headshot cartoon
Professional Biography

Michael E. Locasto, PhD. serves as the CTO at Narf Industries. Narf is a cadre of cybersecurity folks tackling some of the most important cybersecurity problems facing society, industry, and government. We combine cutting edge research with real-world, large scale deployments of that work. All our researchers have experience in CNO, have been trained at some of the top IA schools in the country, and have technical skills that bridge the gap between fundamental research and building real systems.

I am a research principal investigator with 15+ years of experience defining and leading high-value, novel cybersecurity research funded by government and industry. Over the past six years, I've successfully managed a large research portfolio that helps secure the power grid, IoT, the supply chain, complex document formats, and software designs. I lead several diverse teams that reflect effective collaboration between our researchers and domain specific expertise in universities and project partners. I love creating a focused, intellectually challenging environment that enables my team and colleagues to grow and achieve important outcomes for our clients as they mature their skills and capabilities.

At Narf, I'm responsible for developing our strategic technology portfolio, particularly in embedded and industrial control systems, software supply chain, and data security solutions. I recruit, hire, and manage top-notch researchers and engineers and develop the relationships needed to secure external funding for basic and applied research and advanced engineering projects. Narf is actively hiring talented researchers at the BSc, MSc, and PhD levels, but formal degrees are not a requirement -- equivalent experience in the hacker community is deeply valued and appreciated.

Background

From 2016 to 2021, Michael was a Principal Computer Scientist at SRI International in the Infrastructure Security Group of their Computer Science Laboratory. Prior to joining SRI, he became a tenured Associate Professor at the University of Calgary, where he directed the Trustworthy Systems Group and conducted research in trustworthy systems, cooperative security mechanisms, and software security. Dr. Locasto was a Visiting Research Professor and I3P Fellow at George Mason University from 2008 to 2010 and an ISTS Fellow at Dartmouth College in 2008.

At SRI, Dr. Locasto served as a PI for four DARPA programs, including the Threat Intelligence for Grid Recovery (TIGR) project under the DARPA RADICS program, the Meriadoc project under DARPA SafeDocs, the Bregalad project under DARPA AIMEE, and the Orcrist project under DARPA SHEATH. He also co-led SRI's Internet of Things Security and Privacy Center.

Dr. Locasto has co-authored over 80 publications in the field of computer security, and he holds 14 US patents related to software security and intrusion detection. He has a PhD, MPhil, and MSc in Computer Science from Columbia University and graduated magna cum laude from The College of New Jersey (TCNJ) with a BSc in Computer Science.

Research Interests

I study the security of computer systems. I try to understand why it seems difficult to build secure systems and how we can get better at it. I research why computer systems fail, how they are attacked, and how they can intelligently respond to such events.

I like taking systems apart and understanding how they really work to discover and fix vulnerabilities in software. In various ways, I mainly work on cooperative security: the challenge of getting security systems to work together (particularly in complex network environments) to respond to attacks. My work also generally involves interactive security analysis: the challenge of supporting cooperative analysis of large, opaque artifacts. My research interests and approach are driven by my experiences constructing and collaborating on innovative approaches to information security education.

Selected Projects: