Core Faculty Members
Thomas Rid is Professor of Strategic Studies and the Institute’s founding director. Rid is the author of the acclaimed Active Measures, a sweeping history of disinformation (Farrar, Straus and Giroux, 2020). His previous book, Rise of the Machines, (Norton, 2016), tells the story of how cybernetics, a late-1940s theory of machines, came to incite anarchy and war. His 2015 article “Attributing Cyber Attacks” was designed to explain, guide, and improve the identification of network breaches (Journal of Strategic Studies 2015). In 2013, he published Cyber War Will Not Take Place, now a classic. Thomas teaches Disinformation, Information Security, and Foundations of Cybersecurity. He’s @ridt on infosec.exchange on Mastodon.
Elly Rostoum is the Institute’s Managing Director, an Adjunct Professor at SAIS, and a Lecturer at Johns Hopkins University’s Krieger School of Arts and Sciences. Elly is a former U.S. intelligence analyst, and National Security Council staffer at the White House. She is a Hans J. Morgenthau Fellow in U.S. Grand Strategy. Elly’s research examines American national security vulnerabilities of foreign direct investment in foundational, critical, and emerging technologies in the AI, finance, biotech, and IoT sectors. She is an expert on CFIUS governance, and specializes regionally on China and the Middle East. Elly speaks 5 languages, and 22 Arabic dialects. She holds degrees from Bates College, Harvard University, and Stanford University. Elly is finishing her PhD from the University of Massachusetts, Boston. Elly teaches the U.S. National Security and Critical and Emerging Technology Practicum, China’s Rise and Its Impact on Global Security, and Chinese Foreign Direct Investment and US National Security Vulnerabilities.
Juan Andres Guerrero-Saade is a Distinguished Resident Fellow for Threat Intelligence and Adjunct Professor at the Alperovitch Institute. Juan Andres is the Associate Vice President of Research at SentinelOne, leading the SentinelLabs research team. Juan Andres (better known as ‘JAGS’) has advanced cyber threat intelligence and analysis methodology, discovered a variety of noteworthy threat actors, and aided in the development of innovative malware hunting and reverse engineering tools to scale and improve investigations. Before joining SentinelOne, JAGS led multiple threat intelligence teams at Google, Chronicle, and was a Principal Security Researcher at GReAT. His research focuses on tracking targeted attacks at global scale, aiding analysis efforts for ongoing cyber-supported hot conflicts, and improving reverse engineering tooling by leveraging recent advancements in LLMs. Professor Guerrero-Saade teaches courses on State-Sponsored Cyber Operations and a Malware Analysis Primer. In 2023, his Malware Analysis Primer was the first academic course to leverage ChatGPT as a teaching assistant for non-technical students. Later that year, JAGS was presented with a Presidential Volunteer Service Award for thousands of hours contributed in furthering the country’s cyber preparedness. His research work is the subject of two permanent exhibits at the International Spy Museum, including the “Cyber Infinity Room” and “Moonlight Maze.”
Melissa K. Griffith is a Lecturer in Technology and National Security at SAIS, and a Non-Resident Research Fellow at the University of California, Berkeley’s Center for Long-Term Cybersecurity. She works at the intersection between technology and national security, specializing in cybersecurity, semiconductors, and AI with a focus on national risk and resilience models. Melissa holds a Ph.D. and an M.A. in Political Science from the University of California, Berkeley, and a B.A. in International Relations from Agnes Scott College. Melissa teaches Semiconductors: Industry, Security, and Geopolitics, Cyber Operations: How and Why States Compete in Cyberspace, and co-teaches Intelligence II: Signals & Cyber.
Olga Belogolova is the Director of the Emerging Technologies Initiative and a Lecturer at SAIS. At Facebook/Meta, she led policy for countering influence operations, leading policies on coordinated inauthentic behavior, state media capture, and hack-and-leaks within the Trust and Safety team. Prior to that, she led threat intelligence work on Russia and Eastern Europe at Facebook. Olga previously worked as a journalist and her work has appeared in The Atlantic, Inside Defense, and The Globe and Mail, among others. She holds a Master’s degree in Strategic Studies from SAIS and a Bachelor’s degree in Journalism and European Studies from Boston University. Olga teaches Influence Operations in the Digital Age.
