Dr. Thomas P. Scanlon is a Principal Researcher and Technical Manager in the CERT Division of the Software Engineering Institute at Carnegie Mellon University. He leads the CERT Data Science technical program which incorporates artificial intelligence, machine learning, and statistical analyses to develop solutions for cybersecurity challenges. Additionally, his research team performs research in quantum computing, RF Engineering, cyber-physical systems, and many interdisciplinary technical fields.
Previously, Dr. Scanlon has performed applied research in the areas of software engineering, DevSecOps, cyber risk management, usability & HCI, threat modeling, and supply chain security. Prior to joining the SEI, he worked for more than a decade in IT leadership roles with Fortune 500 companies.
Dr. Scanlon coauthored the DoD Developer’s Guidebook for Software Assurance as part of sponsored research for the Join Federated Assurance Center (JFAC). He is a frequent speaker at conferences, including having presented at OSCON, (ISC)² Security Congress, InfosecWorld, ACT-IAC Imagine Nation, and also regularly participates in webinars and podcasts. In addition to publishing many SEI technical reports, he has published at refereed venues. Recent publications include “Critical Factors for Open Source Advancement in the U.S. Department of Defense” in IEEE Software and co-authoring “Security Impacts of Sub-optimal DevSecOps Implementations in Highly Regulated Environments” in ACM Proceedings of the 15th International Conference on Availability, Reliability and Security. Dr. Scanlon is a recipient of an Information Security Leadership Awards (ISLA®) award as an “MVP” partner to the U.S. Government from (ISC)², the world’s largest nonprofit association of certified cybersecurity professionals, for his participation in the development of cybersecurity guidelines for program managers and developers.