Tom Scanlon

Thomas P. Scanlon is a Senior Research Scientist and Technical Manager in the CERT Division of the Software Engineering Institute at Carnegie Mellon University. He leads the CERT Data Science technical program which incorporates artificial intelligence, machine learning, and statistical analyses to develop solutions for cybersecurity challenges. Scanlon’s research interests include generative AI, large language models (LLMs), cybersecurity, software engineering, threat modeling, human-computer interaction (HCI), and quantum computing. Additionally, Scanlon serves as adjunct faculty in CMU’s Heinz College of Information Systems and Public Policy where he teaches courses such as Introduction to Cyber Intelligence and Cybersecurity for Artificial Intelligence & Machine learning as well as advises students on research projects. Prior to joining CMU, he worked for more than a decade in IT leadership roles with Fortune 500 companies.

Scanlon coauthored the DoD Developer’s Guidebook for Software Assurance as part of sponsored research for the Join Federated Assurance Center (JFAC). He is a frequent speaker at conferences, including having presented at (ISC)² Security Congress, Infosec World, ACT-IAC Imagine Nation, O’Reilly Open-Source Conference (OSCON), IEEE International Conference on Big Data and many others. In addition to publishing numerous SEI technical reports, he has published at refereed venues. Recent publications include “Critical Factors for Open Source Advancement in the U.S. Department of Defense” in IEEE Software, “Revelations from an Agile and DevSecOps Transformation in a Large Organization: An Experiential Case Study” in ACM International Conference on Software and Systems Processes and co-authoring “Security Impacts of Sub-optimal DevSecOps Implementations in Highly Regulated Environments” in ACM Proceedings of the 15th International Conference on Availability, Reliability and Security. Scanlon is a recipient of an Information Security Leadership Awards (ISLA®) award as an “MVP” partner to the U.S. Government from (ISC)², the world’s largest nonprofit association of certified cybersecurity professionals, for his participation in the development of cybersecurity guidelines for program managers and developers.