar: Securing Medical Imaging AI Models Against Adversarial Attacks, Monday August 25th @ 10am Central

University of Pittsburgh's Shandong Wu is presenting the talk, Securing Medical Imaging AI Models Against Adversarial Attacks, on Monday August 25th at 10am, Central time.

Please register here.

While AI is increasingly present in clinical practice especially for medical imaging, it is imminent to ensure cybersecurity of imaging diagnostic AI models. Newly advanced adversarial attacks pose a threat to the safety of medical AI models, but little is known about the characteristics of this threat. Medical adversarial attacks may lead to serious consequences including patient harm, liability of healthcare providers, and other ethical issues or crimes. It is imperative to study this cybersecurity issue to mitigate potential negative consequences and to ensure safety of health care. In this talk, the speaker will discuss cyber vulnerabilities of deep learning-based medical imaging diagnosis models under adversarial attacks, show real-world experiments on how adversarial attacks can fool AI models to decrease diagnosis performance and to confuse experienced radiologists, and present several methods of defending adversarial attacks to secure AI models in medical imaging applications.

Speaker Bio: 

Shandong Wu, PhD, is a Professor in Radiology, Biomedical Informatics, Bioengineering, and Intelligent Systems at the University of Pittsburgh. Dr. Wu leads the Intelligent Computing for Clinical Imaging (ICCI) lab, and he is the founding director of the Pittsburgh Center for AI Innovation in Medical Imaging. Dr. Wu’s work focuses on developing trustworthy medical imaging AI for clinical/translational applications. Dr. Wu's lab received multiple research awards such as the RSNA Trainee Research Award twice in 2017 and 2019, the 2021 AANS Natus Resident/Fellow Award for Traumatic Brain Injury, the 2025 SPIE Imaging Informatics Best Paper Award, etc. Dr. Wu’s research is supported by NIH, NSF, multiple research foundations, Amazon AWS, Nvidia, and many institutional funding sources. Dr. Wu has published > 190 journal papers and conference papers/abstracts in both the computing and clinical fields. His research has been featured in hundreds of scientific news reports and media outlets in the world. 

---

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Trusted CI visits IceCube

Trusted CI staff member Megha Moncy holding one of the many hard drives shipped back from the South Pole containing neutrino research data

 

"Have you ever held $300,000 in your hands?" At least that's the way Steve Barnet put it as he allowed us to hold one of the hard drives that had been shipped back from the main IceCube Neutrino detector in Antarctica. Steve is the IT manager for the IceCube Neutrino Detector, which is an NSF Major Facility allowing scientists from around the globe to study neutrinos. Steve estimates that each drive shipped back has around $300,000 worth of scientific data on it, based on the cost of collecting the data.

In June 2025, members of the Trusted CI team took the opportunity to tour the IceCube Neutrino Detector data center and development facility at the University of Wisconsin - Madison. The team learned about the custom designed sensors and equipment that make up the 1 cubic kilometer detector buried under 1.5 km of ice at the South Pole.
Because the detector produces about 1TB per day of data, and satellite communication to the South Pole is limited, it's still far more efficient to ship hard drives back to the lab after a season of data collection at the detector is finished. However, because the data is so valuable, they write the data to at least two separate arrays of hard drives and ship them on separate logistical channels in case of catastrophe during shipment.

Steve Barnet (right), giving a tour of the IceCube development facility.

The IceCube data center in Madison also simulates the layout of the facility in Antarctica so that they can better plan any changes made to the infrastructure and to be sure that equipment that is shipped down to the South Pole facility will fit around corners, be compatible with installed equipment, and have enough power.

The IceCube sensors, which are called "digital optical modules", are about the size of a basketball but surprisingly weigh more than a bowling ball. Most of the weight is owed to the thick glass in each sensor pod that shields the sensitive electronics and photomultipliers from the 1 to 2 kilometers of ice that sit above them. The unique sensors were designed and built by several institutions within the international IceCube Collaboration to withstand the extreme environment of Antarctica. 

Trusted CI staff member Mark Krenz holding one of the digital optical modules.

Neutrinos are a fundamental particle generated by the universe's most extreme events such as supernovae and black holes. They travel in straight lines from their origin through the universe, passing through ordinary matter. As neutrinos pass through the Earth from all directions, including through the core of the planet, neutrinos whose path takes them through the south pole IceCube detector pass through the large cubic kilometer of ice making up the array. Most of them pass right through the detector without any interaction, but occasionally they hit an atom in the ice and generate secondary charged particles which travel through the ice faster than light travels through ice. This produces Cherenkov radiation, which creates a blue flash of light. This blue light phenomenon of Cherenkov radiation is what the photomultipliers actually detect.

