Department of Cybersecurity Abstracts

Presenter(s): Luimer Yumbla

Showcase Advisor: David Adkins; Ariel Pinto

Abstract: This project focuses on network security architecture, specifically the design and the enforcement of segmentation controls between Information Technology (IT) and Operational Technology (OT) environments in critical infrastructure organizations. The analysis will examine how architectural weaknesses, misconfigurations, and divergence from established segmentation models may enable adversaries to move from enterprise IT networks into industrial control systems (ICS).  

This topic would emphasize architectural design, zoning models, firewall rule enforcement, and defense-in-depth strategies rather than vulnerability assessments. The project will integrate network architecture analysis with a risk governance and compliance component to evaluate whether implemented network controls align with established standards and best practices.

Presenter(s): Sean Reyes

Showcase Advisor: David Adkins

Abstract: Hybrid enterprise environments, where organizations combine on-site systems with remote work and cloud services, have grown rapidly. While these environments improve accessibility and scalability, they introduce new cybersecurity risks. Traditional perimeter-based models rely on implicit trust, which becomes detrimental as attackers can exploit this trust to gain lateral movement across systems.  

This research examines how Zero Trust Network Architecture (ZTNA) improves security through continuous verification of devices. Using the NIST Zero Trust framework and the MITRE ATT&CK model, this paper compares traditional security principles with Zero Trust principles. This analysis will demonstrate how micro-segmentation and identity-based access controls can reduce attack surface and lateral movement within hybrid enterprise environments.

Presenter(s): Javier Gonzalez

Showcase Advisor: David Komar

Abstract: Artificial intelligence is rapidly transforming the cybersecurity landscape, enabling both advanced defense tools and more sophisticated cyberattacks. This project evaluates the growing risk of AI-powered cyber threats, including AI-generated phishing, adaptive malware, and automated attack chains capable of bypassing traditional security measures dynamically. As organizations increasingly rely on cloud infrastructure and interconnected systems, these emerging threats pose significant risks to the confidentiality, integrity, and availability of critical data and services.

Using a Future Scenario Creation (FSC) framework, this research develops plausible risk scenarios involving AI-enabled attacks on enterprise environments. Each scenario is evaluated based on severity, plausibility, and potential cascading effects such as operational disruption, financial loss, and reputational damage. The project also examines defensive strategies, including AI-driven detection systems, zero-trust architectures, and adaptive security controls, to improve resilience against these emerging threats and better prepare organizations for an increasingly automated adversarial landscape.

Presenter(s): Kevin Mirkov

Showcase Advisor: Frederick Hintermister

Abstract: Artificial intelligence is increasingly used in healthcare systems for tasks such as clinical decision support, threat detection, and automated data analysis. While these technologies improve efficiency and security capabilities, they also introduce new cybersecurity risks that can affect patient safety, data integrity, and system reliability. This research examines the cybersecurity challenges associated with AI adoption in healthcare environments, including threats such as adversarial attacks, data poisoning, and compromised training data. Using governance and risk management frameworks such as the NIST Cybersecurity Framework and the NIST AI Risk Management Framework, this project analyzes how healthcare organizations can strengthen the security and trustworthiness of AI systems. The presentation highlights key risks, governance strategies, and practical approaches for deploying AI securely in healthcare environments.

Presenter(s): Matthew Thompson

Showcase Advisor: Ariel Pinto

Abstract: This project investigates how architecture patterns can be used to automate cybersecurity governance within technology delivery. Approved patterns, associated standards, and structured intake metadata are used to assess whether proposed solutions align with governance, risk, and compliance expectations. The assessment incorporates factors such as data sensitivity, external integrations, infrastructure exposure, and third-party dependencies to generate measurable risk indicators. These results can then be surfaced through a developer platform such as Backstage, giving architects, engineers, and governance stakeholders clearer visibility into risk, control alignment, and potential cyber incident impact. The project aims to show how automated pattern assessment can strengthen cybersecurity risk management, improve cyber resilience, and support more consistent application of cybersecurity frameworks and standards across the system lifecycle.

Presenter(s): Nevaeh Groucher

Showcase Advisor: Ariel Pinto

Abstract: As cyber threats continue to grow in scale and sophistication, organizations must balance the cost of implementing cybersecurity controls with the potential financial and operational impact of cyber incidents. This project explores how cybersecurity economics influences decision-making within Cybersecurity Risk Management and organizational security strategies. The research examines how businesses evaluate investments in security technologies, policies, and risk mitigation measures while considering budget constraints and potential losses from cyberattacks. It will also analyze the role of Governance, Risk, and Compliance (GRC) frameworks and established cybersecurity standards, such as the NIST Cybersecurity Framework, in guiding risk governance and resource allocation. Additionally, the study considers how strategic cybersecurity investments contribute to cyber resilience and reduce the long-term impact of cyber incidents. Understanding the economic trade-offs between security costs and potential risks can help organizations develop more effective and sustainable cybersecurity strategies.

Presenter(s): Callie Walker

Showcase Advisor: Nicole Shepard

Abstract: This research evaluates whether behaviorally informed security awareness programs, digital literacy initiatives, and scenario-based training with simulated social engineering exercises can reduce human-originated cybersecurity incidents. Human factors represent a critical and often underestimated component of cybersecurity risk. While traditional cybersecurity frameworks prioritize technical controls such as encryption, network segmentation, and intrusion detection systems, evidence shows that human behavior remains a primary attack vector in modern information systems. Human security in cybersecurity examines user behavior, cognitive decision-making, and digital interaction patterns that influence responses to cyber threats. Social engineering techniques like phishing, vishing, and credential harvesting exploit predictable behaviors such as trust, urgency response, and limited technical literacy. Previous reports indicate that most recorded breaches involve a human element, reinforcing the need to treat behavior as part of cybersecurity architecture. Integrating behavioral risk mitigation with technical security controls may significantly strengthen organizational resilience in an increasingly complex digital threat environment.

Presenter(s): Charles Harklerode

Showcase Advisor: Ariel Pinto

Abstract: Organizations often struggle navigating the complexities of cybersecurity risk management. Recent events demonstrate they often follow ineffective risk models that map cybersecurity strategies that fail to incorporate high-impact, low-probability events. This leaves the organization in a precarious position, their consumers vulnerable, and society ambushed. Organizations can use a governance, risk and compliance (GRC) structure to augment decision-making, and enforce cybersecurity policies. This strategy provides the organization with real-time decision-making methods and ensures the organization’s cyber risk management aligns with its overall mission. To bridge the gap between an organization’s mission and its cybersecurity risk management, it needs to build resilience. This shift from traditional event prevention to a strategy that incorporates a plan for response, recovery, continuity, and adaptation is socially and organizationally prudent. Adopting this type of organizational culture requires innovative thinking, thus using proper analytical techniques to turn cyber risk into dollar amounts for organizational executives is essential.

Presenter(s): Thomas Smith, Johanne Hesse, Delwyn De Los Santos, Nye Wade

Showcase Advisor: Sheikh Rabiul Islam

Abstract: Making fast decisions is necessary in the world of security, yet this field is prone to error that can jeopardize safety. Mental fatigue increases stress, causes loss of focus, slower reaction times, and poor judgment. As security becomes more complicated, understanding how mental stress impacts decision-making will be increasingly important. This research examines the impact of mental stress on performance, particularly security-related performance, and investigates whether physiological responses can provide warning signs of performance deterioration before errors occur.

This research explores datasets including EEG recordings, eye-tracking data, and FNIRS measurements, using sources such as CogBeacon datasets, previously published research, and wearable fatigue-monitoring devices like OperatorEYEVP and ConPPMF. Initial findings show a strong relationship between cognitive load, mental fatigue, and decision accuracy. Studies indicate that combining physiological measurements—such as brain oxygenation and eye movement—can identify mental overload more accurately and support adaptive security systems that assist users under high cognitive workload.

Presenter(s): Kevin Mirkov

Showcase Advisor: Ramana Allena

Abstract: Social engineering remains one of the most effective methods used by cybercriminals to compromise sensitive information from individuals and organizations. These attacks exploit human psychology through tactics such as urgency, trust, and deception. One of the most common forms is phishing, where attackers use fraudulent emails, links, or impersonation to trick users into revealing login credentials, financial data, or personal information. As organizations become increasingly dependent on digital systems, attackers often target human vulnerabilities rather than technical weaknesses. Traditional security awareness training is frequently ineffective because it relies on static presentations or annual compliance modules that fail to engage users. Gamified security training offers a more interactive approach by incorporating competition, rewards, and simulated phishing challenges. This method encourages active participation, provides real-time feedback, and helps users better recognize phishing threats, ultimately strengthening organizational cybersecurity awareness and resilience.

Presenter(s): salamah alshammari

Showcase Advisor: David Adkins

Abstract: Healthcare organizations rely on Virtual Private Networks (VPNs) to provide secure remote access to clinical systems and electronic health records. However, weaknesses in cryptographic configurations and outdated security mechanisms can introduce significant risks to enterprise networks. This project analyzes the security implications of cryptographic weaknesses in IPsec and SSL/TLS VPN deployments within healthcare environments. The study compares protocol architectures and evaluates how insecure configurations, such as weak encryption algorithms or outdated key exchange methods, may increase the risk of unauthorized access. The findings highlight the importance of modern cryptographic standards, secure authentication, and proper VPN configuration to strengthen remote access security in healthcare organizations.

Presenter(s): Lakye Thomas

Showcase Advisor: Ariel Pinto

Abstract: This research examines the governance and risk management failures that contribute to the operational disruption caused by the Colonial Pipelines Ransomware attack in May 2021. The attack forced the shutdown of one of the largest fuel pipelines in the United States, resulting in regional fuel shortages and significant economic disruption. The study will analyze the incident from a cybersecurity risk governance perspective by reconstructing the timeline of the attack using publicly available reports. The analysis will map the organizations risk management practices against the NIST Cybersecurity framework to identify gaps in governance, risk prioritization and incident preparedness. The project aims to evaluate how stronger governance structures and risk management practices could have mitigated the attack's impact and to propose recommendations for improving cyber resilience within critical infrastructure organizations.

Presenter(s): Jaelyn Staiano

Showcase Advisor: Ariel Pinto

Abstract: The two main federal policies that have been established to protect children in cyberspace are the Children’s Online Privacy Protection Act (COPPA) of 1998 and the Children’s Internet Protection Act (CIPA) of 2000. As cyber threats continue to evolve and human life becomes increasingly integrated with cyberspace, it’s important to consider the laws that exist to protect vulnerable populations.

This project will analyze both COPPA and CIPPA while considering their applications through the lens of the 4 Cs of online safety (content, contact, conduct, and commerce). This project will also explore avenues of improvement in terms of proposed legislation, potential technical developments, and increased legal compliance. Bridging the gap between policies and modern cyber threats will provide cybersecurity practitioners and lawmakers the insight required to effectively protect children on the internet.

Presenter(s): Devin Iturralde

Showcase Advisor: Ariel Pinto

Abstract: This project will explore how organizations can improve cyber resilience through better cybersecurity risk management and governance, risk, and compliance (GRC) practices. As cyber threats continue to grow, organizations must move beyond only trying to prevent attacks and focus on preparing for, responding to, and recovering from cyber incidents. The project will examine how cybersecurity frameworks, such as NIST standards, help organizations manage risk and maintain compliance with regulations. It will also discuss the potential operational and financial impacts that cyber incidents can have on organizations. By looking at risk governance, cybersecurity frameworks, and cyber resilience strategies, this project aims to show how organizations can better prepare for cyber threats while continuing normal business operations. The goal is to highlight practical approaches that strengthen overall cybersecurity risk management.

Presenter(s): Mildred Bonsu

Showcase Advisor: Ariel Pinto

Abstract: Organizations often depend on regulatory compliance and cybersecurity standards to guide their security practices. However, meeting compliance requirements does not always lead to effective cyber risk management or stronger cyber resilience. This study examines the governance challenge between compliance driven cybersecurity practices and approaches that focus on managing risk and building resilience. Drawing on concepts from cybersecurity policy and governance, the analysis considers how regulatory incentives and penalties shape organizational cybersecurity decisions and the allocation of security resources. Compliance frameworks encourage organizations to implement specific controls, but they may also lead organizations to focus more on satisfying reporting requirements than addressing the most significant risks. This study therefore, explores the gap between compliance obligations and the broader goal of cyber resilience. The findings aim to support policymakers, cybersecurity leaders, and critical infrastructure organizations seeking governance approaches that better connect compliance requirements with effective cyber risk management and resilience.

Presenter(s): Ella Chalmers

Showcase Advisor: Ariel Pinto

Abstract: I want to explore how companies handle cybersecurity risks with remote and hybrid workforces. With more people working from home, organizations face challenges like insider threats, insecure devices, and policy compliance. My project will look at how companies do risk assessments, enforce security policies, and use tools like endpoint protection and multi-factor authentication to keep data safe. I’ll also examine how GRC frameworks help align security practices with business goals. The goal is to show practical ways organizations can stay cyber resilient while supporting remote work, balancing technology, policy, and human behavior to reduce the chances and impact of cyber incidents.

Presenter(s): Tai Abe

Showcase Advisor: Richard Rose

Abstract: Phishing is a huge global issue, and it is estimated that billions of dollars are spent worldwide each year on trying to train users not to fall prey to such attacks. If the awareness training was actually having the required impact on reducing user vulnerability to phishing attacks, then the spending of this money is justified. I propose this study to investigate the conditions under which awareness-based training will lead to long-term and measurable reductions in user vulnerability to phishing attacks. I believe this to be an important question as it will guide a wide variety of organizational decisions regarding the distribution of security resources, the enforcement of security policies, and other security-related endeavors. This addresses several significant challenges, including the human vulnerability factor that phishers rely upon; the fact that awareness-based training may not always have long lasting impact; and the increasingly sophisticated nature of modern phishing attacks.

Presenter(s): Nathaniel LaRowe

Showcase Advisor: Ariel Pinto

Abstract: This presentation will address cybersecurity concerns related to network-based maritime critical infrastructure, including power, water-level control dams and lock systems. Dams and locks pose a significant threat of severe physical and economic impacts, while their reliance on digital control systems, remote access monitoring, and interconnected networks makes them likely targets for cyberattacks. The presentation will discuss how cybersecurity risk management principles, such as governance, risk, and compliance (GRC), can be applied to safeguard dams against cyber incidents. It will discuss the impacts of cyber incidents and the compounding damages resulting from downstream flooding, sudden upstream water loss, and potential economic losses from reduced power generation and/or vital maritime traffic and shipping. The presentation will use previous cyberattacks on dams to demonstrate risks posed to larger, interconnected dams, such as those located the Saint Lawrence Seaway in New York State.

Presenter(s): Nicholas Barbosa, Nicole Zhong, Kaymel Branch, Caitlyn Meehan, Rogelio Nayra

Showcase Advisor: Mizan Rahman

Abstract: Our group will develop a secure, real-world data system that demonstrates both technical and cybersecurity practices.

Presenter(s): Kristian Shkreli

Showcase Advisor: Ariel Pinto

Abstract: In my showcase presentation, I break down the essentials of securing data throughout its entire lifecycle. I focus on the critical distinctions between data at rest, in transit, and in use, highlighting how each state requires specific defenses—like TLS for transit or secure enclaves for processing—to stay ahead of eavesdropping and man-in-the-middle attacks. I argue that security gaps often emerge from inconsistent protections across these stages, which is why I advocate for a unified, layered strategy rather than a fragmented one. To tackle modern headaches like insider threats and privilege misuse, I emphasize the adoption of Zero Trust principles—where no user or device is granted default trust—alongside a firm commitment to professional ethics. Ultimately, I demonstrate how continuous verification and strict segmentation provide the necessary resilience for today’s complex digital landscape.

