Day 1 Keynote (November 10th)

Cyber Risk Scoring and Mitigation for Resilient Cyber Infrastructure

Sachin Shetty, Professor

Old Dominion University, Suffolk, VA


Sachin Shetty is an Associate Director in the Virginia Modeling, Analysis, and Simulation Center and holds a joint appointment as an Professor with the Department of Computational Modeling and Simulation Engineering at Old Dominion University. Sachin Shetty received Ph.D. in Modeling and Simulation from Old Dominion University in 2007. Prior to joining Old Dominion University, he was an Associate Professor with the Electrical and Computer Engineering Department at Tennessee State University. His research interests lie at the intersection of computer networking, network security, and machine learning. Within the last 10 years, he completed many large-scale projects with multiple collaborators and institutions and served as the PI/Co-PI on various grants and contracts totaling more than $18M funded by Air Office of Scientific Research, Air Force Research Lab, Department of Defense Office of the Secretary of Defense, Department of Energy, Department of Homeland Security, National Science Foundation, Office of Naval Research, Commonwealth of Virginia, Sentara Healthcare and Boeing. He has authored and coauthored over 150 research articles in journals and conference proceedings and edited four books. He is the recipient of Fulbright Specialist award, Top 50 Influential papers in Blockchain award, EPRI Cybersecurity Research Challenge award, Commonwealth Cyber Initiative Fellowship award, DHS Scientific Leadership award and has been inducted in Tennessee State University’s million dollar club. He has served on the technical program committee for several flagship ACM and IEEE conferences. He is a Senior Member of IEEE.


Security metrics play a key role in supporting cyber risk management and mitigation decisions for critical infrastructures. The availability of quantitative insights ensures operational resilience and assist in the development of cost-effective mitigation plan. The resilient operation of critical infrastructures will depend on tools that can aid in continuous cyber resilience assessment. In this talk, he will present theoretical techniques and tools for security risk scoring and prioritized cyber defense remediation plan for effective cyber risk management. He will present cyber risk scoring techniques based on attack and vulnerability graph modeling and cyber defense remediation technique based on optimal resource allocation modeling. He will also present the Cyber Risk Scoring and Mitigation (CRISM) tool that provides cyber risk scores and a prioritized mitigation plan based on vulnerability detection, attack graph modeling, and risk assessment. A demonstration of the CRISM tool will conclude the talk.