The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Sami Saydjari - Cyber Defense Agency, Inc.

Students: Spring 2024, unless noted otherwise, sessions will be virtual on Zoom.

A Principled Approach to Cybersecurity Engineering

Jun 17, 2020

PDF Slides PDF
Download: Video Icon MP4 Video Size: 148.1MB  
Watch on Youtube Watch on YouTube


Cyberattacks are increasing in frequency, severity, and sophistication. Target systems are becoming increasingly complex with a multitude of subtle dependencies. Designs and implementations continue to exhibit flaws that could be avoided with well-known computer-science and engineering techniques. Cybersecurity technology is advancing, but too slowly to keep pace with the threat. In short, cybersecurity is losing the escalation battle with cyberattack. The results include mounting damages in the hundreds of billions of dollars, erosion of trust in conducting business and collaboration in cyberspace, and risk of a series of catastrophic events that could cause crippling damage to companies and even entire countries. Cyberspace is unsafe and is becoming less safe every day. The cybersecurity discipline has created useful technology against aspects of the expansive space of possible cyberattacks. Through many real-life engagements between cyber-attackers and defenders, both sides have learned a great deal about how to design attacks and defenses. It is now time to begin abstracting and codifying this knowledge into principles of cybersecurity engineering. Such principles offer an opportunity to multiply the effectiveness of existing technology and mature the discipline so that new knowledge has a solid foundation on which to build. *

* Based on "Engineering Trustworthy Systems: A Principled Approach to Cybersecurity, CACM, June 2019.

About the Speaker

Sami Saydjari
Sami is a senior security architect with over three decades of experience in every stage of cybersecurity including software development,  deployments, operations, design, systems engineering, national policy, advanced research, and program management.  He has been a thought leader at institutions such as the Defense Advanced Research Projects Agency and the National Security Agency.  As a consultant, he guides a wide-variety of leadership in the national security community, federal government, and critical infrastructure providers in industry. He teaches Cybersecurity Engineering at Johns Hopkins University.

Ways to Watch


Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!