Presenter(s): Luke Burns

Showcase Advisor: Ariel Pinto

Abstract: I would like my presentation to be on the complications that come with the use of FERPA on college campuses. When trying to comply with FERPA, universities may find themselves in a bind because they need to protect student privacy and at the same time fulfill other responsibilities. A typical case is when parents want to know a student's information the school would be inclined to give the information, especially if the parent is the one paying for tuition, but FERPA restricts the school from sharing such data without the student's consent. This just one example and I’d like to speak more on this topic at the university showcase.

Presenter(s): Din Andrew Barrameda

Showcase Advisor: Sheikh Rabiul Islam

Abstract: Protecting Personally Identifiable Information (PII) has become an increasing challenge for organizations that store and exchange large volumes of data. Automated PII detection and Redaction technologies are widely used in enterprise environments to prevent sensitive information from being exposed. However, these systems often struggle with contextual and multilingual content are inconsistent in scanning archived emails and system logs. Observations from real environments suggest that PII could be stored in unexpected locations and communicated through email, while archived messages are not always scanned or protected thereby increasing the overall risk of exposure. This project evaluates the effectiveness and limitations of current PII detection and redaction techniques through a literature review and an experimental evaluation. Using a set of the Enron Email Dataset and Microsoft Presidio, rule-based and machine learning approaches will be compared to identify the gaps in enterprise communication detection systems.

Presenter(s): Clairvens Lapointe

Showcase Advisor: Nicole Shepard

Abstract: Cybersecurity is not only a technical issue but also a societal one. Cyberattacks disrupt information systems, networks, and the daily operations that organizations rely on. Critical infrastructure sectors such as water utilities, electricity, healthcare, and education are essential to society. When these systems are compromised, the consequences extend beyond digital inconvenience and can impact public safety, economic stability, and public trust.

One of the most disruptive threats to essential public services is ransomware. Ransomware encrypts sensitive data and demands payment for its release, often forcing organizations to halt operations. Public institutions are common targets because their services cannot tolerate downtime. In healthcare, ransomware can delay surgeries and limit access to patient records. In education, it can interrupt learning and expose personal information. This research examines the societal consequences of ransomware by analyzing how these attacks disrupt operations, weaken financial stability, and break public trust in critical infrastructure sectors.

Presenter(s): Javier Gonzalez

Showcase Advisor: Ariel Pinto

Abstract: Organizations frequently struggle to justify cybersecurity investments because traditional financial metrics often overlook the complexities of cyber risks. While tools like Return on Investment (ROI) and Return on Security Investment (ROSI) seek to quantify the monetary value of security measures, they often rely on uncertain assumptions and offer limited insight into actual risks. This project explores how the FAIR (Factor Analysis of Information Risk) framework enhances cybersecurity decision-making by translating cyber risks into financial terms. By modeling the likelihood of loss events and the potential loss sizes, FAIR helps organizations grasp the economic impact of cyber incidents and prioritize security efforts based on quantifiable risk reductions. The presentation demonstrates how integrating FAIR into Governance, Risk, and Compliance (GRC) initiatives strengthens cyber resilience by emphasizing the understanding, management, and communication of cyber risks in financial terms, thereby enabling executives and CISOs to make more informed, risk-based investment decisions.

Presenter(s): Jie Chen

Showcase Advisor: Ariel Pinto

Abstract: This project will look at how Governance, Risk, and Compliance (GRC) plays an important role in cybersecurity for modern organizations. It will explain how organizations use GRC to make better security decisions, manage cyber risks, and follow rules, laws, and industry standards. In addition, it will discuss how risk assessment helps organizations identify their biggest security concerns and decide where to focus their resources. Another part of the project will be how compliance connects to overall cybersecurity goals and why it matters for long-term success. Overall, this project will show that GRC is a key part of building a stronger, smarter, and more resilient cybersecurity program.

Presenter(s): Kassandra Franz

Showcase Advisor: Ramana Allena

Abstract: This project explores how social engineering attacks function and why they remain so effective. Common techniques such as phishing emails, impersonation, pretexting, and baiting are examined to illustrate how attackers manipulate human behavior to achieve their objectives. These attacks can result in credential theft, financial fraud, identity theft, or even large-scale organizational breaches. In many major cybersecurity incidents, the initial compromise begins with a single successful social engineering attempt. The project also highlights the growing importance of cybersecurity awareness and education as a primary defense against these attacks. Because humans cannot be patched like software, developing a strong culture of security awareness is essential.

Presenter(s): Jayden Jackson-Eyo

Showcase Advisor: Ramana Allena

Abstract: I am presenting a two element security framework for keeping household networks safe from social engineering that I would cover in this poster. Firstly, I would cover the psychological habits of humans in order to dissect why it is that humans are so susceptible to social engineering and which of these habits social engineering threat actors tend to exploit the most. Most people are not tech savvy enough to know exactly what to do to improve their network/technology security posture, but there are certainly gaps in knowledge that can be bridged in a way to make social engineering much less effective for the common user. Along with these psychological factors, I would also suggest several tangible and technical solutions to social engineering attacks. Most of these solutions would be to fail-safes in the event that someone is successfully engineered into compromising their security, as opposed to preventative measures.

Presenter(s): Din Barrameda, Emmanuel Baffoe, Sabastian Kearse, Almas Awan, Justin Correa

Showcase Advisor: Jason Appel

Abstract: Human error is one of, if not, the leading cause of cybersecurity incidents. It often happens through phishing attacks, weak passwords, and system privilege misuse. This presentation identifies how essential human security is to cybersecurity and how organizations can reduce its risks. The proposed approach is creating a layered defense strategy that combines awareness training, strong access controls, and using technologies that monitor behavior. The measures proposed include phishing simulations, implementing multi-factor authentication (MFA), least privilege access, and using behavior analysis to detect unusual activity. By combining technical defenses with human-centered security practices, organizations can greatly reduce the chance of social engineering success. The presentation evaluates how these measures improve the security posture of the organization, and it demonstrates the importance of the human element in cybersecurity systems.

Presenter(s): Lucas Watson

Showcase Advisor: Nicole Shepard

Abstract: Human security is often overlooked by everyday users of technology, business executives, and even government officials. In the modern digital world where people across the planet have access to multiple devices and social media, it becomes increasingly apparent that cybersecurity needs to become more mainstream. While technological defenses such as encryption, firewalls, and monitoring systems are considerably important in securing information, decisions of individuals usually determine whether those protections succeed in their objective or fail. This makes the human layer of cybersecurity the most important factor in protecting sensitive information. Human security requires both technological protection and an informed populace to be integrated. Increasing awareness of social engineering threats as well as promoting safety behaviors, will in the long term strengthen data protection and maintain a safer digital world.

Presenter(s): Anthony Pastizzo

Showcase Advisor: Nicole Shepard

Abstract: Cybersecurity is often treated as a technical problem solved with tools like encryption, MFA, and access controls. However, many security failures are also shaped by human behavior and how people interact with systems in organizations. This paper examines human security as the challenge of protecting data, privacy, and systems when human decision-making plays a key role in both defense and failure. Attackers often exploit people through phishing, impersonation, social engineering, and workflow manipulation rather than technical compromise alone. These failures can harm confidentiality, integrity, and availability. The paper argues that training alone is not enough because users face time pressure, conflicting incentives, and different levels of technical skill. Drawing on usable security research and frameworks such as the NIST Cybersecurity Framework 2.0, it argues that organizations improve human security most effectively through user-centered design, secure defaults, clear verification processes, and strong governance that makes secure behavior easier and more consistent.

Presenter(s): Andrew Hoyt

Showcase Advisor: Nicole Shepard

Abstract: Human behavior plays a critical role in cybersecurity, and threat actors often exploit emotions rather than focusing solely on technical vulnerabilities. Social engineering attacks manipulate emotions such as fear, urgency, curiosity, and trust for malicious purposes. Even when organizations have strong technical security measures, attackers can still compromise security by targeting people directly. Phishing and other social engineering attacks succeed because they rely on tricking individuals into making mistakes.

Another growing concern is the function of artificial intelligence in these attacks. With the development of generative AI and LLMs, attackers can now create phishing messages that appear far more convincing than before. In the past, phishing emails often contained suspicious wording that made them easier to recognize. Now, AI can generate realistic messages in seconds and even tailor them to specific individuals using publicly available information. This makes social engineering attacks harder for people to detect.

Presenter(s): Victoria Aidoo

Showcase Advisor: David Adkins

Abstract: Modern enterprise networks operate in hybrid environments that combine on premises infrastructure, cloud platforms, and remote access systems. This architecture expands the attack surface and exposes weaknesses in traditional perimeter security that relies on implicit trust. Hybrid networks increase the risk of credential theft, privilege escalation, and lateral movement across connected systems. This project analyzes how Zero Trust principles improve security in hybrid enterprise environments. Guided by NIST Special Publication 800 207, the study examines identity based access control, continuous verification, and network segmentation. Threat modeling uses the MITRE ATT&CK framework to map credential access and lateral movement techniques and identify architectural weaknesses. Security controls are evaluated against NIST SP 800 53 to assess their ability to reduce the attack surface and limit attacker movement. The study provides architectural analysis, threat mapping, and mitigation recommendations that support stronger governance and risk management in hybrid enterprise networks.

Presenter(s): Zerish Bhatti

Showcase Advisor: Ariel Pinto

Abstract: Over the years, cybersecurity risks have advanced. One of the most common cybersecurity risks today is phishing which often acts as a starting point to cyber incidents like data breaches, ransomware attacks, and credentials being compromised. This project will look at how organizations can manage the risk of phishing with the use of effective cybersecurity risk management practices. This project will concentrate on how technical security mechanisms, user awareness training, and governance rules may lessen phishing-related risks. Additionally, it will examine how Governance, Risk, and Compliance programs might assist organizations detect and respond to phishing attacks by creating policies and procedures. Also, the project will look at how phishing risk management is supported by cybersecurity frameworks. The goal of this project is to gain a better understanding of how organizations can improve their overall cybersecurity posture and decrease phishing risks.

Presenter(s): Nazia Natasha

Showcase Advisor: Ariel Pinto

Abstract: Security Operations Centers (SOCs) generate large volumes of alerts from security monitoring systems, which can overwhelm analysts and increase the likelihood that critical threats are missed. This project explores how cognitive overload affects cybersecurity decision making in SOC environments. Using the CIC-IDS2017 intrusion detection dataset to simulate security alerts, the study will analyze how increasing alert volumes influence the ability to detect and prioritize critical threats. Building on emerging research in cognitive state modeling, the project will examine how indicators of analyst workload can inform adaptive SOC interface design. The goal is to explore whether dynamically adjusting alert presentation and pacing could reduce cognitive overload and improve detection performance. By linking analyst cognitive state with alert management strategies, the study aims to provide insights into improving cyber resilience and supporting more effective cybersecurity risk management in operational environments.

Presenter(s): Michelle Tran

Showcase Advisor: Ariel Pinto

Abstract: The NotPetya cyber incident first presented itself in Ukraine as ransomware in 2017. It quickly escalated into a global phenomenon, affecting major organizations and critical infrastructure across the world. The name derived from an already existing ransomware, Petya, that closely resembled the new attack which led to the name "NotPetya". This was designed to move through networks and encrypt the hard disk from exploiting a back door and various vulnerabilities, ultimately destroying the information that computers needed in order to run. NotPetya's attack became infamous for causing $10 billion in damages and inspiring organizations to prioritize cybersecurity. This presentation will highlight this cyber incident's impact and the importance of cybersecurity frameworks and standards that have come from NotPetya.

Presenter(s): Jaden Boateng

Showcase Advisor: Richard Rose

Abstract: Ransomware is a type of cyberattack where hackers lock a computer system or important files and demand money to unlock them. In recent years, these attacks have started targeting critical infrastructure such as hospitals, energy systems, water services, and transportation. Because people rely on these services every day, an attack can cause serious problems for communities. This presentation explains what ransomware is, how these attacks usually happen, and why some organizations are more vulnerable than others. Many attacks start with phishing emails or by taking advantage of outdated computer systems. The presentation will also discuss the effects of ransomware attacks and some basic ways organizations can protect themselves. These include training employees, updating systems regularly, backing up important data, and having a plan to respond to attacks.

Presenter(s): Kassandra Franz

Showcase Advisor: Nicole Shepard

Abstract: This project examines the growing impact of ransomware attacks on healthcare institutions and highlights how these cyber incidents extend beyond financial damage to create serious clinical consequences. When hospital systems are encrypted or taken offline, healthcare providers may lose access to patient records, medication histories, diagnostic imaging, and communication platforms. These disruptions can delay treatments, cancel procedures, and force hospitals to divert patients to other facilities. In severe cases, ransomware incidents have been linked to increased emergency response times and interruptions in life-saving care.  

The project explores how ransomware attacks commonly infiltrate healthcare networks through phishing emails, weak remote access configurations, or unpatched software vulnerabilities. Once inside a system, attackers often move laterally across networks, escalate privileges, and deploy encryption across critical infrastructure.

Presenter(s): Javier Gonzalez

Showcase Advisor: Unal Tatar

Abstract: Financial institutions increasingly depend on cloud-native architectures and containerized applications to provide scalable digital services. However, traditional enterprise network segmentation models were not designed to meet the dynamic networking and identity needs of containerized environments. This research assesses whether conventional segmentation approaches are fundamentally inadequate for containerized financial services infrastructures and explores how Zero Trust Architecture can address these issues. Through a risk-based architectural analysis guided by NIST Zero Trust and container security frameworks, the study compares traditional segmentation models with Zero Trust-aligned architectures. The aim is to identify design considerations that enhance security, governance visibility, and regulatory compliance in containerized financial environments.

Presenter(s): Patrick Ritchel

Showcase Advisor: Ariel Pinto

Abstract: The main topic of this asynchronous presentation will focus on the role that AI plays in Cybersecurity Risk Management for businesses. In this presentation, I will cover previous research that has been done on the topic. I will also look at the challenges associated with using AI in cybersecurity in a risk management setting. Finally, I will explore the benefits businesses can gain from using AI to help manage their risk.

Presenter(s): Nevaeh Groucher

Showcase Advisor: David Adkins

Abstract: This project examines the role of Governance, Risk, and Compliance (GRC) in strengthening organizational cybersecurity and improving cyber resilience. As cyber threats continue to grow in frequency and sophistication, organizations must adopt structured risk management approaches to protect critical systems and data. The study will explore how GRC frameworks help organizations identify, assess, and mitigate cybersecurity risks while ensuring compliance with industry standards and regulatory requirements. Particular attention will be given to widely adopted frameworks such as the NIST Cybersecurity Framework and ISO 27001, which guide organizations in establishing effective governance structures and security controls. Additionally, the project will analyze how strong risk governance supports faster detection, response, and recovery from cyber incidents. By evaluating the relationship between governance practices and cybersecurity risk management, this research highlights the importance of integrated GRC strategies in reducing cyber incident impact and strengthening long-term organizational resilience.

Presenter(s): Fardeen Zahid, Ryan Kushner, Nate Mitchell, Sheniel Beeston, YahWeh Midas

Showcase Advisor: Jason Appel

Abstract: Many cybersecurity incidents happen because of human behavior rather than technical issues. Security risks develop when people execute three specific actions which include clicking phishing links and using weak passwords and ignoring security policies. The presentation demonstrates two key elements of cyber attack vulnerability which show how human actions endanger cybersecurity systems. The organization can decrease security risks from human actions through better security training and stronger authentication methods which the organization should implement as security solutions.

Presenter(s): Cory Czuba

Showcase Advisor: Sheikh Rabiul Islam

Abstract: Today, phishing attacks continue to be a common cyber security threat due to their reliance on social engineering and human trust. Previously, many phishing emails were much easier to recognize due to them often containing spelling mistakes, they had poor grammar, or they just had generic messages. They have been created using AI tools to generate realistic and personalized phishing emails that closely resemble legitimate communication from companies or individuals. Due to these changes, many of these emails may be able to bypass traditional filtering and make it harder for users and security software to identify potential threats.

