informIT
IEEE Security & Privacy
Dark Reading
IT Architect

Writings

I am pleased to write a monthly security opinion column for informIT. This column started life with CMP in IT Architect and Network magazines and was called "[In]security" back in October 2004. The column then transitioned into Web content for darkreading.com. Your feedback on the column through the Justice League blog is greatly appreciated.

I am also fortunate to have been the founding editor of the Building Security In Department of IEEE Security & Privacy magazine. John Steven and Gunnar Peterson currently edit the department. I believe this magazine is the best periodical in security, with both scientific accuracy, cutting edge technology, and real world relevance. Through a special offer, you can subscribe for only 29 bucks, and you don't have to join the IEEE. I can't recommend this more highly. Full disclosure: though the IEEE does not pay me for my services, I am on the Board of Governors of the IEEE Computer Society.

informIT article series

Build Security In article series

These articles were all originally published in IEEE Security & Privacy. For more of Gary's publications, see our full listing of his available published articles.

Dark Reading article series

IT Architect (formerly Network Magazine) article series (PDF format)

Science

I began my career at Cigital as a research scientist, and Cigital Labs is still close to my heart. Though I am still active in the scientific research community and interact closely with Cigital Labs, I now spend most of my time helping to run Cigital.

In 1999, I was asked to chair the Infosec Research Council's Malicious Code Infosec Science and Technology Study Group. The result of that collaborative effort was a paper published in IEEE Software called Attacking Malicious Code: A Report to the Infosec Research Council.

I believe that giving back to academia is essential. I try to give academic talks at various schools as often as possible, with annual stops at: Stanford, Johns Hopkins, University of Virginia, North Carolina State University, Waterloo, and University of Maryland. If I am on the road for business reasons, I always seek out a great nearby school to visit. I also act as Advisor to the Computer Science Department at UC Davis and the Computer Science Department at the University of Virginia (where we are working on creating a BA in the College of Arts and Sciences). I serve on the Dean's Advisory Council of the School of Informatics at Indiana University.

In 2005, I was elected to a three year term on the Board of Governors of the IEEE Computer Society.

Publications

My curriculum vita (PDF) includes a complete list of publications and lectures.

A Web-searchable listing of trade publications and research papers from Cigital is available through the Cigital website. All of my recent publications can be found there.

A large number of Java security trade publications can be found on the Java security Website

Pre-1996 papers are available in an out-of-date publications archive, where you can find abstracts and links to postscript files.

Cognitive science papers from the Center for Research on Concepts and Cognition (CRCC), where I did my graduate research, are available by ftp.

My completed thesis is available in multiple resolutions on my thesis page. Please feel free to send me questions and/or comments about what you see.