Terry "Terri" Merz
Terri Merz, DCS, CISSP, CISM is a senior research scientist at Pacific Northwest National Laboratory (PNNL). In February of 2022 she received a joint appointment as a cyber research fellow at the College of Emergency Preparedness, Homeland Security and Cybersecurity (CEHC) at the University at Albany.
Dr. Merz holds more than 25 years of cybersecurity experience spanning across the areas of systems and cybersecurity engineering, testing (Blue/Red Team testing), and management. In her roles as a fully qualified Navy validator and an information systems security engineer on behalf of the National Security Agency, Dr. Merz focused on vulnerability testing and the design of mitigations for enterprise architectures.
In addition to security engineering and vulnerability testing, Dr. Merz spent several years in cyber incident response. These activities included incident response to Advanced Persistent Threats (APT) on industrial control systems for the Navy. From 2014 onward, her specific area of research focused on asymmetric cyber operations and analytics. These studies included rapid prototyping studies resulting in the development of cyber resilient tactics, techniques and procedures, as well as first responder detection techniques. For two years, Dr. Merz conducted research in software-enabled devices (System of Systems), Zero Day vulnerabilities relative to software-enabled devices, and the development of resiliency tactics, techniques and procedures for software-enabled devices. While conducting applied research on APT’s and specifically Zero-Day attacks, Dr. Merz included Behavioral INFOSEC into her research areas. With humans forming the primary attack vector of advanced cyber threats, Dr. Merz found this area of research to be a natural fit for her ongoing studies.
Prior to joining PNNL, Dr. Merz held positions in and in support of the Federal government to include chief information security officer, principal cybersecurity engineer, fully qualified validator, cybersecurity assessor, and incident responder for a variety of sponsors to include the IC, Federal and State Law Enforcement, and the Department of Defense. Between 2002 and 2014, Dr. Merz was a co-owner of an award-winning small business that provided cybersecurity services to a wide variety of federal, state and local governments as well as commercial clients.
She holds doctorate and master’s degrees in Computer Science, with concentrations in Information Assurance from Colorado Technical University, and a Bachelor of Science in Information Management from the University of Maryland.