Adjunct Faculty Members
John Hultquist is the Chief Analyst at Mandiant Intelligence, a Google Cloud company. He was previously the Vice President for Intelligence Analysis at the FireEye Mandiant Threat Intelligence analysis team. Prior to the acquisition of iSIGHT Partners by FireEye, John led iSIGHT’s cyber espionage practice and was responsible for creating the cyber espionage reporting line. He has over a decade of experience covering emerging threats in cyber espionage and hacktivism and working in senior intelligence analysis positions in the United States. John is the founder of CYBERWARCON and SLEUTHCON. Before working in cyber security, John worked with information sharing and analysis centers, and was involved in counterinsurgency operations in the U.S. Army. John teaches Global Cyber Threats.
Jason Kikta is the Chief Information Security Officer (CISO) and Senior Vice President of Product at Automox. He previously served for over twenty years in the United States Marine Corps. This included seven years at United States Cyber Command designing and managing the national counter-APT and counter-ransomware missions. While there, he started the command’s private sector operational collaboration, public disclosure, and hunt forward programs. Jason is an adjunct Senior Technical Advisor to the Institute for Security and Technology in San Francisco, CA. Jason teaches Intelligence and Cyberspace.
Jeanette Manfra is the Global Director for Security and Compliance at Google. Previously, she served as the Assistant Director for Cybersecurity for the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), where she led the Department of Homeland Security mission of protecting and strengthening the nation’s critical infrastructure from cyber threats. Jeanette was Assistant Secretary for the Office of Cybersecurity and Communications for the National Protection and Programs Directorate. Previously, she served as Acting Deputy Under Secretary for Cybersecurity and Director for Strategy, Policy, and Plans for NPPD. She also served as Senior Counselor for Cybersecurity to the Secretary of Homeland Security and Director for Critical Infrastructure Cybersecurity on the National Security Council staff at the White House. Before joining DHS, Jeanette served in the U.S. Army as a communications specialist and a Military Intelligence Officer. Jeanette teaches a course on the history and evolution of cyber policy.
Andrew Boyd is the former Director of the Central Intelligence Agency’s (CIA) Center for Cyber Intelligence (CCI). He was a Senior Intelligence Service officer in the CIA’s Directorate of Operations. He has extensive experience leading worldwide intelligence operations, and in-depth knowledge of geopolitics, cyber operations and policy, and security practices and risk mitigation. His most recent assignment as the Director for the Central Intelligence Agency’s Center for Cyber Intelligence (CCI) oversaw responsibility for intelligence collection, analysis, and operations focused on foreign cyber threats to US interests. Prior to his role as Director of CCI, Andy served as Chief of Operations, Counterterrorism Mission Center (CTMC). He has led global counterterrorism operations against multiple global terror organizations via unilateral operations and jointly with multiple international partners. Andy was personally involved with many of the most consequential counterterrorism operations of the past decade. Prior to his service in CTMC, Andy served as a Chief of Station in a country in the Middle East leading the full scope of US intelligence operations in an austere combat zone including operations, security and force protection of the CIA workforce. Andy also served as a Deputy Chief of Station and an Acting Chief of Station of a large CIA Station in the Middle East. Andy represented the CIA Director, and other U.S. government leaders to numerous foreign partners. In 2010-2012, Andy led the CIA work force in HQS and the field engaging in critical intelligence operations to inform policy-makers regarding the “Arab Spring” revolutions across North Africa. He represented the CIA in high level policy meetings in Washington up to and including Oval Office engagements with the President and his staff. Prior to joining the CIA, Andy served for a decade as a U.S. State Department Foreign Service Officer at the US Embassies in Saudi Arabia, Lebanon, Tunisia, Iraq and Syria. Andy served as an active duty U.S. Air Force intelligence officer from 1993-1999. Andy holds a B.S. in History from the U.S. Air Force Academy, an M.A. in International Relations from Catholic University, and a M.S. in Strategic Policy from the National War College. Andrew teaches Intelligence and Cyber Policy.
