I am Professor of Data Science & Cybersecurity in the School of Computer Science & Informatics. I am Director of the Cardiff Centre for Cyber Security Research, which is one of 19 Centres in the UK to be recognised as an Academic Centre of Excellence in Cyber Security Research (ACE-CSR) by the National Cyber Security Centre and EPSRC.
I have been involved in grants worth in excess of £19m, leading large awards from EPSRC, ESRC and industry on the topic of cyber security analytics – the fusion of artificial intelligence, cybersecurity and risk.
I lead AI for cybersecurity research at Airbus Cyber Innovation on a part-time secondment basis. I am director of Airbus' only global Centre of Excellence in Cyber Security Analytics. This has led to advanced malware detection algorithms as well as novel models for goal-oriented risk assessment being integrated into the business. Since 2012 we have established an interdisciplinary research team of technical and social researchers. Our collaborative projects have received more than £5m in funding from UK Research Councils (EPSRC, ESRC), Welsh Government (Endeavr Wales) and Industry (Airbus).
I lead the Safety Critical Systems theme in the £14m PETRAS National Centre of Excellence for Internet of Things Systems Cybersecurity, led out of UCL.
I am co-director of the WEFO-funded Data Innovation Accelerator (DIA) – a £3.75m investment in upskilling SMEs in South Wales to develop innovative AI-driven products and services.
I sit on the UK Government's AI Council, advising on the implementation of the industrial strategy in AI and the Data Economy.
I have a strong interest in socio-technical security and the understanding of risks to society from cyber-enabled systems. I work very closely with the Criminology team at the Cardiff School of Social Sciences. We have pioneered innovation in AI for the modelling and understanding of risks to social safety and security in online social networks (e.g. production and propagation of cyber hate speech, suicidal ideation and malicious Web links). This research is organised under the banner of the Social Data Science Lab, within which I am a director and the computational lead. The Lab’s core funding comes from a £450k ESRC grant and it forms part of the £64m ‘Big Data Network’. Core funding runs between 2017 and 2021.
I am a lecturer at the National Software Academy at Cardiff University. I am an enthusiastic researcher specialising in Cyber Security, Secure Business Process Design and Risk Assessment. My research interests include (1) Cyber Security in Corporate Information Systems and in Industrial Control Systems (ICS) and SCADA systems, (2) Information Assurance and Security, (3) Design/Modelling of Safe and Secure Systems, (4) Domain-Specific Extensions of Business Process Modelling Languages, (5) Security, Risk and Safety Modelling in Business Processes, (6) Risk Management and Risk Assessment, (7) and Cyber Security Knowledge Representation and Visualisation. My education and research skills are reinforced by my diverse work experience.
In my PhD research project, I developed a Reference Model of Information Assurance & Security (RMIAS), which captures the inter-dependencies between information, people, processes, legal factors, risks and control actions. The RMIAS is used by the research community independently of myself for framing information security in the research on secure business process modelling and SCADA systems, it is also used in training matrials on information security.
Based on the RMIAS, I developed a security modelling extension for BPMN 2.0 titled Secure*BPMN. The extension enables the depiction in business process models of such information as security goals and their criticality (risks), control actions/countermeasures, information characteristics and access permissions. The extension is designed to facilitate the communication about security in multi-disciplinary teams including business, technical, legal, HR and other domain experts. The extension is supported by stencils for Microsoft Visio and OmniGraffle.