The goal of this research is to explore how generative AI can be used to enhance phishing campaigns and how these AI-generated attacks differ from traditional phishing attacks. My research will examine the potential security risks associated with these techniques and what challenges they create for cybersecurity individuals and cybersecurity companies.

Presenter(s): Madison Lord

Showcase Advisor: Barak Hussein

Abstract: Social media platforms such as Instagram, TikTok, and Facebook allow people to connect, share experiences, and communicate online. But every post, like, comment, or photo contributes to a digital footprint, which is the trail of data users leave behind while using the internet. This presentation explores how digital footprints are created through social media activity and how that information can create privacy and cybersecurity risks. Personal information shared online can sometimes be collected, tracked, or even exploited by cybercriminals for scams, phishing attacks, or identity theft. Many users are unaware of how much data they share publicly or how easily it can be accessed. This project highlights the importance of understanding digital footprints and explains simple strategies individuals can use to protect their privacy, such as adjusting privacy settings, limiting location sharing, and being mindful of the information they post online.

Presenter(s): Andrew Pettit

Showcase Advisor: Nicole Shepard

Abstract: Modern software development depends heavily on open-source libraries, third-party components, and automated development pipelines. While these tools improve efficiency and innovation, they also introduce significant security risks within the software supply chain. A software supply chain attack occurs when attackers compromise trusted components used in the development or distribution process, allowing malicious code to be unknowingly delivered to users through legitimate software updates or dependencies.

Recent high-profile incidents have demonstrated how a single compromised component can impact thousands of organizations simultaneously. Attackers may exploit vulnerabilities in open-source packages, inject malicious code into software updates, or manipulate development pipelines to distribute malware at scale. Because these attacks target trusted systems, they can be difficult to detect and mitigate.

This presentation examines how software supply chain attacks occur, the risks to organizations, and the security practices such as dependency monitoring and code verification that help strengthen modern software security.

Presenter(s): Sofia Warren-McCann

Showcase Advisor: Sheikh Rabiul Islam

Abstract: Today, many artificial intelligence softwares utilize machine-learning in order to improve their skillsets. This style of AI training has the capabilities to be great, but this hinges on the quality of data used in training. Model Cards are the proposed solution to data inconsistency. A model card put simply, is a standardized formatted dataset. Utilizing Python technology you are able to generate data into a Model Card. These cards are much easier to read for the AI, and when done successfully, also yield less training errors. Currently, people working with datasheets are trying to create optimized templates. These templates are intended to leave the smallest amount of risk of bias/errors. This study focuses on creating a new Model Card template utilizing Python and a GitHub toolkit. Once created, we plan on testing the template on a public dataset. From there, we will analyze the potential risks the generated template has.

Presenter(s): David Alabi, Jack Natter, Satar Safvan, Chase Garner, Jason Wang

Showcase Advisor: Jason Appel

Abstract: User Behavior Analytics (UBA) is a cybersecurity approach used to detect insider threats and abnormal activity by analyzing patterns in user behavior such as logins, file access, and system usage. By establishing a baseline of normal behavior, UBA systems can identify anomalies that may indicate compromised accounts, data misuse, or malicious insider actions. While UBA strengthens an organization’s ability to detect threats that traditional security tools may miss, it also raises important concerns related to employee privacy, ethical monitoring, and data management. This presentation examines how UBA works within modern cybersecurity environments and the challenges organizations face when balancing security needs with privacy protections. It also discusses solutions such as transparency with employees, data minimization, and responsible data retention practices to ensure monitoring systems are used ethically and legally. Understanding these considerations helps organizations implement UBA in a way that improves security while maintaining trust and protecting employee privacy.

Presenter(s): James Smith

Showcase Advisor: Frederick Hintermister

Abstract: Many software and technologies can prevent and mitigate attacks from hackers. They are very reliable, and you can use them together to create a strong security posture. However, there will always be weaknesses and risks through humans; technology alone cannot put a stop to hackers. There needs to be training and rules that people follow along with these technologies to have the strongest possible security posture and to prevent and mitigate as many attacks as possible from hackers. In this project, we will look at how this mutually supporting combination of applied security technologies and human risk management steps are necessary for optimized Enterprise Risk Management (ERM) and cybersecurity performance. We will survey a few common frameworks and selected case studies to point towards what worked, what did not and identify potential gaps and opportunities to consider - and why.

Presenter(s): Joseph Attoh

Showcase Advisor: Benjamin Yankson

Abstract: Modern enterprise networks are changing as organizations adopt cloud services, remote work models, and hybrid infrastructures. Traditional perimeter security relies on boundary defenses and assumes that authenticated users and devices inside the network can be trusted. However, recent cyber incidents show that attackers frequently exploit this internal trust to move laterally across systems and escalate privileges after gaining initial access. 

This research examines the architectural limitations of perimeter security in hybrid enterprise environments and evaluates Zero Trust Network Architecture as a more resilient security approach. Using architectural comparison and threat modeling frameworks such as MITRE ATTACK, the study explores how identity based access control, micro segmentation, and continuous verification can reduce opportunities for post compromise attacker movement. The analysis also considers implementation challenges including legacy integration and operational complexity. 

The findings highlight how stronger trust enforcement strategies can improve security outcomes in increasingly distributed enterprise networks.

Presenter(s): Mohammed Tasneem

Showcase Advisor: Sheikh Rabiul Islam

Abstract: The dissemination of false data and disinformation has accelerated due to the quick development of social media platforms and digital news sources. False information has the power to sway public sentiment, cause misunderstandings, and erode confidence in reliable organizations and newspapers. The human confirmation used in conventional fact-checking techniques is sluggish and challenging when dealing with the volume of online information. This work investigates the automatic detection and classification of bogus news using machine learning and artificial intelligence (AI). Models like logistic regression, support vector machines, and artificial neural networks are assessed using natural language processing methods and datasets with labels. The findings imply that AI is capable of successfully recognizing linguistic characteristics which separate fraudulent material from trustworthy sources of information.

Presenter(s): Mae Moore, Joseph Pinto, Steeve Fils-Aime, Roger Rodriguez, Lamin Aggi, Maryam Sadisu, Samari Beauford, Mirza Tasnia

Showcase Advisor: Edward Ansong

Abstract: A program that takes in (fake) personal details in to bet with (fake) money through a game of black jack. Utilizes python and is a showcase of cybersecurity through password policies and keeping a log of everything done in the game.

Presenter(s): Jacob Stern

Showcase Advisor: Edward Ansong

Abstract: This will be a python powered game of Jeopardy focused on cybersecurity related questions. There will be a login that keeps all of your information safe and a score board to track different players score. This game of Jeopardy aims to test and expand players knowledge in cybersecurity while using skills we've learned from class to create this program.

Presenter(s): Cameron Breaton, Oscar Chen, Joshua Wumais, Aashwin Latchman, Lewis Vincent

Showcase Advisor: Edward Ansong

Abstract: So the gist of this presentation is the bring the classic game of rock paper scissors to a website. The idea is to display statistics such as time played, how many times you've played rock/paper/ or scissor, you're win/loss rate, how many wins you have and how many losses you have. Players should be able to save their data with a username and password, playing against computers and possibly humans.

Presenter(s): Ryan Folkes

Showcase Advisor: Sarah Murray

Abstract: AI is transforming cybersecurity for both defenders and attackers. While AI enables organizations to detect threats faster and analyze large amounts of data, attackers use it to automate phishing, generate malware, and scale cyberattacks more effectively. This creates an emerging challenge known as adversarial AI, in which machine learning systems become targets. Model poisoning, adversarial inputs, and prompt injection are all techniques that can be used to manipulate AI systems, causing them to make incorrect decisions or miss malicious activity. These risks are especially concerning as AI is increasingly integrated into critical sectors such as healthcare, finance, and infrastructure. The poster is going to investigate how AI-driven cyberattacks work, why traditional defenses fail to keep up, and what strategies organizations can employ to secure AI systems and strengthen cybersecurity defenses.

Presenter(s): Malcolm Harrington

Showcase Advisor: Sheikh Rabiul Islam

Abstract: This study looks at how machine learning models and artificial intelligence might enhance the identification of phishing-based Business Email Compromise attacks in financial communication systems. The main goal is to examine deep learning techniques that can automatically identify linguistic, and behavioral patterns linked to phishing emails, such as convolutional networks, recurrent neural networks, and transformer-based models. The study is based on findings from recent studies that assess the effectiveness of machine learning models in phishing detection that were published between 2021 and the present. In addition to highlighting significant issues including small datasets, false positive rates, model explainability, and the rise of phishing emails produced by artificial intelligence, these studies often report detection accuracies above 95%. The results suggest that phishing detection reliability can be greatly increased using hybrid detection frameworks that combine behavioral analysis, organizational verification controls, and deep learning models.

Presenter(s): Lucas Staubach

Showcase Advisor: Ariel Pinto

Abstract: This poster will investigate the current trends relating to AI in Cybersecurity Risk Management from the eyes of bad actors and defending organizations. Section to be covered will include what AI is, how AI is used in cybersecurity, how bad actors use AI to attack organizations, and how organizations are using AI to defend against bad actors.

Presenter(s): Charlie Nittinger

Showcase Advisor: Matt Bassin

Abstract: Artificial intelligence is changing the cybersecurity threat landscape, particularly in the area of phishing attacks. In the past, phishing emails were often easier to detect due to spelling errors, poor formatting, or unrealistic language. However, modern generative AI tools can now create convincing, personalized messages that appear legitimate. This allows attackers to automate phishing campaigns and send large numbers of realistic messages quickly. This presentation examines how AI is being used to generate phishing attacks and why these attacks are becoming harder to detect. It also discusses the challenges this creates for current cybersecurity defenses and the need for improved detection methods.

Presenter(s): Yujie Zheng

Showcase Advisor: Richard Rose

Abstract: The integration of artificial intelligence in modern warfare has the potential to greatly change the face of war by providing powerful capabilities like autonomous drones, surveillance systems, and faster data analysis. Even though these capabilities have the potential to make warfare more efficient and reduce the risks faced by human soldiers during war, there are ethical issues that have been raised by the integration of artificial intelligence into warfare. There is a concern over the extent to which decision-making autonomy should be granted to artificial intelligence systems, especially when it comes to matters that affect human lives. This project seeks to discuss the benefits and risks of artificial intelligence in warfare, including the limits that have been proposed for artificial intelligence systems in warfare. These limits include the need for human oversight in matters that affect human lives and the development of regulations for the use of autonomous weapons.

Presenter(s): Nicholas Coppola, Mazharul Rohan, Keelan Doubouyou, Tugce Unlu, Jovan Rodriguez

Showcase Advisor: Sean Atkinson

Abstract: This paper examines the cybersecurity threat posed by Warlock ransomware and its potential impact on organizational environments. Ransomware attacks remain a major threat to modern networks, using tactics such as phishing, exploitation of unpatched vulnerabilities, and compromised credentials to gain initial access. Once inside a system, Warlock ransomware can escalate privileges, establish persistence, and encrypt critical files, rendering systems inaccessible while demanding payment for decryption.

The paper analyzes the technical mechanisms behind the attack lifecycle and the tactics, techniques, and procedures (TTPs) used by ransomware operators. It also evaluates the broader scope of the threat through a risk assessment of a selected organization type, focusing on technical vulnerabilities, risks to data confidentiality and integrity, financial losses caused by downtime and ransom demands, and potential reputational damage.

Finally, the study provides technical and organizational recommendations to help mitigate ransomware risks and strengthen overall cybersecurity resilience.

Presenter(s): Daniyal Mann, Eric Tran, Daniel Mejia, Frances Matike

Showcase Advisor: Nour Alhussien

Abstract: Application attacks target vulnerabilities within a software application. These attacks are designed to exploit weaknesses in how applications process user input, authenticate, and manage data. Common examples of this is SQL injection, cross-site scripting (XSS), command injection, and even buffer overflow attacks. Often times, attackers will manipulate input fields to execute malicious code that will steal sensitive data allowing them to gain unauthorized access to systems. Modern organizations are often huge and rely heavily on web applications such as Microsoft office. Our presentation analyzes how an application attack works, what techniques attacks use to exploit inputs, and how it could potentially impact users and organizations.

Presenter(s): Brandon Patanjo

Showcase Advisor: Benjamin Yankson

Abstract: APT's or advanced persistent threats are posing a serious threat in our cybersecurity architecture. Creating a hybrid cloud environment to be able to determine how to be able to defend against these APT's with using Red Team and Blue Teams to help train each other. With using simulation methods you can have Red team perspectives in being able to attack a hybrid cloud environment and have Blue team defend against it and use it as training to be able to be ready for the real deal.

Presenter(s): Stephen Gravereaux

Showcase Advisor: Sheikh Rabiul Islam

Abstract: Smartwatches continuously collect motion data and timings which could reflect interactions or tasks. This study will use open sourced smartwatch and sensor datasets collected during structured tasks activities to investigate the feasibility of behavioral inferences through machine learning. The models are evaluated based on their ability to accurately distinguish between task types. I plan to use open source sensor data from smart watches collected during different tasks for ML training. This work will also explore the security and privacy implications of wearble sensor data.

Presenter(s): Wajahat Hussain, Simon Xu, Saboor Amjad, Khalid Bakrin

Showcase Advisor: Nour Alhussien

Abstract: This research focuses on how AI is built into today’s web design and how it affects our privacy. Websites now use AI to read our behavior, personalize what we see, and gather data through cookies and tracking tools. I’m also looking at the cybersecurity side how AI can protect users, but also how it can be used in smarter cyberattacks.

Presenter(s): Alex Ficarrotta, Angelo Pollari, Eamonn Lydon, Nicholas Kleinknecht

Showcase Advisor: Ramana Allena

Abstract: Software security focuses on protecting applications from vulnerabilities that attackers can exploit to compromise systems, steal data, or disrupt services. As organizations increasingly rely on software-driven systems, securing applications has become a critical component of cybersecurity. Common threats include vulnerabilities such as SQL injection, cross-site scripting (XSS), command injection, and broken authentication, which often arise from improper input validation, insecure coding practices, and weak access controls. Effective software security requires integrating security throughout the software development lifecycle, including secure coding standards, vulnerability testing, code reviews, and continuous monitoring. Practices such as input validation, encryption, authentication controls, and regular security assessments help reduce the risk of exploitation. By addressing vulnerabilities early in development and maintaining strong defensive measures, organizations can significantly improve the resilience of their applications and protect sensitive data, systems, and users from evolving cyber threats.

Presenter(s): jaden barufka

Showcase Advisor: Sheikh Rabiul Islam

Abstract: Facial recognition and biometric systems are increasingly used in security, law enforcement, identity verification, and consumer technologies. As their adoption expands, concerns about demographic bias have grown and in particular the unequal performance across groups defined by race, gender, and age. These disparities often lead to unfair outcomes such as higher misidentification rates for certain populations, reduced trust in automated systems, and potential societal harm. Addressing these challenges requires a deeper understanding of the sources of bias and the effectiveness of current mitigation strategies.

This poster is going to provide a survey of demographic bias in face recognition systems and examines the factors that contribute to unequal performance across groups. The study reviews existing research on dataset composition, algorithmic design, evaluation metrics, and real-world deployment conditions that influence fairness outcomes.

Presenter(s): Ryan Dalland

Showcase Advisor: Benjamin Yankson

Abstract: This project develops a small scale Bluetooth Low Energy (BLE) mesh network prototype to enable decentralized, resilient communication among IoT devices without relying on central WiFi or cloud infrastructure. The implementation demonstrates message relaying across a 3 node network, potential self healing behavior under simulated node failures, and efforts toward basic mobile app integration for communion and community. It employs a decentralized topology where nodes connect directly or indirectly (many-to-many), forming a 'web' or mesh instead of a star topology (one central point). Passive RF analysis evaluates protocol behavior to highlight strengths for privacy and security in connected environments. The work explores secure by design principles for future IoT deployments, addressing vulnerabilities inherent in traditional star topologies.

Presenter(s): Angel Godfrey

Showcase Advisor: Frederick Hintermister

Abstract: In healthcare, big cybersecurity incidents rarely start with elite hackers—they usually start with ordinary human slip‑ups. A rushed click between patients, a shared password “just for today,” or a workstation left unlocked can quietly grow into a full‑blown breach with clinical, operational, and regulatory fallout. (HIPAA is not known for its sense of humor.) This abstract takes a brief, lighthearted look at how these “breach babies” are born, why they thrive in busy clinical environments, and how attackers use the chaos of healthcare to their advantage. We’ll highlight what leaders can do to catch small issues early, design workflows that make secure behavior the easy choice, and create a culture where reporting mistakes is treated like patient safety: essential, encouraged, and judgment‑free. The goal: shrink human‑factor risk, support your workforce, and keep breach babies from taking their first steps.

Presenter(s): Mercedes Wahl

Showcase Advisor: Benjamin Yankson

Abstract: Software supply chain attacks increasingly target upstream components of the development lifecycle, including third-party dependencies and build pipelines. Incidents such as SolarWinds and Log4Shell demonstrate how vulnerabilities introduced early in the software supply chain can propagate across many dependent systems. This study evaluates whether integrating automated DevSecOps security controls into development pipelines improves detection of vulnerable software components.

A controlled sandbox environment was created to simulate a simplified CI/CD pipeline. Two configurations were tested: a baseline pipeline without automated security enforcement and a secure pipeline incorporating vulnerability scanning, Software Bill of Materials (SBOM) generation, and artifact integrity verification. A known vulnerable dependency was intentionally introduced into the application.

Results showed that the baseline pipeline allowed the vulnerable dependency to pass undetected, while the secure pipeline successfully identified the vulnerability and improved visibility into software components. These findings suggest that automated DevSecOps controls strengthen defenses against software supply chain risk.

Presenter(s): Owen Watson, Kenneth Yard, Giovanni Lazala, Naheem Francis, Eamonn Lydon

Showcase Advisor: Jill Cofield

Abstract: This project presents the design and development of a database application to track laptops assigned to students and teachers to monitor their current cybersecurity status. Throughout the semester, our team collaborated to create a fully conceptualized system that models real-world data needs, security considerations, and user interactions within our selected environment.

Our work includes the creation of an entity-relationship (ER) model, a normalized relational schema, and a set of SQL queries that demonstrate core system functionality such as data retrieval, updates, and reporting. We also developed example interfaces or system screenshots to illustrate how users might interact with the application in practice. In designing this system, we applied key principles of database design, data integrity, and cybersecurity, with a focus on protecting sensitive information and ensuring reliable system performance.

Presenter(s): Alex Warner, Yaroslav Oliynyk

Showcase Advisor: Faruk Curebal

Abstract: Cloud computing platforms like AWS provide flexible server infrastructure for modern organizations and is commonplace in many industries. However, one mistake while configuring this cloud infrastructure can lead to insecurity and data being unintentionally exposed. This study examines one of the most infamous cases of cloud misconfiguration, that being the Capital One breach in 2019. Due to a misconfigured firewall and overly permissive IAM roles in AWS, attackers were able to exploit vulnerabilities and gain access to the data of millions of users. By taking a look into this data breach, we can gain a better understanding of how important cloud security is and what sorts of things administrators can take to prevent these types of attacks in the future.

Presenter(s): Anthony Pastizzo

Showcase Advisor: Ariel Pinto

Abstract: This research bridges the gap between abstract security checklists and the chaotic reality of healthcare ransomware. While most advice focuses on "what" to implement, this study explores "how" specific Zero Trust Architecture (ZTA) controls actually break the chain of a live attack. By analyzing real-world breaches, I’m building a healthcare-specific cascade model that traces how an initial infection spirals through clinical workflows, EHR platforms, and pharmacy systems. Using a qualitative, case-based methodology, I’m identifying high-leverage "breakpoints"—like phishing-resistant MFA, micro-segmentation, and privileged access management—that can stop lateral movement before it reaches critical care applications. The goal is to provide a decision-making tool for healthcare leaders that prioritizes defenses based on their ability to shrink the blast radius and protect patient safety. Ultimately, this shifts the focus from simple prevention to a resilient strategy that contains damage and keeps care delivery running during an incident.

Presenter(s): Alexis Crever

Showcase Advisor: Sheikh Rabiul Islam

Abstract: In the evolving cyber climate, cloud systems have become more popular across many industries for daily operations and storage spaces despite the security concerns that cloud security faces. There are many known vulnerabilities that lie in the cloud security space, such as specific misconfigurations, insider threats and third party attacks.

However, there are also many unknowns with cloud security that must be further researched so best practices can be implemented as organization’s standards. Threats have become more difficult to defend due to the evolving attack methods with deeper complexity and adaptability. Bridging the gap between trusted frameworks and emerging threats through ongoing research is crucial for establishing standards that safeguard cloud infrastructure in this challenging threat environment.

Presenter(s): Corey Cheng

Showcase Advisor: Ramana Allena

Abstract: Social engineering attacks continue to be very effective used by cybercriminals to gain unauthorized access to sensitive information. Unlike traditional cyber attacks, social engineering doesn’t use technical vulnerabilities to exploit weakness, but instead, uses human weakness by manipulating victims into revealing their sensitive information or performing actions that puts their security in jeopardy. The risks associated with social engineering have significantly grown as organizations rely on digital platforms for their security more.  

The research will also emphasize the importance of cybersecurity awareness and proper training. Strategies include regular awareness training, phishing simulation educations, and enabling MFA. Organizations can reduce risk even more by implementing stronger security policies and better incident response procedures. The poster will show how awareness can be developed. Building our cybersecurity awareness and skills and defense is crucial for protecting individuals, organizations, and communities from social engineering threats that are becoming increasingly complex.

Presenter(s): Sang Jun Kim

Showcase Advisor: Sheikh Rabiul Islam

Abstract: Ransomware continues to pose a critical threat to enterprise networks, critical infrastructure, and individual systems. Modern ransomware variants increasingly evade traditional signature-based detection methods such as hash matching, antivirus signatures, and network intrusion detection systems. One emerging strain, 01Flip, first identified in 2025, represents a new generation of cross-platform ransomware written in Rust that targets both Windows and Linux environments. Due to its novelty and limited threat intelligence, detecting this malware presents new challenges for defenders.

This research investigates how behavioral pattern extraction from AI-assisted host log analysis can support early detection of emerging ransomware such as 01Flip. Samples will be executed within a controlled sandbox environment to capture host-based logs including file system activity, process creation events, and system-level operations. The collected behavioral patterns will be compared with known ransomware families to identify shared and unique indicators, demonstrating how AI-assisted behavioral analysis can improve early ransomware detection and mitigation.

Presenter(s): Nicholas Kleinknecht

Showcase Advisor: Ariel Pinto

Abstract: This project takes Michael Rodriguez’s work on ransomware and shifts the focus toward Cascading Cyber Risk (CCR) in power grids. Instead of just looking at Zero Trust as a basic defense, I’m reframing it as a "containment strategy" to stop local issues from spiraling into system-wide failures. I’ll be looking specifically at how micro-segmentation and IAM can act as internal barriers to limit lateral movement within OT systems. Using a qualitative approach based on NIST standards, I’m analyzing how failures jump through these tightly connected systems. The goal is to find clear patterns where strict identity checks and IT/OT separation actually shrink the "blast radius" of an attack. Ultimately, I want to give power industry pros and policymakers a solid reason to adopt Zero Trust, showing them exactly how it can contain a disaster and keep critical infrastructure resilient.

Presenter(s): Joshua Martinez

Showcase Advisor: Barak Hussein

Abstract: I studied the Colonial Pipeline ransomware attacks and the impact it's had on critical infrastructure. This project analyzes how ransomware attacks occur, what to do if these attacks were to occur, and how to mitigate vulnerabilities and risks. I'm going to use the findings in my research and map them out to frameworks such as NIST and ISO 20071, emphasizing least privilege and IAM policies.

Presenter(s): Max LaMonica

Showcase Advisor: Barak Hussein

Abstract: This presentation revolves around the 2021 cyber attack on the Colonial Pipeline network, and goes into detail on the events preceding the attack, the attack itself, the vulnerabilities that allowed the attack to happen, and the effect of the cyber attack on the cybersecurity industry. Research done will show the exigence behind the capabilities of such a compromised supply system, and how such compromises came to be. The presentation will also go over the main actors in the attack, such as the American oil company Colonial Pipeline victimized by the ransomware, as well as the perpetrators of the attack, the organized cyber crime group DarkSide.

Presenter(s): Sanaya Xavier, Jonathan Brereton, Md Zahid Hasan

Showcase Advisor: Faruk Curebal

Abstract: Phishing remains one of the most common and successful cybersecurity threats because it exploits human behavior rather than only technical vulnerabilities. Research shows that psychological, demographic, and situational factors influence a user’s ability to recognize phishing emails. Studies indicate that stress, multitasking, and time pressure reduce attention and decision-making ability, making it easier for attackers to deceive users with urgent or authoritative messages. When individuals are distracted or mentally overloaded, they are more likely to overlook warning signs such as suspicious links, unfamiliar senders, or unusual requests for sensitive information.

Additionally, demographic characteristics and personality traits can affect susceptibility. Younger users may be confident in their technical skills, while older users may struggle to recognize more sophisticated phishing tactics. These findings suggest phishing prevention should not rely solely on technical defenses. Organizations must also incorporate user-focused strategies such as targeted training, behavioral awareness, and contextual warning systems to strengthen cybersecurity.

Presenter(s): Kyle Millington

Showcase Advisor: Ramana Allena

Abstract: Make a presentation based on a mock company (In the format of a Risk Assessment) that has rising vulnerabilities within their company. This risk assessment will provide a list of vulnerabilities tied with that company that may include issues like outdated hardware, third-party vendor risk, etc. We will procure the hardware utilized within the company and demonstrate where vulnerabilities lay, possibly mapping it out on a risk model like MITRE framework, then we will provide our best practices, as well as assumptions if the company does not make necessary changes.

Presenter(s): Joveeta Abraham

Showcase Advisor: Barak Hussein

Abstract: The 2021 Colonial Pipeline Incident exposed how a single stolen password can compromise the entire fuel supply of the East Coast. The DarkSide Group exploited vulnerabilities within the critical infrastructure, which led to a huge national security crisis. This poster will focus on prevention and also explore how you can use more modern defenses to secure operational technology. We can implement stronger defense measures like network segmentation, multi-factor authentication, and using AI to detect real-time threats. We can protect our national energy grid against future cyber threats and sophisticated attacks by learning from this incident.

Presenter(s): Reza Jari, Tinashe Chinamasa, Ojaswi Dulal, Ethan Reyes, Ashton Chuchuca, Bekzod Iskandarov, Mohammed Alattas

Showcase Advisor: Catherine Dumas

Abstract: This template provides a structured framework for identifying, documenting, and evaluating technical and security risks within a software system. It guides users in recording risks using a consistent format that includes risk statements, causes, potential impacts, likelihood and impact scoring, mitigation plans, and supporting evidence. The framework also incorporates scenario-based analysis, permission and configuration review, infrastructure checks, and risk scoring matrices to support systematic assessment. Designed for new team members and interns, the template standardizes how risks are logged, analyzed, and tracked over time while supporting periodic review and mitigation planning.

Presenter(s): Tadiwa Mwahowa

Showcase Advisor: Barak Hussein

Abstract: The Stuxnet incident is a watershed for cybersecurity. It is the first time that a digital weapon was used against industrial facilities to produce physical destruction in a public setting. Discovered in 2010, its sophisticated worm specifically targeted Siemens supervisory control and data acquisition (SCADA) systems at Iran's Natanz uranium enrichment facility. Stuxnet exploited multiple zero-day vulnerabilities in a covert operation, manipulating programmable logic controllers to alter centrifuge operational speeds while concealing these changes from monitoring systems. This caused catastrophic mechanical failure without informing operators. The attack illustrated the profound vulnerability of air-gapped systems and set the stage for a new era of state-sponsored cyber warfare, wherein malicious code can be wielded directly for geopolitical sabotage of vital national assets.

Presenter(s): Andrew Pettit

Showcase Advisor: Richard Rose

Abstract: The rapid expansion of unmanned aerial vehicles (UAVs), commonly known as drones, has created new opportunities across industries such as surveillance, emergency response, and transportation. However, the increasing reliance on wireless communication networks and remote control technologies has also introduced significant cybersecurity risks. Drone systems are vulnerable to cyberattacks including signal spoofing, jamming, unauthorized access, and data interception. This presentation examines the cybersecurity threats affecting UAV systems and explores methods for strengthening drone security. Research highlights vulnerabilities in UAV communication networks and the potential for malicious actors to exploit these weaknesses for surveillance or disruption. The presentation also discusses emerging security solutions, including blockchain-based authentication systems and advanced attack detection methods designed to protect drone networks. In addition, broader concerns such as privacy risks associated with drone surveillance are considered. Understanding these challenges is essential for developing stronger cybersecurity frameworks and ensuring the safe and responsible use of drone technology.

Presenter(s): Sebastian Ng

Showcase Advisor: Barak Hussein

Abstract: I don't know what this project is supposed to be on yet, but my professor said it was required for our class.

Presenter(s): Keven Zepeda, Kevin Mirkov, Dylan Durandis, Jayden Latchman, Justyn Armstrong

Showcase Advisor: Ramana Allena

Abstract: Data security is one of the most important aspects of an organization, as more and more organizations are relying on data that is sensitive and digital data security becomes a main priority for many organizations. In this project we will explore the key threats to data security, and how we can mitigate these threats. We will explore things like human behavior as vulnerabilities and how organizations can improve and no longer be a risk.

Presenter(s): Triyog Chhetry

Showcase Advisor: Rawan Almakinah

Abstract: Artificial Intelligence systems are becoming more and more prevalent in cybersecurity tools, analysis, and decision-making systems. Many organizations have been starting to use AI systems to help detect threats and help security professionals. Large language models, used in AI chatbots and analysis tools, have shown that they are capable of creating responses that sound natural. However, these AI tools are not always reliable and can be biased. This issue is often referred to as AI hallucination since the AI can produce information that sounds correct but is inaccurate. In cybersecurity, accurate information is very important and these types of errors can create serious problems.

Presenter(s): Brayden Surprise

Showcase Advisor: Ramana Allena

Abstract: This project will cover advances in artificial intelligence have introduced new cybersecurity threats, including deepfake-based social engineering attacks. Deepfake technology uses AI to create realistic audio, video, or images that impersonate real individuals such as executives, coworkers, or government officials. Cybercriminals use these impersonations to manipulate victims into transferring money, sharing sensitive information, or granting system access. 

Unlike traditional phishing attacks, deepfakes exploit people’s trust in voices and faces, making them more convincing and harder to detect. Examples include fake voice messages from executives requesting urgent payments or fraudulent video calls used to impersonate authority figures.

To counter these threats, organizations and individuals can implement verification procedures, multi-factor authentication, and AI-based deepfake detection tools. Increasing cybersecurity awareness and training can also help people recognize suspicious requests and verify communications before taking action, reducing the risk of deepfake-based cyber attacks.

Presenter(s): Aaron Curry

Showcase Advisor: Jennifer Horn

Abstract: Generative AI has shifted the cybersecurity frontier by enabling hyper-realistic deepfakes that bypass traditional text-based phishing. By impersonating trusted figures through voice and likeness, attackers exploit human psychology to manipulate targets into deviating from security protocols.