 

IceCube's testing and development array of sensors.

The facility also has a test array of sensors that are not encased in glass and stacked closely together that allow IceCube staff to run tests and diagnostics on the electronics before performing the same operations on the production sensor array. This reduces the chance of an incident that damages the entire array, "which would be bad", according to Steve (he likes understatement). Availability is a crucial security requirement for the IceCube array, and one of the threats against the sensors continuing to function is the extreme cold damaging the electronics inside. If the array loses electricity, it would only be a matter of a day or so before large parts of the array would become unrecoverable. Thus, it is important that a generator powering the array in Antarctica run continuously uninterrupted over the lifetime of the experiment. Trusted CI benefits from visiting the IceCube facility by seeing the equipment and better understanding the processes used to program, deploy, and protect the equipment from a variety of security threats. 

Trusted CI Webinar: TIPPSS to improve Trust, Identity, Privacy, Protection, Safety and Security for Cyberphysical Systems, Monday July 28th @ 10am Central

Northeast Big Data Innovation Hub's Florence Hudson is presenting the talk, TIPPSS to improve Trust, Identity, Privacy, Protection, Safety and Security for Cyberphysical Systems, on Monday July 28th at 10am, Central time.

Please register here.

The challenge of providing end to end trust and security for operational technology systems has been a growing challenge and increasingly imperative. An IEEE effort was begun in 2016 to tackle that challenge, resulting in the publication of the first IEEE/UL TIPPSS standard (IEEE/UL 2933-2024) and the awarding of the 2024 IEEE Standards Association Emerging Technology Award to the TIPPSS standard working group.  The goal of the TIPPSS standard, which is envisioned to be a family of standards, is to improve Trust, Identity, Privacy, Protection, Safety and Security (TIPPSS) for cyber-physical systems, beginning with Clinical Internet of Things and expanding to research infrastructure, the energy grid, distributed energy resources, and more. In this webinar we will discuss the initial IEEE/UL TIPPSS standard for clinical IoT data and device interoperability, the details of the technical and process elements of the standard, and the opportunity to apply it to all operational technology. Future TIPPSS presentations planned include "TIPPSS for navigating a changing cybersecurity landscape at the Electron-Ion Collider and other scientific research facilities" in collaboration with Brookhaven National Laboratory at the ICALEPS 2025 conference (The 20th International Conference on Accelerator and Large Experimental Physics Control Systems) September 20-26, 2025 in Chicago, bringing the TIPPSS discussion to research infrastructure and the IT systems that support it. Trusted CI's initiatives in Secure by Design and the Trusted CI Operational Technology Procurement Vendor Matrix are very complementary to the TIPPSS initiative, and there is more we can do as a community in this effort together. Join us to discuss the imperatives and possibilities.

Speaker Bio: 

Florence Hudson is Executive Director of the Northeast Big Data Innovation Hub at Columbia University, leading over $10M in projects funded by the National Science Foundation, National Institutes of Health, and Department of Transportation. She is also Founder & CEO of FDHint, LLC, a global advanced technology consulting firm. A former IBM Vice President and Chief Technology Officer, Internet2 Senior Vice President & Chief Innovation Officer, Special Advisor for the NSF Cybersecurity Center of Excellence, and aerospace engineer at the NASA Jet Propulsion Lab and Grumman Aerospace Corporation, she is an Editor in Chief and Author for Springer, Elsevier, Wiley, IEEE, and other publications. She leads the development of global IEEE/UL standards to increase Trust, Identity, Privacy, Protection, Safety and Security (TIPPSS) for connected healthcare data and devices and cyberphysical systems, and is Vice Chair of the IEEE Engineering Medicine & Biology Society Standards Committee. She earned her Mechanical and Aerospace Engineering degree from Princeton University, and executive education certificates from Harvard Business School and Columbia University.

IEEE Emerging Technology Award

IEEE 2933 Working Group Leadership Team

---

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Applications are now open for the 2025 Trusted CI Fellowship!

We’re excited to announce that applications are now open for the 2025 Trusted CI Fellowship. This is your chance to receive expert training, work closely with Trusted CI members, and further empower the NSF community to secure its own research.

