About

I am ...

• About to finish my 5 years long road as a Research Assistant at Hamburg University of Technology (TUHH), Institute for Security in Distributed Applications (SVA) where I have been teaching security and working towards my PhD in ICS security under the supervision of Prof. Dieter Gollmann

• About to continue my professional career  as a Senior Security Consultant at the European Network for Cyber Security (ENCS) 

Research interests 

• Cyber-physical security of industrial control systems
• Process control systems (PCS)
• Smart Grids

• Developing cyber-physical security fundamentals, e.g. process-aware security properties
• Design and implementation of cyber-physical attacks to understand attackers strategies and develop detection and reaction solutions.
• Process-aware risk assessment: mission-oriented risk assessment

I am especially interested in the security solutions at the control and field levels of the PCS to ensure secure (a.k.a. survivable) control of the physical processes.


Upcoming Events

• Giving a talk at Hack in the Box conference in Amsterdam, Holland (28-29.05.15)
• Giving talk at Positive Hack Days conference in Moscow, Russia (26-27.05.15)
• Giving talk and workshop at the ICS Cyber Security Europe 2015 conference in London, UK (29-30.04.14)
• Presenting accepted papers at the 10th ACM Symposium on Information, Computer and Communication Security (ASIACCS'15) and 1st Cyber-Physical System Security Workshop (CPSS'15), Singapore (14-17.04.15) 
• Moving to the Netherlands and start my job as a Senior Security Consultant at European Network for Cyber Security (01.03.2014)

Current involvements

• Collaboration with Prof. Alvaro Cardenas from the University of Texas in Dallas
• Collaboration with Jason Larsen from IOActive

• Vice president  of NIT Alumni Network
• Member of TUHH committee for Teaching and Studies
• Member of commission for awarding fellowships and grants in accordance with the Hamburg Act for the Promotion of Young Researchers and Artists/Stipendien nach dem Hamburgischen Gesetz zur Förderung des wissenschaftlichen und künstlerischen Nachwuchses (HmbNFG)  

Trainings/Certificates

• Shell: Introduction to Networking and Security for Control & Automation Systems (26.10.11)
• Shell: Diploma Safety for Operational Supervisors VCS (16.11.11)
• Shell: Field Instrumentation (28.11-09.12.11)
• DHS: Introduction to Control Systems Cybersecurity  (11.05.12)
• DHS: Control Systems Cyber Security Advanced Training (14-18.05.12)
• Siemens: Industrial communication with PROFIBUS/PROFINET (17-18.01.13)
• Siemens: Upgrade from Step7 to TIA Portal: PLC programming (11-12.03.13)
• Siemens: TIA Portal and new PLC  generation S7-1500 (15-16-04.13)
• Siemens: Safety Systems, Safety Integrated with SIMATIC S7 (27-28.05.13)
• TCIPG: Summer School on Trustworthy Cyber Infrastructure for the Power Grid (17-21.06.13)
• HIMA: Equipment safety "Security for Safety" (19.11.13)
• Heise: Network Assesment and Penetration Training (28-29.11.13)
• S4x14: Introduction to Hardware Hacking for ICS Professionals workshop (17.01.14)
• ENCS: Advanced ICS Security Training (03-07.03.14)

Services

• Program Committee at ICS-CSR 2015: 3rd International Symposium for Industrial Control System & SCADA Cyber Security Research
• Program Committee at CPSS 2015: 1st Int. Cyber-Physical Systems Security Workshop
• Program Committee at ICCWS 2015: 10th International Conference on Cyber Warfare and Security
• Program Committee at SEGS 2014: Smart Energy Grid Security Workshop
• Program Committee at SIN 2014: 7th Int. Conference on Security of Information and Networks
• Program Committee at MeSSa 2014: 2nd International Workshop on Measurability of Security in Software Architectures
• Invited reviewer at INDIN 2014: 12th IEEE International Conference on Industrial Informatics
• Invited reviewer for Journal of Information Security and Applications (JISA), Elsevier
• Frequent Invited reviewer for International Journal of Critical Infrastructure Protection  (IJCIP), Elsevier
• Invited reviewer at IEEE ICC 2014: 13th IEEE Int. Conference on Communication Systems

• Program Committee at SEGS 2013: Smart Energy Grid Security Workshop
• Program Committee at ASPI 2013: International Workshop on Adaptive Security & Privacy management for the IoT 
• Program Committee at ISTP-2013:  3rd International Workshop on Information Security, Theory and Practice 
• Invited reviewer at SIN 2013: The 6th International Conference on Security of Information and Networks

•  Organizer of OWASP AppSec Research Conference (20-23.08.2013)
•  Organizer of WASR'13: 1st European workshop on Web Application Security Research (20.08.2013)
•  Organizer of WiSec’11: 4th ACM Conference on Wireless Network Security (15-17.06.11)
•  Organizer of  myPhD’13: 5th German doctoral gathering in security field (16-17.09.13)
•  Organizer of  HCW’12:  Home Coming Weekend for NIT Alumni (28-30.09.12)
•  Organizer of  HCW’13: Home Coming Weekend for NIT Alumni (27-29.09.13)
•  Organizer of  HCW’14: Joined Home Coming Weekend for NIT and TUHH Alumni (26-28.09.14)

