On This Page

Art and Science of Security Research

Gregory Conti & David Raymond | July 22-23 & July 24-25


Information security is about pushing boundaries, exploring ideas, and creating new things. Getting beyond today's state of the art and innovating new approaches to hard problems is tricky, but important. This course will teach you how to take on challenging and relevant problems through high quality security research.

In this course, you will learn to spot important information security problems, identify existing work that you can build upon, learn how to collect data, code research prototypes, construct scientifically valid experiments, analyze the results, and best share your findings.

Whether your motivations are personal, academic, or work-related, conducting security research provides many benefits. You'll see emerging trends and opportunities ahead of others giving you (and your employer) a critical edge, make yourself an expert (perhaps "the" expert) in areas of your choosing, keep your personal skillset fresh, create new business opportunities, and bring new insights into the infosec community, your workplace, and the classroom.

Information security research, and the deep personal learning that goes with it, is richly rewarding and within reach of those with passion, creativity, and tenacity. This class will jumpstart your research activities if you are just starting out and will help fine tune the research efforts of more experienced individuals.

The course will use a running theme based on a research problem that you, the student, would like to pursue. If you don't come to the course with a research problem, we will help you discover one during the course, or you can practice using an instructor provided research problem.

Some of the topics and techniques covered will include:
  • Identifying high-impact security problems worth investing your time in
  • Finding existing work to build upon
  • Recognizing strengths and shortcomings in others' research
  • Problem solving strategies for tackling hard information security problems
  • Hacking, experimenting, and experimental design
  • InfoSec community case studies
  • Conducting scientifically valid experiments
  • Collecting, organizing, and sharing infosec datasets
  • Experiment evaluation and statistical analysis
  • Technical writing tips that will help you publish or present your research
  • How to best publish your findings in industry and academic venues, as well as forums like hacker conferences and Black Hat.

Our objective is that everyone will leave the course with the skills to conduct meaningful information security research projects and publish high-quality results that you will be proud of, whether that be online, in an industry magazine, an academic forum, or a security conference.

Who Should Take this Course

You should take this course if you want to become a security researcher or refine your research approach

Student Requirements

Students should have either a wide breadth of experience across information security or depth in one or more particular areas, ideally both, but we can accommodate those just starting out. All students should be prepared to conduct research through an interactive and dynamic hands-on experience.

What Students Should Bring

Students should bring a topic area or specific research idea they would like to refine, but if you don't have one, during the course we can help you identify your own topic (or you may use one we provide). Students should also bring a laptop for searching online and creating word processing, presentation, and spreadsheet documents, a set of headphones, and (optionally) a programming language of choice.

What Students Will Be Provided With

  • Professional laboratory notebook
  • Book on scientific research


Gregory Conti ran West Point's cybersecurity research and education programs for almost a decade and is currently Director of Information Security Research at IronNet Cybersecurity. He holds a PhD in Computer Science and has led dozens of research efforts. He is the author of "Security Data Visualization" (No Starch Press), "Googling Security" (Addison-Wesley) and the forthcoming "On Cyber" as well as over 70 articles and papers covering cyber warfare, online privacy, usable security, and security data visualization. Greg has served as Officer in Charge of a forward deployed expeditionary cyber team, acted as a Senior Advisor in the US Cyber Command Commander's Action Group, and co-created US Cyber Command's flagship Joint Advanced Cyber Warfare Course (JACWC). He has spoken at numerous security conferences, including Black Hat, DEF CON, HOPE, ShmooCon, RSA, and the NATO Conference on Cyber Conflict and numerous academic conferences. His work can be found at www.gregconti.com and @cyberbgone

David Raymond is a faculty member at Virginia Tech, where he teaches computer networking and cybersecurity courses and runs a cybersecurity research lab for graduate students and undergraduates studying Computer Science and Computer Engineering. He is also Director of the Virginia Cyber Range and serves as deputy to the Virginia Tech CISO, helping lead security efforts for the university network. David holds a Ph.D. in Computer Engineering and taught West Point's capstone course in cybersecurity for four years. David created West Point's cyber-competition team, and currently serves as faculty advisor to Virginia Tech's student Cybersecurity club. He has published over 25 papers and articles on topics including computer architecture, wireless security, online privacy, and cyber warfare, and has spoken at several academic and industry conferences, including Black Hat, RSA, Shmoocon, and the NATO Conference on Cyber Conflict. David is also co-author of the forthcoming "On Cyber", a book on military cyber operations.