Click here to learn more about the Fellows program and to view our past Fellows

Click here to apply for the program

The application deadline is Thursday, July 31, 2025

Trusted CI’s past Fellows have been an amazing success with 35 Fellows from various fields, including:

Research Technologies
Astrophysics
Criminal Justice
Network and Combinatorial Optimization
and Computer Engineering

Fellowship Benefits:

• Participation in Virtual Cybersecurity Institute Training Workshops
• Receive funding to attend the 2025 NSF Cybersecurity Summit
• Access to Trusted CI staff and other Cybersecurity professionals

Participation in the Fellows program will occur from October 2025 to April 2026.

Now Open - 2025 NSF Cybersecurity Summit Call for Participation

 

It is our pleasure to announce that the 2025 NSF Cybersecurity Summit (Oct 20-23, Boulder) Call for Participation is now open! The Summit Program Committee seeks proposals for:

• Plenary presentations and Panel talks
• Workshops and Trainings
• Birds of a Feather (BoFs) and Project meetings
• Poster session
• TLP:RED talks 

We welcome your proposals relevant to a broad range of topics related to the operational cybersecurity of NSF cyberinfrastructure and programs.  However, we encourage proposals that address topics highly ranked by the NSF CI Community. These include: 

• HPC security
• AI in cybersecurity:  Practical use in operational security and/or  balancing automation and oversight
• Network security and defense
• Regulatory compliance
• Staying on top of emerging threats (how-to guide)
• Pros and cons of federal, academic, and private research funding
• Digital forensics and incident response (case studies)
• Zero-trust architecture implementation
• Security of research IOT
• Adjusting your cybersecurity program during cuts

More detail and guidance on submitting proposals can be found here:
https://www.trustedci.org/2025-cfp

The deadline for plenary, workshop, training, BoF, and project meeting submissions is Monday June 30th. 

Poster session submissions are due September 5th. TLP: RED submissions are due October 10th. 

Thank you on behalf of the Program and Organizing Committees. We look forward to receiving your proposals and hope to see you in October in Boulder!

Trusted CI Webinar: Towards Practical Confidential High-Performance Computing, Monday June 23rd @ 10am Central

Indiana University's Chenghong Wang is presenting the talk, Towards Practical Confidential High-Performance Computing, on Monday June 23rd at 10am, Central time.

Please register here.

The democratization of high-performance computing (HPC)—driven by a paradigm shift toward cloud-based solutions—has unlocked unprecedented scalability in data sharing, interdisciplinary collaboration, and large-scale analytics. Yet, despite these advancements, the lack of strong privacy protection mechanisms, particularly for sensitive or regulated data, remains a significant barrier preventing critical domains from fully leveraging cloud HPC. In this webinar, I will present our group’s research toward enabling a practical confidential HPC paradigm—one that empowers HPC providers to securely process sensitive workloads with provable security and privacy guarantees.
 

My talk will be structured around three key pillars that underpin our approach: practical data-in-use security, data governance and compliance, and usability. First, I will introduce our vision for a next-generation trusted execution environment (TEE) architecture tailored for HPC—designed to deliver HPC-grade efficiency for large-scale, parallel workloads, while upholding strict data-in-use security guarantees. Second, I will discuss how we leverage formal methods to validate compliance with complex governance and data-sharing policies—ensuring that even dynamic, multi-party workloads can remain policy-aligned. Finally, I will share our ongoing work in developing new usability frameworks and programming abstractions designed to make confidential computing accessible to domain scientists—lowering the barrier for adoption without requiring expertise in cryptography or secure systems.

Speaker Bio: 

Chenghong Wang is an Assistant Professor in the Luddy School of Informatics, Computing, and Engineering at Indiana University Bloomington. He is a core faculty member of the Security and Privacy in Informatics, Computing, and Engineering (SPICE) group and affiliated with the NSF Center for Distributed Confidential Computing (CDCC). His research focuses on building full-stack solutions for privacy-preserving data sharing and analytics (PPDSA), bridging theory, systems, and architectural design. His work spans trusted execution environments, differential privacy, applied cryptography, and secure data systems. Dr. Wang's research has been published in premier venues across systems, security, and AI, including SIGMOD, VLDB, USENIX Security, MICRO, NeurIPS, IJCAI, ICCV, and EMNLP. Beyond his core focus, he actively collaborates across disciplines, contributing to projects in AI, machine learning, hardware systems, healthcare, and biomedicine. He received his Ph.D. in Computer Science from Duke University, where he was advised by Prof. Ashwin Machanavajjhala and Prof. Kartik Nayak.