Current research highlights visual artifacts and "vishing" (voice phishing) as key indicators of synthetic media. However, because technical detection frameworks consistently lag behind generative capabilities, relying solely on software is insufficient. Instead, the most effective defense strategy necessitates a transition toward "zero trust" communication and enhanced digital literacy to identify discrepancies that automated tools might miss.

Presenter(s): Sameer Suchdeve

Showcase Advisor: Sheikh Rabiul Islam

Abstract: The rapid advancement of generative artificial intelligence has changed the landscape of phishing attacks. Modern language models can produce highly convincing emails that closely resemble legitimate human communication. This creates challenges for traditional spam filters and rule based detection systems that were not designed to detect sophisticated AI generated content. As organizations rely heavily on email, accurately detecting these attacks has become increasingly important.

This study reviews research on detecting and preventing AI generated phishing emails. The goal is to examine how machine learning, natural language processing, and behavioral analysis can improve detection compared to traditional filtering methods. Many studies analyze linguistic patterns, sender behavior, and writing style features to identify differences between AI generated and human written emails.

Findings suggest that machine learning based methods improve phishing detection accuracy, but major email platforms still struggle to consistently identify AI generated phishing attempts.

Presenter(s): Lauren Bruzzese

Showcase Advisor: Nour Alhussien

Abstract: Cities collect large amounts of public service data, but understanding whether services are distributed fairly can be challenging. Understanding patterns in spatial–temporal data presents significant challenges for machine learning systems because events occur across both locations and time. Developing machine learning models able to effectively analyze these patterns is important for decision-making in urban environments. This research focuses on designing a machine learning model that can interpret spatial–temporal data to better understand patterns in service systems. 
As a case study, this project examines the New York City 311 dataset, which contains millions of resident-reported service requests across different neighborhoods and time periods relating to issues such as noise, sanitation, parking, heating, and infrastructure problems. The research investigates how complaint patterns vary, and whether certain areas experience slower response times, higher complaint densities, or more unresolved issues. The data-driven insights can support more equitable and efficient city service management.

Presenter(s): Nathan Potcak, Garrett Allard, Nick Gallo, Santiago Norena, Anthony Arenare

Showcase Advisor: Jill Cofield

Abstract: Our project presents the design and development of a database application to drone data we've collected. During the semester, our team collaborated to build a fully conceptualized system that models real‑world data needs, security considerations, and user interactions within our selected environment.

Our work includes the creation of an entity‑relationship (ER) model, a normalized relational schema, and a set of SQL queries that demonstrate core system functionality such as data retrieval, updates, and reporting. We also developed example interfaces or system screenshots to illustrate how users might interact with the application in practice. In designing this system, we applied key principles of database design, data integrity, and cybersecurity, with a focus on protecting sensitive information and ensuring reliable system performance. We hope to inform the public on the safety aspects around drones and the data in which they collect.

Presenter(s): Wade Mattingly

Showcase Advisor: Richard Rose

Abstract: Artificial intelligence is rapidly changing the field of cybersecurity. This research examines how AI impacts both cyber defense and cybercrime. On the defensive side, organizations use AI to analyze network traffic, detect unusual behavior, classify malware, and respond to security threats faster than human analysts. Machine learning systems can process large amounts of data and identify potential attacks in real time. However, cybercriminals are also using AI to improve their attacks. AI can help create more convincing phishing emails, automate fraud campaigns, and generate deepfake audio or video used in social engineering attacks. This creates a technological “arms race” between defenders and attackers. As AI tools become more common, the speed and complexity of cyber threats continue to increase. Understanding this dual role of AI is important for businesses, governments, and individuals as they develop strategies to improve cybersecurity and reduce the risks associated with emerging technologies.

Presenter(s): Wooseok Jung

Showcase Advisor: Nour Alhussien

Abstract: Vision Language Models often struggle with precise 3D spatial tasks despite their semantic strengths. This research explores bridging the gap between 2D inputs and 3D intelligence by analyzing the DepthLM and SpatialVLM frameworks. The study examines how DepthLM enables expert level metric depth estimation using visual prompting and intrinsic conditioned image augmentation to overcome camera ambiguity. This approach allows high precision distance measurements without architectural changes. Additionally, this study incorporates the SpatialVLM methodology, which uses large scale synthetic data to train models on complex spatial relationship reasoning. By combining precise metric measurement with logical spatial analysis, this research demonstrates how these models can be transformed into robust 3D experts for robotics and autonomous navigation. This study highlights that effective prompting and targeted spatial training allow unified models to match or exceed the performance of specialized pure vision models.

Presenter(s): Michael Rodriguez

Showcase Advisor: Ariel Pinto

Abstract: The presentation is on how organizations suffer significant financial losses as a result of identity-based breaches. This topic examines the impact of identity theft on risk management and cybersecurity economics. Weak authentication, excessive access privileges, or stolen credentials are common starting points for cyber incidents. These flaws allow hackers to access systems and private information without authorization. The study links these incidents to governance, risk, and compliance procedures as well as cybersecurity risk management. It also looks at how inadequate identity governance raises the likelihood and consequences of cyberattacks. High costs associated with identity compromise, such as operational disruption, legal penalties, and reputational harm, are revealed by actual breach data. Additionally, the topic examines how cybersecurity standards and frameworks support more robust identity controls. By confirming each user and device, continuous authentication and zero trust security lower exposure.

Presenter(s): Syed Ahmed, Anthony Arenare

Showcase Advisor: Faruk Curebal

Abstract: Today the way electoral information is disseminated and received is changing because of social media and other digital communication technologies. Social media and digital communication technologies that have the potential to empower citizens and increase their participation in electoral processes are at the same time the best breeding grounds for electoral misinformation. This poster deals with the electoral misinformation vulnerabilities and their impacts on electoral processes. 

Misinformation about elections is being found on social media platforms, in compromised accounts, in bot activity and in influence operations. Some of the activities are being carried out by domestic actors, but others are being done by foreign actors with a number of motivations, such as trying to affect the outcome of an election, disenfranchise voters or instill doubt in the electoral process. With this poster, I will demonstrate the ways in which misinformation is conducted within the cyber field.

Presenter(s): Fatoumata Diay

Showcase Advisor: Sheikh Rabiul Islam

Abstract: Abstract: 
This research presents an emotion-aware framework using transformer-based models to detect phishing attacks that exploit psychological manipulation strategies. Modern phishing campaigns increasingly utilize emotional triggers such as fear, urgency, authority, and trust to deceive victims. However, most existing detection systems primarily focus on technical indicators like URLs, domain reputation, and lexical patterns. The issue addressed in this study is the limited ability of traditional phishing detection models to recognize and interpret emotionally manipulative language found in social engineering messages.

Addressing this problem is crucial because attackers are now using advanced language generation tools to create highly persuasive phishing emails that can evade conventional filtering systems. As phishing tactics become more sophisticated, detection strategies must evolve beyond superficial text analysis and incorporate psychological and affective signals.

Presenter(s): Stephen Gravereaux

Showcase Advisor: Nicole Shepard

Abstract: For this paper, I will be using the CIC-BCC-NRC IoMT 2024 dataset. The objective is to train a few tree-based classifiers such as XGBoost, RandomForest, and SVM to detect malicious traffic and apply explainable AI (XAI) techniques to analyze the model behavior. I will be using SHAP (Shapley Additive exPlanations) to provide feature attributes to identify the most influential network flow characteristics that drive the ML models attack detection. I will also be using LIME (Local interpretable Model-Agnostic Explanations) as a complementary technique to generate instance level explanations and help with explainability across the models. Beyond the SHAP and LIME explanation approach I would also like to implement a Large Language Model pipeline that interprets these outputs to provide better human interpretability. If I feed the feature attributions from the model decisions into a local LLM then explanations can be more user friendly.

Presenter(s): Sang Jun Kim

Showcase Advisor: Ariel Pinto

Abstract: Building on Angelo and Arka’s prior work on IoT segmentation, this research addresses a critical gap: how Zero Trust Architecture (ZTA) holds up against active adversarial techniques like Man-in-the-Middle (MITM) attacks in legacy environments. While previous studies proved that segmentation reduces exposure, this project uses a mixed-methods experimental approach to provide empirical evidence of its effectiveness under realistic attack conditions. By building a hands-on testbed, I’ll be measuring how micro-segmentation and zone-based isolation restrict unauthorized traffic and improve visibility into malicious activity. The study focuses strictly on network-level controls, excluding cloud-native services to isolate the impact on IoT and legacy hardware. Ultimately, this research provides practitioners with a "real-world" look at how ZTA limits lateral movement and attack success, offering a practical roadmap for securing diverse, high-risk networks without relying on implicit trust.

Presenter(s): Leila Garcia

Showcase Advisor: Richard Rose

Abstract: AI has significantly contributed to the growth of modern surveillance, especially through the use of deepfakes and facial recognition technology, which raise important privacy concerns. It is essential to impose limits on surveillance practices while simultaneously enhancing privacy and confidentiality protections. The manner in which individuals use their data in AI systems and interact with social media platforms is particularly noteworthy. This issue is closely connected to broader concerns regarding homeland security and law enforcement.

Presenter(s): Mark Poris, Benet William, Jack Krzemien

Showcase Advisor: Sheikh Rabiul Islam

Abstract: Traditional phishing campaigns have used human-crafted messages with malicious URLs to obtain credentials, personal information, and install malware onto the machines of victims. As awareness and detection of these emails has grown, attackers are turning to Generative AI for developing context-aware phishing campaigns that bypass these methods. This research explores how machine learning (ML) techniques can be used to test the accuracy of classification tasks in the identification of human-crafted vs. AI-generated phishing emails. This research specifically uses SVM, Random Forest, Agglomerative clustering, K-means clustering, and CNN for classification of emails from these two types of phishing campaigns. Feature importance using SHAP will also be performed to provide clarity on how individual features of the data contribute to the predicted classification. Our research will contribute to the limited existing literature on this topic, proving new insights and potentially inspiring further research into AI-based phishing detection and prevention solutions.

Presenter(s): Brayden Surprise, Godwin Addai, Brain Dooley

Showcase Advisor: Faruk Curebal

Abstract: Phishing emails are a common cyberattack used to steal personal information, login credentials, and financial data. This project focuses on detecting phishing emails by comparing characteristics of legitimate and malicious messages. The poster presents side-by-side examples of a fake password reset email and a real account notification to highlight key warning signs. In the fake email example, indicators such as a suspicious sender address, urgent language, a misleading link, and pressure to act quickly are highlighted. These tactics are commonly used to trick users into clicking malicious links or sharing sensitive information. In contrast, the legitimate email example shows safer indicators, including an official sender address, a clear and expected message, a normal tone, and a trusted link. By visually labeling these differences, the project helps demonstrate how users can recognize phishing attempts and improve awareness to better protect personal and organizational data.

Presenter(s): Panagiotis Katsanis, Stephen Zimmerman, Jacob Mosden

Showcase Advisor: Faruk Curebal

Abstract: We will analyze the Synthetic Financial Datasets For Fraud Detection by Edgar Lopez-Rojas to examine various solutions available to stakeholders in detecting financial fraud. Financial Fraud is a serious issue that plagues organizations and governments globally. Additionally, we will synthesize findings from other sources that explore the challenges that make fraud detection complex, and how the field may change in the near future. We will explore various datasets and read several articles to compile data relating to financial fraud detection through cybersecurity.

Presenter(s): Angelo Pollari

Showcase Advisor: Ariel Pinto

Abstract: This research explores how we can bridge the gap between traditional industrial risk concepts and modern cloud resilience. By applying Zero Trust principles specifically to AWS, the study examines real-world identity breaches through a "before and after" lens, mapping how an initial compromise cascades through interconnected cloud services. To turn these insights into practical tools, the project introduces two original artifacts: a Cloud Zero Trust Control Matrix, which translates high-level security goals into specific AWS configurations like Service Control Policies (SCPs), and a Blast Radius Scoring Rubric to measure how effectively these controls stop a chain reaction. Ultimately, the goal is to provide a straightforward, decision-friendly framework that helps security teams prioritize the most impactful controls to stop cascading risks before they spiral—all without needing to deploy a full-scale infrastructure first.

Presenter(s): Isaiah Brown

Showcase Advisor: Ariel Pinto

Abstract: The rapid growth of Internet of Things (IoT) devices in organizational and critical infrastructure networks has increased cybersecurity risks. While research often focuses on technical vulnerabilities, social engineering remains a major entry point for attackers. This study examines how social engineering attacks lead to IoT compromise and create cascading cyber risks across connected systems. The research evaluates how Zero Trust Architecture (ZTA) reduces these risks by restricting access and limiting attacker movement within networks. The study uses qualitative methods including literature review, case study analysis, and conceptual risk modeling. Academic studies, industry reports, and government guidance are analyzed to identify common social engineering techniques and IoT weaknesses. A cascade attack model illustrates how human trust exploitation leads to device compromise and network infiltration. The research also maps Zero Trust controls such as identity verification, multi-factor authentication, least privilege access, segmentation, and continuous monitoring to stages of the attack process.

Presenter(s): Alexis Crever

Showcase Advisor: Ramana Allena

Abstract: Social Engineering attacks continue to become more aggressive and more frequent as one of the most common cybersecurity threats.  Cybercriminals can deceive users by exploiting the human element rather than the technical elements in computer systems.  This grants access to sensitive personal and financial information and can be devastating if not properly handled.  Understanding how these trends are working is crucial to developing the necessary skills to navigate the cybersecurity landscape. A new method being used for phishing attacks involves the use of Ai attacks through text and email.  The attacks use AI to create stronger attacks to appear more legitimate to the everyday user.  The attacks often come posing as banks, collection services, or corporate invoices.  Users fall for this trap by entering their login credentials or by clicking on a malicious link.  These types of attacks rely on the user's inexperience and take advantage of their inherent trust.

Presenter(s): Jayden Meed

Showcase Advisor: Richard Rose

Abstract: Deepfakes are a growing cybersecurity threat that use artificial intelligence and deep learning to create realistic but fake images, videos, and audio of people. These manipulated media can be used to spread misinformation, commit fraud, damage reputations, and bypass security systems such as facial or voice authentication. This project explores how deepfake technology works, the cybersecurity risks it creates for individuals and organizations, and real world examples of deepfake attacks. It also examines current detection techniques and prevention strategies, including AI based detection tools, digital watermarking, and user awareness. Understanding deepfakes is important for improving digital security and helping society recognize and respond to manipulated media.

Presenter(s): Jack Criscione, Elijah Wilson-Minard, Adnan Khan, Colby Nasadoski

Showcase Advisor: Ramana Allena

Abstract: Active Directory is used widely across enterprise systems to enforce least-privilege access. More specifically, objects in the Active Directory, such as computers and user accounts, can be separated into separate groups, which prevent users from accessing computers in other groups. Active Directory can also be used to ensure that only computers that are objects within an Active Directory can connect to the network. Devices not within Active Directory that attempt to connect to the internet, either through Ethernet or Wi-Fi, will simply not get a network connection. During our presentation, we will examine how all these aspects come together to create an effective guard against lateral movement in systems during a ransomware attack.

Presenter(s): Jd Darker

Showcase Advisor: Richard Rose

Abstract: This presentation shows how artificial intelligence is changing the way phishing attacks happen online and why it is becoming harder for people to recognize scams. In the past, phishing emails were usually easy to notice because they had bad grammar or looked suspicious. Attackers can use AI tools to generate messages that look professional and realistic, which makes them much more convincing. The presentation will also explain how phishing attacks can affect multiple online accounts once one account is compromised. For example, if someone gains access to a person’s email, they may be able to reset passwords and reach other accounts connected which would be very bad. I feel like this is important to understand because many people do not realize how connected their online accounts really are. The goal is to show what these attacks look like today and what possible solutions might look like for improving online security.