Bryan Vorndran was named assistant director of the FBI’s Cyber Division in March 2021. Mr. Vorndran had most recently served as the special agent in charge of the New Orleans Field Office. Mr. Vorndran joined the FBI as a special agent in 2003. He was first assigned to the Washington Field Office, where he primarily investigated criminal enterprises trafficking cocaine and heroin. In 2008, he spent five months as part of the International Contract Corruption Task Force in Afghanistan. He was promoted to supervisory special agent in 2009 and was assigned to the Counterterrorism Division at Headquarters; he was promoted to unit chief in 2012. In 2013, Mr. Vorndran was named to lead the Washington Field Office’s Joint Terrorism Task Force. He was promoted to assistant special agent in charge of the cyber and counterintelligence programs at the Baltimore Field Office in 2016. The next year, he was promoted to chief of the Strategic Operations Section of the Counterterrorism Division at Headquarters. Mr. Vorndran was named a deputy assistant director of the Criminal Investigative Division in 2018. As a deputy, Mr. Vorndran oversaw FBI programs intended to help dismantle transnational criminal organizations impacting the United States, combat violent and gang-related violent crimes, and counter crimes against children. In 2019, Mr. Vorndran was named the special agent in charge of the New Orleans Field Office. Before joining the Bureau, Mr. Vorndran was an engineer for The Procter & Gamble Co. and for Merck & Co. He earned a bachelor’s degree in civil engineering from Lafayette College in 1998 and a Master of Business Administration from the Ross School of Business at the University of Michigan in 2012.
Alan Kohler is a 27-year veteran of the Federal Bureau of Investigation (FBI) and spent his entire career working counterintelligence and national security matters. He retired in 2023 after serving three years as the assistant director of the FBI’s Counterintelligence Division. He is currently is the President of Pamir Consulting, a strategic risk consulting firm in northern Virginia. Mr. Kohler joined the FBI as a special agent in 1996 and worked counterintelligence matters at the Washington Field Office. He also served on the Evidence Response Team and took part in the FBI’s response to the 9/11 attack on the Pentagon. In 2003, he transferred to the Counterintelligence Division to manage Russian counterintelligence investigations and was promoted to unit chief in 2004. In 2006, Mr. Kohler transferred to the New York Field Office to supervise a counterintelligence squad and then later a squad working cyber national security and criminal matters. He served as an assistant legal attaché in London beginning in 2012, acting as the FBI’s liaison with British intelligence and law enforcement agencies. Mr. Kohler moved to the Norfolk Field Office in Virginia in 2016 as the assistant special agent in charge of the counterintelligence, counterterrorism, intelligence, and crisis management programs. He returned to FBI Headquarters in 2017 as the chief of the Eurasian Section, which manages the Bureau’s operations countering Russian intelligence threats. In 2018, he was promoted to deputy assistant director in the Counterintelligence Division and managed multiple portfolios. Mr. Kohler was promoted to the special agent in charge of the Counterintelligence Division at the Washington Field Office in 2019 and then as assistant director for the Counterintelligence Division in 2020. Mr. Kohler is a recipient of the Attorney General’s Award for Exceptional Service, the FBI Director’s Award for Outstanding Counterintelligence Investigation, and the Exceptional Achievement Medal from the Director of National Intelligence. Before joining the Bureau, Mr. Kohler managed engineering research for a private technology firm. He earned bachelor’s and master’s degrees in ceramic engineering from Rutgers University.