---

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

2025 NSF Cybersecurity Summit Topics and Travel Plans

Help shape the Summit program by selecting the content you want to learn more about. You can suggest new topics in the comment field. We also want to hear more about your travel plans this year.

Thank you for your time!

https://forms.gle/1aavqtYvvLRuLJCo7
This form will close on Tuesday, May 27th at 5pm Eastern.

To learn more about the Summit, go to: https://trustedci.org/summit 

2025 Trusted CI Student Program Cohort Announced

The Trusted CI Student Program provides undergraduate and graduate students with hands-on experience, mentorship, and opportunities to learn how to build a secure and resilient digital future. Our program allows them to connect with the nation’s leading cybersecurity experts and equips them with the skills and knowledge necessary to succeed in the increasingly critical field of cybersecurity.

We are pleased to announce the 2025 Trusted CI Student Program cohort. Over the next six months, our students will learn about essential cybersecurity topics from Trusted CI experts. They will attend bi-monthly webinars from May to October, covering cybersecurity topics, soft skills, and career prep. This year’s cohort includes graduate students with interests in financial security, risk assessment, governance policy, and high performance computing. Read more about their backgrounds and what they hope that they will learn during their time with Trusted CI:

Saquoia Cox is a graduate student studying cybersecurity with a background in Accounting and Business Administration. She currently works as a Senior Accounting Analyst at The Walt Disney Company and serves as a peer mentor supporting students across various disciplines. Saquoia is passionate about the intersection of cybersecurity, finance, and digital ethics. She aims to help organizations safeguard both their data and financial integrity.

Kofoworola Idowu is a graduate student in cybersecurity at Yeshiva University, passionate about protecting digital assets and staying ahead of emerging threats. With a strong foundation in systems administration, risk assessment, and vulnerability management, she is excited to bring her skills and enthusiasm to the Trusted CI Student Program and contribute to its vibrant community. When she is not diving into the world of threat analysis and security protocols, you can find her trying out new hobbies or dancing. She is looking forward to collaborating, learning, and growing with like-minded individuals.

Trina Locklear is a doctoral student in the Computer Science department at The  University of Alabama. She is also a member of the Lumbee Tribe of North Carolina. Her research interests include software security in high performance computing. She is a former GAANN fellow and intern at Lawrence Livermore National Laboratory. She loves to bake and southern pound cake is her speciality.

Konstantin Metz is a graduate student in cybersecurity at the University of Central Florida, where he is pursuing an M.S. in cybersecurity and privacy as a CyberCorps Scholarship for Service recipient. His academic research centers on human-computer interaction, with a focus on dark patterns and digital accessibility for individuals with vision impairments. He holds a Bachelor of Science in information technology with a minor in cybersecurity and strategic communications within public relations from Nova Southeastern University. Metz has held technical and analytical roles in both the U.S. government and private sector, concentrating on incident response, cloud security, and systems administration. A bilingual speaker of German and English, he is a prospective Ph.D. student, whose research interests include governance, risk and compliance, cybersecurity policy and law, and the implementation of cloud infrastructure. In his free time, he enjoys exploring emerging technologies in health care, supporting his communities, cooking, and traveling.

Trusted CI Webinar: Conducting Responsible Human-Centered AI Research, Monday May 19th @ 10am Central

Clemson University's Bart Knijnenburg is presenting the talk, Conducting Responsible Human-Centered AI Research, on Monday May 19th at 10am, Central time.

Please register here.

With the recent rise of LLMs, it becomes increasingly possible (and necessary) to conduct human-subjects studies with AI tools. However, integrating AI in human-subjects research raises concerns about participant privacy, safety, and the confidentiality of research data. These concerns are exacerbated by the fact that many AI researchers have limited experience with human-subjects research, and most ethics review boards (e.g. IRBs) have little knowledge about AI.

In this talk, I present findings from a series of investigations into human-centered AI research studies: our team systematically reviewed AI-related studies published at the ACM SigCHI conference, we interviewed researchers who conducted human-subjects studies with LLMs, and we conducted a scenario-based study to unpack study participants' opinions about AI-based research.  