Presenter(s): Michael Nwachi

Showcase Advisor: Nour Alhussien

Abstract: Research and testing in Python, to see if you could use STM-Graph to improve for spatio-temporal data (space, time). STM-Graph is an end-to-end, open-source Python framework that transforms raw spatio-temporal (space and time) urban data into graph datasets for GNN training and prediction.STM-Graph makes spatial mapping a component, enabling systematic analyze how different spatial representations impact predictions. This would help users understand how data is mapped, detect spatial bias, and interpret model predictions

Presenter(s): Michael Rodriguez

Showcase Advisor: Frederick Hintermister

Abstract: The presentation has an emphasis on employees' roles in the workplace. This study investigates the efficacy of zero-trust security implemented through IDAM and access control. The study examines the effects of least privilege policies, multi-factor authentication, and identity verification on daily system access and employee behavior. Additionally, the project assesses how cyber training and workforce development initiatives enhance workers' comprehension of identity security procedures. Data from breach reports and identity-related incidents support analysis of credential misuse and access failures. The objective is to ascertain whether increased workforce awareness and identity training enhance the effectiveness of zero-trust security models in businesses.

Presenter(s): Jada McMullen, Derek Pember, Michael Nasierowski, Nicholas Popiel, Tommy Stark, Miguel Santos

Showcase Advisor: Catherine Dumas

Abstract: As public libraries increasingly serve patrons experiencing mental health, housing, or substance use crises, there is a growing need to prepare future librarians for these interactions. Despite the potential of VR for immersive and repeatable training, no existing VR programs focus specifically on crisis management in library settings. In Dr. Dumas's Human-Centered Intelligence XR Lab, we are building out a version of training public librarians de-escalation skills to help them to work with patrons in distress using Unity and the Meta Quest 3 headset. This poster will present the final version using GenAi chatbot for roleplay interaction between the user and a patron in distress.

Presenter(s): David Caldas

Showcase Advisor: Richard Rose

Abstract: The rapid development of generative artificial intelligence has introduced new challenges for digital identity verification in cybersecurity. One emerging concern is the use of deepfake technology to impersonate executives or trusted individuals in corporate environments. These AI-generated voice and video impersonations have the potential to manipulate employees into authorizing sensitive actions, even when traditional security controls such as multi-factor authentication (MFA) are in place. This proposed study examines whether current authentication practices remain effective against deepfake-enabled social engineering attacks. Specifically, the research will explore whether organizations relying on conventional MFA experience different outcomes compared to organizations that implement additional verification procedures. By examining the intersection of identity and access management, adversarial machine learning, and social engineering, this research aims to better understand how synthetic media may affect the reliability of authentication systems and what implications this may have for future cybersecurity strategies.

Presenter(s): Muhammad Alihan

Showcase Advisor: Amna Saleem

Abstract: My presentation will talk about the importance of the Electronic Funds Transfer Act (EFTA). The Electronic Funds Transfer Act was enacted by congress all the way back in 1978 to protect consumers electronic payments. Consumers electronic payments are protected by the legal rights given by the Electronic Funds Transfer Act from certain issues. The Electronic Funds Transfer Act requires organizations to follow it's regulations to guarantee the safety of consumers. The Electronic Funds Transfer Act has become even more important in the modern day with all the online digital purchases happening that opens up more vulnerabilities to consumers. I will show the importance and effectiveness of the Electronic Funds Act by giving data on how increasing amounts of debit and credit card payments and transactions. Then I will also show analysis of how certain EFTA techniques help.

Presenter(s): Thalia Pierre, Brianna Niforos, Alexis Crever, Robbie Radmacher

Showcase Advisor: Ramana Allena

Abstract: We will be researching undersea cable attacks with a case study of the attacks that Russia has allegedly carried out in the Baltic Sea. The protection of undersea fiber cables is important because over 97 percent of the world’s internet traffic travels through these cables, which are susceptible to sabotage given the remote and unrestricted nature of seas and oceans. These attacks have increased in recent years, and nations are increasingly adding seabed warfare strategies to their view of hybrid warfare planning.

Presenter(s): Jake Weinstein

Showcase Advisor: Nicole Shepard

Abstract: In order to safeguard users, systems, and business data against cyber attacks, system security is a key component of modern technology. Strong security procedures are now more crucial than ever as businesses depend more and more on digital technologies to handle operations and keep sensitive data. By putting safeguards like identity limits, encryption, network monitoring, and vulnerability management in place, system security attempts to prevent unwanted access, interruption, or damage to hardware, software, and data.

The nature of cyber attacks poses a significant challenge to system security. Organizations must actively discover vulnerabilities plans in place because attackers are always coming up with new ways to take advantage of system flaws. Organizations may find and fix vulnerabilities before they can be abused by using vulnerability management, patch management, and frequent security assessments.

Presenter(s): Linsey Rollins, Tyler Haynes

Showcase Advisor: Ramana Allena

Abstract: A growing threat within the cybersecurity landscape is the rise of Initial Access Brokers, who are cybercriminals who specialize in gaining unauthorized entry into company networks and later selling that access to other threat actors. Attackers are now relying heavily on human manipulation rather than just technical exploitation. Initial Access Brokers obtain access through social engineering, which exploits human trust, behavior, and a lack of cybersecurity awareness. Additionally, they employ social engineering techniques, including phishing emails, fake login pages, impersonation scams, and malicious attachments. These techniques allow them to steal credentials or trick users into granting network access. After obtaining credentials, Initial Access Brokers can access the system and later sell that access to ransomware groups or other organizations. Initial Access Broker collaborate with other groups in their attack methods. Rather than having a single attacker, these operations are divided throughout different actors using many means.

Presenter(s): Priscilla Tweneboa, nathan barash

Showcase Advisor: Faruk Curebal

Abstract: Insider threats arise when individuals with legitimate, authorized access such as employees or contractors misuse that access to harm an organization’s systems. This harm may be intentional or accidental, and it can manifest through data theft, sabotage, espionage, or unauthorized disclosure. The specific risk examined in this project is the misuse of legitimate credentials to perform anomalous or harmful actions that blend into normal workflows. In this project we would be making the case that monitoring user behaviors is a better method than traditional networks by comparing these methods. As organizations increasingly rely on digital infrastructure and remote work, insider threat detection has become a critical component of modern cybersecurity strategy.

Presenter(s): Michael Iannuzzi, Michael Kerrigan

Showcase Advisor: Nour Alhussien

Abstract: Social engineering is a cybersecurity attack that targets people instead of computer systems. Attackers trick individuals into sharing sensitive information like passwords or personal data. These attacks often happen through phishing emails, fake websites, or impersonating trusted people or companies. This project explains how social engineering works, why it is a major cybersecurity threat, and how people can protect themselves from these attacks. It also discusses how new technologies like artificial intelligence may make these scams more advanced in the future.

Presenter(s): Christopher Davis, Dominick Aulivola, Caden Carangelo, Connor Clarkin

Showcase Advisor: Nour Alhussien

Abstract: Social engineering is one of the most effective and dangerous cybersecurity threats because it targets human behavior instead of technical vulnerabilities. While many organizations invest heavily in firewalls, encryption, and other technical defenses, attackers often bypass these protections by manipulating people directly. Social engineering attacks rely on psychological manipulation to trick individuals into revealing confidential information, granting unauthorized access, or performing actions that compromise security. As technology continues to evolve, social engineering remains a major concern because it exploits trust, urgency, fear, and curiosity which are basic human emotions that are difficult to eliminate through technology alone.

Presenter(s): Ellie Axii, Susan Sukalingum, Wai Yan Tun, Mirza Tasnia, Kayla Castine

Showcase Advisor: Edward Ansong

Abstract: Cryptography is a method of securing data by encrypting information to prevent unauthorized access. Not all cryptography methods are created equal and each has their strength and weaknesses. This project looks to explain five common cryptography methods including AES, RSA, SHA-256, MD5, and PGP in simple terms. We will show how each cryptography method is used in real-world scenario, if there are any weaknesses, and whether better options exists to replace weak and outdated methods. For instance, MD5 and DES are cryptography methods that are insecure and must be replaced by newer methods. By comparing these methods side by side, this project aims to inform the general public of weak cryptography protocols and provides replacement alternatives.

Presenter(s): Chase Garner

Showcase Advisor: Sheikh Rabiul Islam

Abstract: Large Language Models can be exploited in numerous ways. From scalable scam to coordinated influence campaigns, they can be very dangerous when it comes to swaying public opinion on certain matters. Although there are many existing watermarking techniques, they fall short when confronted with adaptive attacks meant to purposely avoid detection. This project will analyze existing LLM watermarking approaches with a focus on robustness against adaptive attacks.

During my research I will rely heavily on peer reviewed research papers on LLM watermarking. Since I have done so much research on this topic already I have many to choose from(safe seal, kstamp, synthID etc). There will be NO proprietary or private datasets used.

Presenter(s): Emily Tombank

Showcase Advisor: Barak Hussein

Abstract: Social engineering is a constantly adapting threat in the world of cybersecurity and cyberattacks, but the long-term effects of exposure to this type of attack is something that isn't nearly as focused on.

Presenter(s): Thalia Pierre

Showcase Advisor: Sheikh Rabiul Islam

Abstract: The goal with this project is to address the long-term psychological impact from social engineering attacks on vulnerable individuals. Social engineering targets vulnerable individuals, opening them up to repeated manipulation attempts, resulting in reduced trust in technology, emotional strain, mental and psychological depletion, and long-term behavioral changes. Addressing social engineering is imperative because constantly evolving cyberattacks tend to exploit human vulnerabilities rather than minor flaws. We analyzed several different kinds of social engineering that’s utilized as of recent: human vs. computer-based attacks, direct vs. indirect attacks, in addition to social, technical, and physically-based attacks. In the end, we found that social engineering attacks can happen to anyone, and we may have habits that are capable of increasing our risk factor to them, further affecting our psyche. In cybersecurity, it’s important that we adopt these strategies to incorporate resilience in the psychological sector as opposed to focusing solely on technical solutions.

Presenter(s): Ellie Axii, Javed Kashani

Showcase Advisor: Faruk Curebal

Abstract: Malware-as-a-Service (MaaS) is an evolving business model that ranges from technological espionage to financial gain. MaaS is an organization with a dedicated team consisting of but not limited to malware developers, marketers, and human resource. MaaS’ business partners can range from individual investors to Advanced Persistent Threat (APT), also known as state agencies. This service is threatens individual and national security.

Approaching this topic from a Cybersecurity perspective, MaaS consists of many different threats, and as a business model it has the assets to cause serious harm to a nation’s citizens and infrastructure.

This project focuses on analyzing how Malware-as-a-Service can harm individuals, organizations, and state agencies.

Presenter(s): James Iorio III, Edwin Brito, Gavin Alpers

Showcase Advisor: Faruk Curebal

Abstract: Our project will be a poster that includes information on various families of malicious software (malware), including what distinguishes the malware from other types, what problems it creates, how it is typically addressed in the cybersecurity world, etc. We will also include a showcase of a case study involving an application such as wireshark, where we will demonstrate an example of an analysis of the presented information.

Presenter(s): Andrew Henriques

Showcase Advisor: Richard Rose

Abstract: Government mass surveillance has been a major topic since the Patriot Act in 2001 and picked up again in 2013 with Edward Snowden. However with newer transformer model AI it now easier to sift through large amounts of data than it has ever been. This project explores whether being aware of government surveillance influences how individuals act online and their cybersecurity behavior. This is important because many people believe their online activity is anonymous, but soon this may not be the case.

Presenter(s): Michael Nwachi

Showcase Advisor: Sheikh Rabiul Islam

Abstract: Large Language Models (LLMs) have demonstrated remarkable capabilities in natural language understanding and generation, enabling applications in research assistance, automated decision support, and education. This project investigates current approaches to measuring and mitigating hallucinations in LLMs through a review and synthesis of recent research. The study will examine emerging evaluation frameworks designed to quantify factual accuracy without relying heavily on any human-annotated reference answers. The project analyzes several mitigation strategies aimed at improving model trustworthiness and reliability. These include retrieval-augmented generation (RAG), which grounds model outputs in external knowledge sources; prompt engineering techniques that guide models towards more reliable and verifiable responses; and hybrid architectures that combine natural language models with structure knowledge representations.he findings show that while significant progress towards this issue has been made, hallucinations remain an open challenge in LLM research. Future work will likely focus on integrating a stronger grounding mechanism, developing standardized evaluation.

Presenter(s): Isaac Hilton

Showcase Advisor: Alan Wang

Abstract: A deep dive into how Microsoft 365 copilot can enhance productivity in the workspace.

Presenter(s): Frances Rain Ramos, Ethan Claude, Isaiah Brown

Showcase Advisor: Nour Alhussien

Abstract: As organizations increasingly are starting to rely on interconnected systems, protecting computer networks from cyber attacks have become a critical priority. Network attacks such as denial-of-service, man-in-the middle and phishing exploit vulnerabilities in these communication systems to steal data, disrupt services or gain access that wasn’t granted to them in the first place. These attacks can cause significant problems for the company like financial loss, data being lost and the damage of the reputation of the company. Understanding how these threats operate is essential for developing effective defense strategies Secure network protocols play a vital role in protecting data as it travels across networks. Protocols such as Secure Shell, HTTPS.

Presenter(s): Tinashe Chinamasa, Mohammed Alattas, Craig Elliott

Showcase Advisor: Faruk Curebal

Abstract: This research is all about finding anomalies in network traffic by telling the difference between benign and malicious activity. As cyber threats keep changing, businesses need to find better ways to detect abnormal activity in huge amounts of network data. Our study examines the analysis of network traffic patterns to identify indicators of harmful activity, including aberrant connections, odd traffic spikes, and suspicious communication patterns. We want to find traits that assist us find possible risks earlier by comparing regular traffic with malicious samples. The purpose of this study is to show how anomaly detection methods may make networks safer by helping analysts find assaults more quickly and respond before serious damage happens.

Presenter(s): Adeyemi Ojomo, Triyog Chhetry, Yu Jie Zheng, David Roy-Macauley

Showcase Advisor: Jill Cofield

Abstract: This project presents the design and development of a database application to gym memberships. Throughout the semester, our team collaborated to create a fully conceptualized system that models real‑world data needs, security considerations, and user interactions within our selected environment.

Our work includes the creation of an entity‑relationship (ER) model, a normalized relational schema, and a set of SQL queries that demonstrate core system functionality such as data retrieval, updates, and reporting. We also developed example interfaces or system screenshots to illustrate how users might interact with the application in practice. In designing this system, we applied key principles of database design, data integrity, and cybersecurity, with a focus on protecting sensitive information and ensuring reliable system performance.

Presenter(s): Jeremy Anthony

Showcase Advisor: Nicole Shepard

Abstract: This presentation explores organizational security as an evolving challenge spanning technical systems, human behavior, and business operations. As cyberattacks like ransomware and phishing grow in frequency and cost, the need for robust security controls is more urgent than ever. By examining the broad scope of defense from technical safeguards and Zero Trust architecture to executive decision making and the NIST Framework This study highlights how organizations can mitigate risk. Central to this discussion is the human element; since human error remains a primary vulnerability, digital literacy and training are vital. Ultimately, this presentation emphasizes that effective security is not a static product but a continuous process requiring leadership commitment, the CIA Triad (Confidentiality, Integrity, Availability), and constant adaptation to adversarial tactics.