Teaching experience

WS 14: 

• Exercise: Introduction to Security

SS 13: 

• Exercise: Network Security

WS 13:

• Exercise: Introduction to Security

SS 12:

• Exercise: Network Security
• Security Seminar

WS 12:

• Exercise: Software Security
• Practice: Software Project
• Proseminar Informatics

SS 11:

• Exercise: Network Security

WS 11:

• Exercise: Software Security
• Practice: Software Project
• Proseminar Informatics

SS 10:

• Exercise: Network Security

Past Events

• Giving talk at 31C3 Chaos Communication Congress on Damn Vulnerable Chemical Process in Hamburg, Germany (27-30.12.14)
• Giving a talk at S4 Symposium of Digital Bond on A Mission Centric Approach to Securing Control Systems Miami, USA (13-16.01.15)

• Presenting paper at the 30th Annual Computer Security Applications Conference in New Orleans, USA (8-12.12.14)
• Giving talk at the 1st SCADA Security Conference Latin America  in Rio de Janeiro, Brazil (5-7.11.14)
• Giving talk at the III Iberian-American Congress on Industrial Cybersecurity in Madrid, Spain (07-08.10.14)
• Attending ICS 3C ICS Cybersecurity Council Conference 2014 in Heidelberg, Germany (30.09-01.10.2014)
  
• Presenting paper at the 2nd International Symposium for ICS & SCADA Cyber Security in St. Pölten, Austria (11-12.09.14)
• Presenting paper at the 9th International Workshop on Security (IWSEC2014) in Hirosaki, Japan (27-29.08.14)
• Attending DEFCON, Las Vegas, USA (07-10.08.14)
• Attending Black Hat, Las Vegas, USA (05-07.08.14)
• Participating in Dagstuhl Seminar on Network Attack Detection and Defence: Securing Industrial Control Systems for Critical Infrastructure in Schloss Dagstuhl - Leibniz Center for Informatics, Germany (13-16.07.14)
• Attending Innovation Tour 2014 of Siements in Braunschweig (24.06.14)
• Giving a talk and a workshop on cyber-physical security at ICS Cyber Security Conference, London, UK (22-24.04.14)
• Presenting poster at the Conference on High Confidence Networked Systems HiCoNS'14 (accepted poster "Is this a good Time? Deciding to Launch Attacks Against Cyber-Phyisical Systems"), Berlin (15-17.04.14)  
• Attending Idaho National Labs for collaboration, USA (26.03-04.04.14)
• Giving talk at the National Institute of Standards and Technology (NIST), USA (20.03-21.03.14)
• Presenting paper at the 9th International Conference on Cyber Warfare and Security ICCWS-2014(accepted paper "Cyber Can Kill and Destroy too: Blurring Borders Between Conventional and Cyberwarfare"), Purdue University, USA (24-25.03.14)
• 
  
• Presenting paper at the 8th Annual IFIP Working Group 11.10 International Conference on Critical Infrastructure Protection (accepted paper "Exploring Timing of Attacks on Process Control Systems"), Arlington, Virginia, USA (17-19.03.14)
• Attending Advanced ICS Security Training at the ENCS, The Hague, Netherlands (03-07.03.14)
• Giving a talk at S4 Symposium, Miami, USA (14-17.01.14)
• Attending The IT Security Expo and Congress  in Nürnberg (08-10.10.13)

• Presenting paper at the 18th Nordic Conference on Secure IT Systems in Ilulissat, Greenland (accepted paper) (18-21.10.13)

• Visiting European Network for Cyber Security (ENCS) (04-09.08.13)

• Attending the IEEE 11th International Conference on Industrial Informatics (accepted paper) (29-31.07.13)

• Assistant organizer of  OWASP AppSec Research 2013 (20-23.08.2013)

• Local organizer of WASR’13: First European workshop on Web Application Security Research (21.08.13)

• Organizer and participant: myPhD'13 (16-17.09.13 )

• Participating in Science Slams in Hamburg (13.09.13)

• Organizer and participant: NIT Home Coming Weekend  (28-29.09.13) 

• Participating in Profession Orientation evening for high-school graduates of Friedrich -Ebert- Gymnasium (24.10.13)

• Performing at the Graduation Ball of Hamburg University with my peace on Blonds & Cybersecurity at Grand Elysee Hotel (26.10.13)

• Attending SEGS'13 workshop hold in conjunction with ACM CCS 2013 in Berlin (08.11.13)

• Attending Network Assessmentand Penetration Training of Compass Security (28-29.11.13)

• Attending 30C3, Hamburg (27-30.12.13

Contact

marmusha@gmail.com