We find that (1) many papers lack important details about basic study parameters, (2) researchers often fail to disclose the use of LLMs to research participants, and (3) participants are sensitive to study parameters like anonymization, data retention and consent, but are unaware of the threats of third-party data sharing and of data leakage through model training. I will discuss these findings, and more, during the talk.

Speaker Bio: 

Dr. Bart Knijnenburg is an Associate Professor in Human-Centered Computing at Clemson University where he co-directs the Humans And Technology Lab (HATLab). His research explores the societal, social, and psychological aspects of human interaction with intelligent systems. His research has been funded by the NSF (including a CAREER award), the Department of Defense, the Department of Education, the Department of Justice, and corporate gifts.

---

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Trusted CI Member Spotlight: Rick Wagner

Rick Wagner is the Chief Technology Officer of the San Diego Supercomputer Center (SDSC), a facility based at UC San Diego. 

Rick has been interested in many topics, including astrophysics, high performance computing, and cybersecurity. But, over time, he’s learned that he’s got one real passion: understanding how researchers use technology to achieve their research goals. He’s been a part of Trusted CI since 2021, when he served as a Trusted CI Fellow. We recently talked with Rick to learn more about his professional journey and work with Trusted CI’s programs.

Intro

How do you become the chief technology officer for a supercomputer center? Rick laughs and replies, “You do that by studying astrophysics and being very, very good with computers." He started by attending San Diego Mesa Community College, where he discovered an initial interest in physics. At UC San Diego, as an undergraduate, he worked with a professor who became his research advisor. From there, Rick became interested in studying turbulence in outer space. "That meant I had to do a lot of data analysis and parallel computing,” Rick explains, “I enjoyed working with the computers and those two things dovetailed.”

At the crossroads of cybersecurity and computer science

While in graduate school at UC San Diego, Rick started to work in the high performance computing clusters at SDSC. Eventually, he worked his way up and became the High Performance Computing System Manager. More and more, Rick was working closely with SDSC security engineers. While he enjoyed these interactions, he noticed that there was sometimes tension between his colleagues and the cybersecurity staff. Rick found that by bringing the security engineers into the systems management process, things got smoother, particularly by asking the security team to help manage the system configuration through the same DevOps process as the systems group.

After graduating, Rick also worked with the University of Chicago, as part of Globus, a research data management platform that connects over 150,000 users. In his new role, he helped groups develop portals. At one point, while working on building services for a federal agency, Rick saw cybersecurity professionals and research staff struggle to communicate once again. Suddenly, he had a realization. Both groups shared a common goal but viewed the project through two different lenses. “Somebody needed to be the mediator between those two groups,” Rick explains, “And that project really was what cemented my activity to be like, I know how to do this. I know how to align the cybersecurity and research needs, and communicate that in a way both groups can understand.” Rick saw a gap and realized he had the necessary skills to bridge the cybersecurity and research community.

Getting involved with Trusted CI

While at Globus, Rick started to hear about Trusted CI. Globus relied on CILogon, a service run by Jim Basney, and there were many overlaps between the communities (e.g., Trusted CI reviewed the Globus software stack).

After returning to work at UCSD, in 2020, his supervisor suggested Rick apply to the Trusted CI Fellows Program. Rick joined the 2021 cohort and quickly saw the value of working with a small, dedicated group. Rick notes that, because it was COVID times, the group grew very tight-knit and frequently met over ZOOM to talk about common interests and lessons learned. “The idea,” Rick observes, “is that [fellows] can reach out and talk to each other….[the fellowship] is a way to approach building groups of people to promote a goal, in this case, research cybersecurity.”

At the time, Rick was working on a NIH project that he brought with him from UChicago back to UCSD. As Rick worked through his project, he discovered the Trusted CI Framework, a comprehensive cybersecurity resource with templates and tools that helps organizations establish and refine their programs. “It gave me a way to communicate what the project I was working on was doing,” Rick recalls, “Where we were trying to fit around the expectations of security compliance from the federal agency.” Most importantly, Rick said, “the Trusted CI Framework enabled me to say, here is our path. It's achieving our goals, it's enabling security.”

Finding a place in a research community of experts

After Rick started participating as a Fellow, he continued to volunteer and work with the Trusted CI community. Between 2023 and 2024, he was a NSF Cybersecurity Summit Program Committee member. In that role, Rick helped to shape the NSF Cyber Security Summit’s program helping to select keynote speakers, review community proposals and make suggestions on the program flow.