Presenter(s): Van Kieu Dang

Showcase Advisor: Donghee Sinn

Abstract: This literature review examines how watermarking, provenance, and metadata can support the organization, classification, and verification of AI-generated text in the era of large language models (LLMs). As LLMs increasingly produce human-like content across domains such as education, journalism, and research, distinguishing between human-authored and machine-authored text has become more difficult, raising concerns about misinformation, plagiarism, authorship, and trust. Framed as an information organization problem, this review argues that managing AI-generated content now requires systems that address not only meaning, but also origin, authenticity, and accountability. It analyzes recent scholarship on watermarking as an embedded signal of machine generation and provenance as a metadata-based record of content history. The review concludes that while both approaches offer important mechanisms for organizing trust, neither is sufficient alone, making multi-layered, provenance-aware verification frameworks essential for trustworthy AI content ecosystems.

Presenter(s): Aasman Qureshi, Matthew Missett, Clyde Jastram, Kristopher Kohler, Jayden Meed

Showcase Advisor: Jill Cofield

Abstract: This project presents the design and development of a database application for a fictitious pharmaceutical company. Throughout the semester, our team collaborated to create a fully conceptualized system that models real‑world data needs, security considerations, and user interactions within our selected environment.

Our work includes the creation of an entity‑relationship (ER) model, a normalized relational schema, and a set of SQL queries that demonstrate core system functionality such as data retrieval, updates, and reporting. We also developed example interfaces or system screenshots to illustrate how users might interact with the application in practice. In designing this system, we applied key principles of database design, data integrity, and cybersecurity, with a focus on protecting sensitive information and ensuring reliable system performance.

Presenter(s): Andres Estevez

Showcase Advisor: Ramana Allena

Abstract: As we already know artificial intelligence has the ability to pattern recognize and use it to effectively learn different processes to try. These processes go through trial and error, and begin keeping data on what works on most unsuspecting individuals. Malicious actors learned to adapt and use this deep learning machine to increase the sophistication of phishing attacks. With the constant evolutions in today’s technology it is important to be able to evolve alongside it as this is the only way we can fight against AI. During the showcase I will be displaying the changes artificial intelligence has in phishing attacks over the years until the present time. Fundamentally making it simple on the board, highlighting how the AI gets the ability to adapt to whoever they are emailing. While also explaining how artificial intelligence uses deep machine learning to update and adapt the level of sophistication in phishing attacks.

Presenter(s): Andrew Hoyt

Showcase Advisor: Ramana Allena

Abstract: Social engineering attacks are effective because they target human emotions rather than just technical weaknesses. Attackers often manipulate feelings like trust, fear, curiosity, and urgency to influence people’s decisions. When someone feels pressured or worried, they are more likely to act quickly without carefully thinking about the situation. Attackers take advantage of these emotional reactions.

A common example is phishing emails that create a sense of urgency, such as messages claiming an account will be locked or that suspicious activity has been detected. These messages are meant to cause panic and persuade people to act first think later. Attackers may also pretend to be in positions of authority like managers or IT staff because it makes it more likely they will listen to instructions.  

Understanding how these emotions are used and manipulated in these attacks can help people think first, use critical thinking, and confirm requests before responding.

Presenter(s): Nevaeh Groucher

Showcase Advisor: Benjamin Yankson

Abstract: This project explores cybersecurity risk management in hybrid cloud environments through a simulated Red Team vs. Blue Team scenario modeling an Advanced Persistent Threat attack and incident response. As organizations increasingly adopt hybrid cloud architectures, the complexity of identity management, access control, and distributed infrastructure creates new vulnerabilities that adversaries can exploit. In this simulation, the Red Team represents a threat actor attempting to compromise cloud and on-premises resources through techniques such as credential theft, privilege escalation, and lateral movement. The Blue Team focuses on detection, containment, and recovery using incident response strategies aligned with cybersecurity governance principles. This analyzes how frameworks such as the NIST Cybersecurity Framework support Governance, Risk, and Compliance practices in responding to advanced threats. By evaluating attack paths and defensive actions, this highlights the importance of cyber resilience, proactive risk governance, and coordinated incident response, reducing the impact of cyber incidents within hybrid cloud environments.

Presenter(s): Jonathan Subocz, Jessica Pheku, Miles Chiafulio, Lindsay Krajewski

Showcase Advisor: Nour Alhussien

Abstract: Secure application development requires integrating security into every stage of the software lifecycle. This presentation focuses on two critical areas: database security and secure coding practices. It explores common vulnerabilities such as SQL injection, improper authentication, and insecure data storage, and explains how developers can prevent them through techniques like input validation, parameterized queries, and least-privilege database access. By applying secure coding standards and strengthening database protections, organizations can reduce attack surfaces and build applications that better protect sensitive data and user trust.

Presenter(s): Kushma Panchal

Showcase Advisor: Ariel Pinto

Abstract: This presentation examines cybersecurity challenges in power generation operational technology (OT) environments. Unlike traditional IT systems, OT systems monitor and control physical processes, making cyber incidents more dangerous because they can affect safety, reliability, and service continuity. This research highlights key vulnerabilities in power generation OT, including legacy systems, insecure remote access, weak network segmentation, and patching difficulties. It also discusses major threats such as ransomware, insider misuse, and attacks targeting industrial control systems. The presentation concludes by reviewing defensive strategies, including stronger access control, network segmentation, incident response planning, and resilience-focused cybersecurity practices to better protect critical infrastructure.

Presenter(s): Elijah Williams

Showcase Advisor: Sheikh Rabiul Islam

Abstract: This research investigates security vulnerabilities in space based communication networks, with emphasis on the signal links between satellites and ground stations. As satellite infrastructure becomes increasingly critical to GPS, telecommunications, and internet services, these systems represent high value targets for adversarial exploitation. This study employs vulnerability mapping of space-ground communication links, analysis of real world GNSS signal datasets under clean, jammed, and spoofed conditions, and review of documented satellite security incidents. I intend to build a structured threat model, informed by MITRE ATT&CK and STRIDE frameworks, that identifies attack vectors including signal jamming, spoofing, and unauthorized command injection. The research concludes with defense recommendations for the aerospace industry, addressing signal authentication protocols, encrypted command channels, and ground station hardening strategies.

Presenter(s): Brandon Sanchez, David Whitfield, Justin Victor, JD Darker, Shamar Campbell

Showcase Advisor: Jill Cofield

Abstract: This project presents the design and development of a database application to  manage a sneaker store and can be used to track orders, customers, footwear, inventory, and shop data. This tool will enforce community engagement through our "Buy, Sell, Trade" System that we have implemented. Throughout the semester, our team collaborated to create a fully conceptualized system that models real‑world data needs, security considerations, and user interactions within our selected environment.

Our work includes the creation of an entity‑relationship (ER) model, a normalized relational schema, and a set of SQL queries that demonstrate core system functionality such as data retrieval, updates, and reporting. We also developed example interfaces or system screenshots to illustrate how users might interact with the application in practice. In designing this system, we applied key principles of database design, data integrity, and cybersecurity, with a focus on protecting sensitive information and ensuring reliable system performance.

Presenter(s): Alex Ficarrotta, Nathan Strunk, Patrick Mahar, Chase Garner, Fardeen Zahid

Showcase Advisor: Omer Keskin

Abstract: Industrial Control Systems (ICS) are used to monitor and control physical processes in critical infrastructure and industrial environments. Our project focuses on developing an Operational Technology (OT) SKID platform that combines industrial system functionality with interactive cybersecurity education. The environment models communication between a PLC, server, and tablet-based human machine interface (HMI) using Modbus/TCP within an OT network. The platform is designed as an interactive game where users analyze system behavior while working through different attack scenarios that target industrial control processes. These scenarios explore how actions such as unauthorized command execution, manipulation of system parameters, modification of operational thresholds, or suppression of alarms could impact system behavior and safety. Participants examine how commands, sensor data, and control signals move through the network while identifying abnormal activity. Safety mechanisms including interlocks, watchdog timers, and fail-safe logic are incorporated to reflect real industrial safeguards and reinforce cybersecurity awareness.

Presenter(s): Alex Gomez

Showcase Advisor: Ramana Allena

Abstract: There are many cyberthreats we can all think of but one I would say that always being used by hackers is social engineering. Social engineering attacks have to be one of the most common and always successful attacks and the reason for that is because it tagerts the human behavior rather then tech. Instead of hacking the systems, attackers uses manipulative behaviors into giving and showing sensitive information and performs actions to take advantage of the security systems. Actions that can happen is mainly phishing, and impersonationand with these attacks it rely on psychological tactics such as urgency, authority, and trust to deceive victims.  

With this poster it will examines common social engineering attacks and how they are exploited by human psychology to gain unauthorized access to systems and private information. This poster will also show prevention strategies like security awareness training and phishing simulations to help prevent these attacks.

Presenter(s): Jack Krzemien, Matthew Afrane, Andrew Pecak

Showcase Advisor: Nour Alhussien

Abstract: Our research subject will be on social engineering, a common tactic used in cyberattacks where someone tries to gain unauthorized access to an unauthorized device/area by tricking someone into giving them access. For this project, we are focusing on three different forms of social engineering, these forms are physical, technical, and administrative.

We will also be providing examples and ways to mitigate social engineering threats from being an issue. The common types of social engineering attacks done on a daily occurrence and the challenges faced when trying to properly respond to them.

Presenter(s): Ethan Zenteno

Showcase Advisor: Ramana Allena

Abstract: Social media platforms like TikTok, Instagram, and Facebook have become hotzones for scams and farming information, making users primary targets for sophisticated social engineering attacks. Deceptive ads and AI chatbots via DMs seek to collect financial information from unsuspecting users. This research investigates how malicious actors leverage ad space to bypass platform security. While regulations target major tech companies like Meta, a gap remains in third-party advertiser accountability. These entities utilize "influence engineering" to deceive the public into volunteering credit card details. Furthermore, generative AI has escalated this threat through AI agents capable of multi-turn conversations to extract confidential information. This project evaluates current platform policies. By examining real-time detection strategies for manipulation tactics, this study advocates for stricter advertiser policies and enhanced user awareness. Closing legislative loopholes is essential to shifting the security burden to a more accountable digital ecosystem, highlighting the urgent need for policy reform.

Presenter(s): Samayra Brown

Showcase Advisor: Richard Rose

Abstract: This research explores how oversharing personal information on social media, combined with the growing use of Artificial Intelligence (AI), increases the risk of identity theft and cyberstalking. Many users share details such as their location, daily activities, and personal life online without realizing how easily this information can be exploited. AI tools can quickly collect and analyze this data, making impersonation, phishing, and other cybercrimes easier for attackers. This project highlights how cybersecurity threats often target human behavior and emphasizes the importance of online awareness and digital safety.

Presenter(s): Samuel Maxwell, Xavier Daniel

Showcase Advisor: Faruk Curebal

Abstract: Our presentation will cover the nature of software supply chain attacks in Cybersecurity, utilizing the recent Notepad++ supply chain attack as a primary example that affected many of our peers and even the university itself. We will discuss the techniques used, the goal of the attackers, and review the steps that can and should be taken in order to combat these attacks.

Presenter(s): Mark Poris

Showcase Advisor: Barak Hussein

Abstract: Stuxnet was a profound cybersecurity incident that introduced cyber-physical attacks and had global political effects. The attack, which targeted the nuclear uranium enrichment facility at Natanz, Iran, was likely performed by the United States and Israel to cripple operations. The Natanz facility suffered severe damages to centrifuge power generation infrastructure. To prevent an incident such as Stuxnet from happening again, secure update pathways are crucial. Operational Technology (OT) and ICS systems are more vulnerable to compromise because they cannot easily rely on new solutions that IT systems receive. To address this security gap, secure update pathways provide authentication and encryption for the purpose of updating firmware in these air-gapped systems. Secure update pathways apply key cryptographic protections for Programmable Logic Controllers (PLCs), whitelist unwanted removable media, scan for malware, and prevent execution of unwanted code that can exploit vulnerabilities both known and unknown. Secure update pathways ensure safe system changes.

Presenter(s): Ethan Langaigne

Showcase Advisor: Barak Hussein

Abstract: The Colonial Pipeline ransomware attack exposed critical weaknesses in energy infrastructure and highlighted the need for stronger cybersecurity and response planning. This research examines how modern security strategies, such as Zero Trust Architecture, can prevent similar disruptions by limiting unauthorized access and reducing lateral movement inside networks. The study also explores how structured incident response playbooks support rapid containment and recovery during cyber events. By connecting technical controls with operational planning, this work demonstrates how power generation organizations can strengthen resilience, protect essential services, and reduce the impact of future cyberattacks on critical infrastructure.

Presenter(s): Maiyia Coles

Showcase Advisor: Richard Rose

Abstract: Sufficient Network design is especially important in Healthcare as it is used to support patient care, store electronic records(EHRs), manage medical devices, and communication coordination. These 24 hour systems are heavily relied on by not only healthcare professionals, but by patients. Healthcare networks are uniquely vulnerable because they contain extremely sensitive patient data and life-support systems. EHRs, laboratory data, telehealth services, etc, all operate on the same network infrastructure. If the network design is poor, it creates opportunities for malicious actors.

Presenter(s): Clairvens Lapointe

Showcase Advisor: Ramana Allena

Abstract: Many cybercriminals compromise organizations and individuals using social engineering techniques. Social engineering focuses on manipulating users to gain unauthorized access to sensitive information, systems, or financial data. Common forms include phishing emails, impersonation, baiting, and pretexting attacks. As technology becomes integrated into daily life, attackers increasingly target individuals who may not recognize these tactics.

This project explores the growing threat of social engineering and provides practical strategies to prevent and mitigate attacks. Many successful cyber incidents occur not because of technical vulnerabilities, but because users unknowingly provide credentials or click malicious links. By examining common attack methods and real-world examples, this project highlights the importance of cybersecurity awareness as a defense.

Preventing social engineering requires both technical safeguards and user education. Organizations can implement Multi-Factor Authentication (MFA), access controls, and email filtering. However, educating users to recognize suspicious messages and verify requests for sensitive information remains the most effective defense.

Presenter(s): Edwin Garcia

Showcase Advisor: Barak hussein

Abstract: Stuxnet is a malicious computer program discovered in 2010 that targeted Iran's nuclear facilities. expert analysis the case was examined to understand its impact. The worm damaged around 1,000 centrifuges and pushed governments worldwide to strengthen their cybersecurity policies. It proved that cyberattacks can cause real physical damage to critical infrastructure.

Presenter(s): Mya Martinez

Showcase Advisor: Barak Hussein

Abstract: Stuxnet is an cyber incident that fundamentally changed the cyber realm. Back in 2010 a very well designed cyber weapon was discovered that attacked industrial control systems and resulted in physical damage to important infrastructures.

Presenter(s): Cali Harris

Showcase Advisor: Barak Hussein

Abstract: In June 2010, the Stuxnet attack opened the eyes of cyber threat actors around the world, revealing how vulnerable industrial systems truly are. The Stuxnet attack demonstrated that cyberattacks could cause physical damage to industrial systems, marking a turning point in cyber warfare and placing other critical infrastructure, like power generation, directly in the crosshairs of potential threat actors.

Presenter(s): Joshua Marte

Showcase Advisor: Barak Hussein

Abstract: The stuxnet Incident happened in 2010 when a computer worm was discovered to be messing around with Iran nuclear program. This brought out a lot more awareness of what cybersecurity threats can actually do as it caused real physical damage.

Presenter(s): Karin Wright

Showcase Advisor: Barak Hussein

Abstract: The Stuxnet Incident was a cybersecurity incident that impacted Iran's nuclear facilities (SCADA) systems. Stuxnet is said to have been created in a joint cyber operation between the United States and Israel. The event was caused by a worm that initially targeted SCADA systems in Iran but mutated to other industrial and energy-producing systems. The worm was the first ever virus to be capable of crippling hardware systems, as it's effects at nuclear facilities caused a noticable spark on the hardware. The worm was only able to travel between Windows computers before reaching the facilities in Iran. This incident was discovered in 2010. The worm gave false feedback to systems so it was able to easily install itself on infected computers.