He continues to be involved in the Trusted CI Fellows Program as a moderator of the yearly panel at the Summit. Rick also organizes workshops at the Summit. In one regular session, he collaborates with Mark Krenz on a combined tutorial and workshop about approaching security for Jupyter Notebooks. Rick fondly remembers the very first workshop, held at the Summit in San Diego in 2019. “The attendees were able to give us feedback,” he recalls, “Like, Hey, I'm a security engineer and users are asking for me to deploy this, and I don't understand how it works. And I'm like, oh, you're right. I could see how that's a challenge.”

Rick relishes every opportunity to gather user feedback. He loves learning more about how people work with technology and how to make the process even smoother. Every day, he’s motivated by helping people feel like they’re enjoying their interactions with software and computers. Rick has found a group of similarly excited researchers, software engineers, and cybersecurity experts at Trusted CI. Rick appreciates how Trusted CI offers webinars, tools, and resources like the Trusted CI Framework. “I think it's one of the better places to turn,” says Rick, “to stay abreast of what's going on with research cybersecurity, particularly the NSF landscape.”

Are you interested in keeping track of what’s new with Trusted CI? Sign up for our announcements listserv (announce+subscribe@trustedci.org) for regular updates on upcoming webinars and tools. 

Trusted CI Webinar: The Operational Technology Procurement Vendor Matrix, Monday March 31st @10am Central

Trusted CI's Mark Krenz is presenting the talk, The Trusted CI Operational Technology Procurement Vendor Matrix, on Monday March 31st at 10am, Central time.

Please register here.

Operational Technology (OT), when installed on an organization's network, becomes part of the overall cyber attack surface for an organization. When procuring this OT, it is important for the purchasing organization to understand how it will integrate with the existing network and security controls as well as understand what new risks it might introduce. The Trusted CI Operational Technology Procurement Vendor Matrix (the Matrix) provides a prioritized list of questions for organizations to send to manufacturers and suppliers to try to get as much of this information as possible.

In this webinar, we will walk through what security issues impact OT, the role of procurement in mitigating security risks, our reasoning and process for developing the Matrix, and a walk through on how to use the Matrix at your organization. Questions and shared experiences with OT are encouraged.

TARGET AUDIENCE:
Organizational leadership, procurement department, IT, cybersecurity

The Matrix can be found at https://trustedci.org/ot-matrix

Speaker Bio: 

Chief Security Analyst Mark Krenz is focused on cybersecurity operations, research, and education. He has more than two decades of experience in system, network administration, programming, and system security and has spent the last decade focused on cybersecurity. He also serves as the CISO of Trusted CI.

---

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Trusted CI 2024 Summit Report Now Available

Last October, Trusted CI convened the 2024 NSF Cybersecurity Summit. This yearly event provides a forum for National Science Foundation (NSF) scientists, researchers, cybersecurity, and cyberinfrastructure (CI) professionals and stakeholders to share effective technical practices and brainstorm solutions to everyday challenges facing cybersecurity environment professionals. When the community comes together for the Summit, they collectively learn from each other.

The 2024 Summit was held in person in Pittsburgh, PA, at Carnegie Mellon University. Over 250 individuals attended, including representatives of 44 NSF projects. Lorrie Faith Cranor, the Director and Bosch Distinguished Professor in Security and Privacy Technologies at the Cylab Security and Privacy Institute, delivered the keynote lecture and gave suggestions on how to develop the best cybersecurity practices for users.

During the four days of the Summit, attendees could choose from various workshops, training sessions, and seminars. These included topics such as:

• How to adopt the Trusted CI Framework
• How to apply Generative AI for cybersecurity defense
• How to manage cybersecurity and ransomware risks

Interested in reading more takeaways from this year's Summit? Download the full Summit Report from https://zenodo.org/records/14866819 and read more about lessons learned from the NSF’s top cybersecurity experts.

Trusted CI and the Research Infrastructure Security Community Respond to NSF’s Draft Research Infrastructure Guide

 

Trusted CI, in collaboration with the Research Infrastructure Security Community (RISC), submitted comments to the U.S. National Science Foundation (NSF) regarding Section 5.3 of NSF’s 2025 draft Research Infrastructure Guide (RIG). These comments offer the community’s perspective on the NSF’s proposed new guidance for Major Facilities and Mid-Scales on building their cybersecurity programs.

RISC is a community of practice built by Trusted CI for NSF-funded cybersecurity professionals. RISC is composed of graduates from the Trusted CI Framework Cohort Program, who continue to gather as a community to expand their cybersecurity knowledge, share experiences, and build relationships.

For more information, please contact us at info@trustedci.org.

Trusted CI Webinar: Trusted Volunteer Edge-Cloud Computing for Scientific Workflows, Monday February 24th @10am Central

Mizzou's Prasad Calyam is presenting the talk, Trusted Volunteer Edge-Cloud Computing for Scientific Workflows, on Monday February 24th at 10am, Central time.

Please register here.

The unprecedented growth in networked edge devices (e.g., scientific instruments, sensors) has caused a data deluge in scientific application communities. The data processing is increasingly relying on distributed computing to cope with the heterogeneity, scale, and velocity of the data. At the same time, there is an abundance of low-cost computation resources that can be used for “volunteer edge-cloud computing” (VEC), where collaborators in a community (e.g., bioinformatics, manufacturing) contribute their resources to form a distributed infrastructure to execute scientific workflows. In this talk, a VEC management reference architecture and a related framework implementation will be presented for support of trusted resource allocation in VEC environments for scientific data-intensive workflows. We demonstrate how our novel scheduling approach optimizes task allocation on VEC nodes by balancing workflow requirements and resource preferences, improving latency, task completion times, and resource utilization efficiency. Lastly, we outline our recent efforts to ensure privacy-preservation of the scientific workflow execution in VEC environments by adopting principles from the confidential computing paradigm.

Speaker Bio: 

Prasad Calyam is a Curators’ Distinguished Professor and the Greg L. Gilliom Professor of Cybersecurity in the Department of Electrical Engineering and Computer Science at University of Missouri-Columbia, and Director of the Center for Cyber Education, Research and Infrastructure (Mizzou CERI). His research and development areas of interest include: Cloud Computing, Machine Learning, Artificial Intelligence, Cyber Security, and Advanced Cyberinfrastructure. He has published over 235 peer-reviewed papers in various conference and journal venues. As the Principal Investigator, he has successfully led teams of graduate, undergraduate and postdoctoral fellows in Federal, State, University and Industry sponsored R&D projects sponsored by National Science Foundation, Department of Energy, National Security Agency and others. His basic research and software on multi-domain network measurement and monitoring has been commercialized as ‘Narada Metrics’.

---

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Trusted CI: Relaunching and Expanding the Student Program

As cybersecurity continues to grow in importance across the scientific community, the need to cultivate the next generation of cybersecurity leaders is more critical than ever. Trusted CI is proud to announce the relaunch and expansion of its Student Program, designed to provide students with very useful insights, mentorship, and hands-on experiences in cybersecurity while fostering a cybersecurity workforce for all. Applications for the 2025 cohort open on February 3, 2025.

Why the Student Program Matters

For over a decade, Trusted CI has significantly impacted the NSF community by equipping researchers and institutions with comprehensive cybersecurity knowledge and resources. Our analysis revealed opportunities to extend this impact by engaging students from a wider range of academic fields, such as those in the NSF Education and Human Resources (EHR) and Biological Sciences (BIO) Directorates, as well as reaching out to new institutions not currently engaged in cybersecurity programs. The Student Program aims to ensure that perspectives from across all disciplines and institutions contribute to shaping the future of cybersecurity.

Alumni Insights: Mentorship and Impactful Experiences in Cybersecurity

On the Mentor Program

Sandra Darkson - University of New Haven, MS in Cybersecurity and Networks
“My mentor (Carolyn Ellis) is really one of a kind; she is among those few individuals who sees the potential in me and, at the same time, believes so much in me that this belief drives me to work harder, and strive for excellence. I am so fortunate enough to have her as my guide and mentor on my path.”

On the Poster Session

Nana Sarfo Dwomoh - Sam Houston State University, MS Information Assurance & Cybersecurity
“The 2024 NSF Cybersecurity Summit was a big, unforgettable platform for me as a Cybercorp  Scholar, where I presented my poster, "Defending Electoral Integrity in the Age of Cyber Warfare,"  which gave me the chance to share my research on how digital disinformation, botnets, and deepfakes are impacting elections.”