Presenter(s): Mohammed Alattas

Showcase Advisor: Barak Hussein

Abstract: The Stuxnet cyberattack was a historic turning point in cybersecurity because it demonstrated that malware may cause significant physical harm to key infrastructure. Stuxnet, discovered in 2010, entered Windows systems and corrupted industrial control systems at Iran's Natanz nuclear complex. It stealthily adjusted centrifuge speeds while sending regular readings, causing damage to the equipment. This study investigates the Stuxnet incident and looks for measures to prevent such assaults in operational technology contexts, particularly in power generation. Important protections include rigorous removable media constraints, application allowlisting, network segmentation, and continual monitoring of industrial control systems. The study also emphasizes the necessity of incident response playbooks, which assist firms in detecting, containing, and recovering from cyber attacks while maintaining essential systems operational.

Presenter(s): Alex Warner

Showcase Advisor: Barak Hussein

Abstract: The Stuxnet computer worm was a cyber attack that that primarily targeted the Iran nuclear program, specifically one of their uranium enrichment sites. Stuxnet was a highly complex and thorough cyber weapon that targeted OT and SCADA systems present within this facility. It is a landmark incident in the history of cybersecurity and exposed how crucial strong security is in OT and ICS systems.

Presenter(s): Kenneth Hafford, Keya Patel, Simon Xu

Showcase Advisor: Sheikh Rabiul Islam

Abstract: The rapid digital transformation of global supply chains has significantly expanded the cyber attack surface, particularly through software dependencies, third-party integrations, cloud services, and CI/CD pipelines. Recent research (2023–2025) increasingly focuses on empirical measurement, AI-driven threat detection, and zero-trust supply chain architectures.

Presenter(s): Nyah Oyola

Showcase Advisor: Ramana Allena

Abstract: Deepfake technology has emerged as a major threat in the cybersecurity field, especially in the context of social engineering attacks. By using artificial intelligence to generate highly realistic audio, video, or images of individuals, attackers can impersonate trusted figures such as executives, coworkers, public officials, or even family members. These tactics can be used to manipulate victims into revealing sensitive information, transferring money, or granting unauthorized access to systems. Social engineering relies heavily on human trust and psychological manipulation. Deepfakes significantly amplify the effectiveness of these attacks by providing convincing visual and auditory evidence that appears to be real. Recent advances in machine learning and generative AI have made deepfake creation more accessible and affordable, lowering the barrier for cybercriminals. As a result, organizations and individuals face a growing risk of fraud, identity theft, and financial loss.

Presenter(s): Alex Ficarrotta

Showcase Advisor: Ramana Allena

Abstract: Social engineering attacks are among the most common and effective methods used by cybercriminals to compromise systems and steal sensitive information. Unlike traditional cyberattacks that exploit technical vulnerabilities, social engineering targets human behavior by manipulating trust, fear, urgency, or authority. Attackers use tactics such as phishing emails, fraudulent phone calls, impersonation scams, and malicious links disguised as legitimate messages to trick individuals into revealing passwords, downloading malware, or granting system access. As organizations strengthen technical security controls, attackers increasingly exploit the human element, one of the most vulnerable aspects of cybersecurity. Reducing the risk of these attacks requires both technological defenses and improved user awareness. Security awareness training, simulated phishing exercises, and gamified learning approaches help users recognize and respond to suspicious activity, while measures such as multi-factor authentication and least-privilege access further strengthen organizational defenses.

Presenter(s): Nicole Zhong

Showcase Advisor: John Macone

Abstract: This presentation outlines my internship experience at the University at Albany Esports Arena. In this role, I managed 36 computers used by students every day. My responsibilities included providing on-site support and fixing technical issues in real-time. This position is unique because the Arena is one of the few spaces on campus that maintains its own hardware.

Presenter(s): Michael Saint-Vil

Showcase Advisor: Richard Rose

Abstract: Ransomware has become one of the most serious cybersecurity threats affecting organizations today. These attacks involve malicious software that encrypts a victim’s data and demands payment for its release. This research examines how ransomware attacks occur, why they continue to increase, and what cybersecurity strategies can be used to detect and prevent them. The project reviews recent peer-reviewed research on ransomware detection frameworks, machine learning-based security systems, and real-world ransomware incidents such as the Colonial Pipeline attack. The literature also highlights how human factors and organizational vulnerabilities contribute to ransomware risks. Understanding these threats is important because ransomware attacks can disrupt critical infrastructure, compromise sensitive data, and cause major financial losses. This research aims to provide insight into how modern cybersecurity approaches can improve ransomware detection and strengthen organizational defenses against evolving cyber threats.

Presenter(s): Anooshah Minhas

Showcase Advisor: Sheikh Rabiul Islam

Abstract: This project builds on previous research examining how wearable technologies can support neurodiverse individuals. The primary objective of this study is to expand the analysis by applying additional machine-learning techniques to wearable sensor data in order to identify patterns that may relate to learning engagement, physical activity, or stress indicators. The research uses the WLA4ND wearable dataset and incorporates peer-reviewed literature on wearable technology, neurodiversity, and machine learning to guide the analysis.

Presenter(s): Thomas Polhemus

Showcase Advisor: Ramana Allena

Abstract: As we have learned throughout this course social engineering attacks are becoming increasingly effective and widespread throughout the industry. For my showcase poster I would like to focus on one of the emerging forms of social engineering known as vishing. Vishing is defined as a form of phishing attack in which attackers use phone calls, VoIP, or voice messaging methods to impersonate trusted individuals as bank representatives or company CEOs with the goal of obtaining personal or financial information. As technological defenses have grown stronger attackers are shifting their focus toward psychological attacks. This shift signifies the need for strong awareness programs that inform individuals how to identify vishing attacks and properly deal with them. This poster will establish what an effective awareness program may include such as role specific training and public campaigns while also analyzing emerging technologies such as artificial intelligence and voice replication used in vishing attacks.

Presenter(s): Owen Watson

Showcase Advisor: Richard Rose

Abstract: Ransomware as a Service has grown into one of the most devastating cyber threats when executed correctly. In recent years, Ransomware as a Service has been a leading cause for the surge in ransomware attacks around the world. RaaS allows ransomware developers to sell their malicious code to others, called "affiliates". This ransomware attack model removes most of the technical barrier that may hold some from executing ransomware attacks. Within the organizations targeted by these RaaS groups, those that are most frequently targeted are often critical infrastructures, such as water treatment plants, power grids, hospitals, etc. They are frequently targeted because operational disruptions in these organizations can affect millions of people, which adds significant pressure for the ransom to be paid. This project will examine how the RaaS model increases the risks and vulnerabilities in these critical infrastructures, while also highlighting different cybersecurity tactics that could be implemented to defend.

Presenter(s): Zachari Zegadlo

Showcase Advisor: Ariel Pinto

Abstract: Building on Pastizzo’s research in OT environments, this study tackles a major gap in Zero Trust Architecture (ZTA): the "residual trust" found in east-west (device-to-device) communication. While ZTA guards the front door, attackers exploit constant communication between OT and IoT devices to move laterally across the network. This research investigates how Graph Neural Networks (GNNs) can strengthen ZTA by analyzing complex, multi-hop relationships that traditional monitoring misses. Using a qualitative analytical modeling approach, this study maps how device relationships contribute to cascading risk. The focus is on micro-segmentation and continuous monitoring of post-compromise behavior rather than initial authentication. By proposing GNNs as a tool for relationship-aware analytics, the study aims to show how high-risk communication paths can be detected without disrupting critical operations. Ultimately, this provides a framework for practitioners to close the lateral movement gap and build more resilient, relationship-aware Zero Trust networks in complex industrial environments.

Presenter(s): Steeve Fils-Aime

Showcase Advisor: Barak Hussein

Abstract: Cybersecurity plays a critical role in protecting the digital world that modern society depends on every day. From personal devices and social media accounts to government systems and critical infrastructure, cyber threats are constantly evolving and becoming more sophisticated. This presentation explores the world of cybersecurity by explaining its importance, the most common types of cyber threats, and the techniques used to defend against them. It will highlight real-world examples of cyberattacks and demonstrate how individuals, organizations, and governments work to secure information systems. Additionally, the presentation will introduce key cybersecurity principles, tools, and career opportunities in the field. By increasing awareness and understanding of cybersecurity practices, this presentation aims to show how everyone can play a role in protecting digital information and maintaining a safer online environment.

Presenter(s): Jack Natter

Showcase Advisor: Ramana Allena

Abstract: Despite heavy investment in cybersecurity awareness training, human error remains a top cause of breaches. Traditional programs with long presentations, annual videos, and compliance checklists really fail to change behavior because they overwhelm and bore people. Employees forget rules fast and can't apply them to real phishing or password risks. This presentation examines why these programs fall short: information overload, no real-world context, and irrelevant examples. My presentation proposes behavior-focused alternatives like interactive simulations, ongoing phishing drills, and practical reinforcement tied to actual job responsibilities. Actual relevant training can finally bridge the gap between knowledge and action, reducing human-related cyber risks.

Presenter(s): Ryan Gurung

Showcase Advisor: Barak Hussein

Abstract: The 2021 Colonial Pipeline ransomware attack exposed critical vulnerabilities in energy infrastructure, demonstrating how compromised credentials can trigger nationwide disruptions. This research examines Zero Trust Architecture (ZTA) and AI-driven threat detection as preventive measures for critical energy operations. ZTA eliminates implicit trust by requiring continuous verification of all users and devices, while AI-powered systems identify behavioral anomalies in real time across IT-OT environments. Drawing from NIST Cybersecurity Framework and IEC 62443 standards, this study proposes a layered defense strategy incorporating multi-factor authentication, network segmentation, and automated incident response. Key findings indicate that integrating ZTA with machine learning monitoring significantly reduces attack surfaces and limits lateral movement during breaches. Implementation challenges include legacy system compatibility and workforce training gaps. This framework contributes to power generation contingency planning by embedding ZTA and AI detection within incident response playbooks, enhancing both preventive and reactive capabilities for cyber-resilient energy infrastructure.

Presenter(s): Clairvens Lapointe

Showcase Advisor: Ariel Pinto

Abstract: Building on Keyshawn Porter’s foundational study of water utilities, this research investigates how Zero Trust Architecture (ZTA) can defend two of the most targeted sectors: healthcare and education. These industries are uniquely vulnerable due to legacy systems, budget constraints, and high digital interconnectivity. The study focuses on strategic components such as Identity and Access Management (IAM), micro-segmentation, and continuous authentication to understand their effectiveness in mitigating ransomware impact.Using a qualitative methodology, the project synthesizes expert research to identify industry-specific implementation trends and the challenges organizations face during ZTA adoption. By focusing on strategy over engineering, the research aims to provide CISOs and policymakers with actionable insights for prioritizing cybersecurity investments. Ultimately, this work bridges the gap between theoretical Zero Trust principles and practical defense strategies, offering a resource for public-facing institutions to protect critical infrastructure from evolving ransomware threats.

Presenter(s): Ayomide Oriowo

Showcase Advisor: Nicole Shepard

Abstract: Artificial Intelligence (AI) is transforming cybersecurity, creating both powerful defense tools and new opportunities for cybercriminals. As organizations rely more on digital systems, AI has intensified a digital arms race between attackers and defenders. 
AI helps security teams detect unusual activity, identify malware faster, and automate responses to threats by analyzing large amounts of data in real time. However, cybercriminals are also using AI to improve attacks, such as creating convincing phishing messages, bypassing security systems, and finding software vulnerabilities.  

This presentation explores how AI is shaping modern cyber threats and defenses, highlighting real-world examples like deepfake scams and AI-powered malware, and emphasizing the need for stronger cybersecurity strategies.

Presenter(s): James Garriques, Karen Flisikowski, Ryan Gurung, Ethan Suby

Showcase Advisor: Jason Appel

Abstract: Complex digital system management of sensitive identity information and security is crucial to functioning in modern society. Weak Identity and Access Management (IAM) measures and emerging cyber warfare challenges are significant threats to overall societal cybersecurity. Inadequate performance of such systems translates into data breaches, operational disruptions, financial damage, and threats to public safety. Our projects aims to introduce some computing-based solutions for enhancing identity protection and resilience for critical infrastructure context. We have the problem then potential solutions.

Presenter(s): Mark Poris, Brian Dooley, Luke Burns, Joe Tepan, Christian St.Eloi

Showcase Advisor: Sean Atkinson

Abstract: This slideshow presentation will provide an executive-level overview of ZeuS Trojan Horse Malware and how a bank can prevent infection. Topics to be discussed in the presentation include: a review of the threat, a detailed risk assessment, technical recommendations, and remediation and prevention strategies.

Presenter(s): Ryan Hammond

Showcase Advisor: Nicole Shepard

Abstract: As people generate and use ever increasing amounts of data, it is important they are aware of how critical data security is in a world where so many aspects of life are digitized. This paper examines several evolving risks to data security, and potential future solutions relating to them. This ties to the argument that data security should be at the forthought, as many other controls rely on it. As ever more data is generated, maintaining its security must evolve with technology.  

The scope of data security extends across multiple environments, including data at rest, data in transit, and data in use. Each of these states requires different security mechanisms such as encryption, secure communication protocols, and controlled access systems. Each of these poses its own unique challenges and solutions. However, rapid technological advancements continue to challenge existing security measures.

Presenter(s): John Fermpong, Joseph Adeleye, Andres Estevez, Isaiah Russell, Wyeth Hall

Showcase Advisor: Jason Appel

Abstract: Data security is challenging because information is often shared between many connected systems. When data moves from one program to another, a weakness in one place can allow attackers to access sensitive information elsewhere. This means that even a small security problem can put a lot of data at risk. Improving data security helps protect information, even if one part of the system is attacked.

Presenter(s): Fatoumata Diaby

Showcase Advisor: Sheikh Rabiul Islam

Abstract: Abstract: 
This research presents an emotion-aware framework using transformer-based models to detect phishing attacks that exploit psychological manipulation strategies. Modern phishing campaigns increasingly utilize emotional triggers such as fear, urgency, authority, and trust to deceive victims. However, most existing detection systems primarily focus on technical indicators like URLs, domain reputation, and lexical patterns. The issue addressed in this study is the limited ability of traditional phishing detection models to recognize and interpret emotionally manipulative language found in social engineering messages.

Addressing this problem is crucial because attackers are now using advanced language generation tools to create highly persuasive phishing emails that can evade conventional filtering systems. As phishing tactics become more sophisticated, detection strategies must evolve beyond superficial text analysis and incorporate psychological and affective signals.

Presenter(s): Jason Wang

Showcase Advisor: Ramana Allena

Abstract: I will start off with explaining what social engineering attacks are and why they are able to work off of human psychology. My reasoning for this topic is due to the fact that I have not only heard of countless phishing attacks but I have also seen a family member fall victim to one. I am constantly sent texts and emails to fraudulent websites. Moreover, as technology continues to advance, the skills and means needed from attackers to complete a phishing attack or other methods of social engineering decrease. I will discuss the types of attacks how they vary and the methods of combat.  I will include discussions on peer education, proper data protection, policy and procedure regulation, employee training and more. I will go over not only why each of these solutions are helpful, but also why each are necessary and what can be done to ensure its impact.

Presenter(s): Utham Manoharan

Showcase Advisor: David Adkins

Abstract: Zero Trust Architecture (ZTA) has emerged as a critical security model for modern hybrid enterprise networks. This presentation analyzes how traditional perimeter-based security allows attackers to move laterally once initial access is obtained. Using frameworks such as NIST SP 800-207 and MITRE ATT&CK, the study examines common lateral movement techniques and architectural weaknesses. It further evaluates how Zero Trust principles—continuous authentication, least privilege access, and micro-segmentation—can significantly reduce internal attack propagation and strengthen enterprise network resilience.