On Networking

Konstantin Metz - University of Central Florida, MS Cybersecurity and Privacy
“The event is unlike any other in the industry! It brings together industry professionals, faculty, and students from across the globe to learn, network, and collaborate on current and emerging cybersecurity issues. It gives students an unparalleled opportunity to learn and grow while showcasing some of their own work. I am honored to have been selected to present and cannot wait for next year!”

Abigail Whittle - Oregon State University, BS in Computer Science
“I had the opportunity to meet some incredibly interesting individuals. Overall, I would highly recommend this experience to other students in the future, as it was beneficial both professionally and educationally, and I took away a lot from it.”

On Capture the Flag

Dignora Castillo-Soto - Bay Path University, MS in Cyber Security
“The CTF session provided a hands-on experience that challenged my problem-solving skills. It was refreshing to participate in a group project, as collaboration helped me gain new insights that I wouldn’t have achieved working solo.”

On Summit Courses

Owen Seltzer - Northeastern University, MS Cybersecurity
“The talks and panel discussions were not only engaging but also thought-provoking, covering topics ranging from emerging threats to innovative protection strategies. As someone still exploring career paths in cybersecurity, I found the presentations particularly enlightening.”

Goals of the Program

The Trusted CI Student Program is committed to:

• Providing Foundational Knowledge: Selected students will gain practical insights into cybersecurity through workshops, mentorship, and participation in the annual NSF Cybersecurity Summit.
• Fostering Community: By actively recruiting students from a wide range of backgrounds, the program aims to create a supportive environment that values a variety of perspectives.
• Empowering Advocacy: Students will serve as cybersecurity ambassadors in their communities, equipping their peers with knowledge and connecting them with Trusted CI for more complex challenges.
• Building Long-Term Connections: Participants will join a growing network of Trusted CI alumni, opening doors to mentorship, networking, and career opportunities in the cybersecurity field.

What’s New in the Trusted CI Student Program for 2025?

The Trusted CI Student Program continues to evolve, and we are excited to share the enhancements coming in 2025! Designed to nurture the next generation of cybersecurity researchers, this program has been refined based on past participant feedback and our commitment to providing a more impactful experience. These changes reflect our goal to improve the program from what it has been and make it more valuable for the entire Trusted CI community, not just prospective students.

Larger Cohorts Over Time
While the program currently welcomes five students annually, our goal is to expand participation to 15 students in future cycles as resources allow. This growth ensures more students benefit from Trusted CI’s expertise.

Alumni Engagement
We recognize the value of long-term connections, which is why past participants will now retain access to valuable program resources and opportunities to attend the Trusted CI Summit. This fosters an ongoing learning community and professional network.

Focused Workshops and Mentorship
Students will gain deeper insights through tailored workshops and dedicated one-on-one mentorship sessions. These sessions will be led by Trusted CI staff and esteemed industry experts, ensuring a well-rounded educational experience.

Streamlined Application Process
To provide a holistic evaluation of applicants, the revised application process will require a personal statement, a professional biosketch, and letters of support. This approach ensures we select students who are not only qualified but also deeply passionate about cybersecurity.

These enhancements are part of our commitment to continually improving the program, ensuring that both new and returning members of the Trusted CI community benefit from its evolution. We look forward to welcoming the 2025 cohort and continuing to build a thriving community of cybersecurity professionals!

What Students Can Expect

The Trusted CI Student Program will run from May to November 2025, featuring webinars and workshops twice a month to foster growth and prepare students for careers in cybersecurity.

From their first day in the program, Students will:

• Attend workshops on cybersecurity fundamentals, career development, and emerging trends.

• Network with top professionals and researchers at the NSF Cybersecurity Summit, an annual conference dedicated to advancing cybersecurity in research and education. This event provides a unique opportunity to learn from experts, engage in discussions on emerging cybersecurity challenges, and build valuable connections within the field.

• Work closely with mentors who will guide their growth and help them navigate the cybersecurity landscape.

• Share their experiences through blog posts, presentations, and outreach activities, inspiring others to explore careers in cybersecurity.

Join a Community of Innovators: Apply for the Trusted CI Student Program

The Trusted CI Student  Program is not just about equipping students with technical skills; it’s about creating a community that values collaboration, and innovation. If you are a student passionate about cybersecurity or know someone who is, we encourage you to apply and join us in shaping a safer, more secure future for science and beyond.

Applications for the 2025 cohort open on February 3, 2025. For more information on how to apply, visit Trusted CI’s website or reach out to students@trustedci.org. Let’s build a stronger cybersecurity community together!