Maria Markstedter is the CEO of Azeria Labs, and the author of “Blue Fox: Arm Assembly Internals & Reverse Engineering.” Maria was named Forbes Cybersecurity Person of the Year in 2020. She is a member of the technical review board for the Black Hat security conference and serves on the Technical Advisory Council (TAC) for the Cybersecurity Advisory Committee at CISA. Maria has played pivotal roles across various security sectors. She was previously the Chief Product Officer at the Arm virtualization startup, Corellium Inc., and has worked with Arm Ltd. on exploit mitigation research in Cambridge. In 2018, Maria was honored on the Forbes “30 under 30” Technology list. She holds a Bachelor’s degree in Corporate Security, and a Master’s degree in Enterprise Security. Maria continues to empower security researchers and developers worldwide, offering high-quality training services to both public and private sector organizations, aimed at effectively attacking and defending Arm-based software. Maria teaches Introduction to Arm Assembly and Exploitation.
Mary Julia Emanuel is a widely respected Industrial Control Systems Incident Response Analyst. She currently serves in the Threat Hunting subdivision of the Cybersecurity Division at the Cybersecurity and Infrastructure Security Agency (CISA). MJ holds a Master’s degree in Information Security Policy and Management from Carnegie Mellon University. MJ teaches Critical Infrastructure for Threat Intelligence.
Lee Foster is the Co-Founder and CEO of Aspect Labs, a security company focused on protecting commercial AI deployments against bias, misuse and adversarial attacks. He was previously Director of Information Operations Analysis at FireEye/Mandiant, where he helped pioneer the cybersecurity industry’s push into detecting cyber-enabled influence operations and state-sponsored disinformation campaigns. Lee has extensive experience in threat intelligence and a particular passion for advancing analytic tradecraft and integrating state-of-the-art data analytics practices with traditional intelligence investigations and analysis. He holds an MA in Intelligence and International Security, an MA in Political Science (International Relations), and an MS in Analytics (Computational Data Analytics). Lee teaches Threat Intelligence for Information Operations and Introduction to Applied Machine Learning for Threat Intelligence Analysis.
Brandon Levene is a respected threat researcher with over a decade of experience focusing primarily on financially motivated threat actors. Brandon began his career as a Security Analyst at Dell SecureWorks before joining Salesforce and Palo Alto Networks, where he specialized in malware analysis and threat hunting. During his tenure at Google and Chronicle (an Alphabet subsidiary), Brandon’s responsibilities included leading Applied Intelligence and significant projects involving threat research and community facilitation. Brandon was also a member of the Microsoft Threat Intelligence center, where he tracked adversaries specializing in ransomware. In 2023, Brandon founded Lightforge Ventures, which specializes in product-led investigations to assist organizations in creating content with security in mind. Brandon’s publications include “Crimeware in the Modern Era: A Cost We Cannot Ignore,” multiple original blogs covering threat actors and their campaigns, and numerous guest blogs and media commentary. Brandon teaches Cybercrime and Cybercriminals.
Alex Orleans works at the leading edge of the most sophisticated cyber intrusions across both the public and private sectors. He brings a unique lens of identifying the intersection between traditional intelligence paradigms and modern cyberspace issues. Alex can often be heard proclaiming “Shape, not deter,” his approach to the future of cyber operations.
Ben Read is the Senior Manager for cyber espionage analysis at Mandiant (now a Google Cloud company). He was formerly the Director of Mandiant Intelligence’s cyber espionage analysis team. Ben’s team is responsible for tracking and reporting on espionage groups from China, Russia, North Korea and many other countries. He was an analyst on the same team at iSIGHT Partners before it was acquired by FireEye in January 2016. Prior to iSIGHT, Ben worked as a special assistant at the National Security Council’s European Affairs Directorate. While there, he supported the numerous presidential trips and meetings including the 2012 NATO Summit in Chicago. Ben teaches Global Cyber Threats.
Gabriel Bernadett-Shapiro is a cybersecurity leader with extensive experience in threat intelligence and incident response. He was most recently at OpenAI, working on the forefront of AI safety’s explosion, transforming investigations of emerging threats into capability evaluations for the GPT-4 model card. He also fostered collaboration between AI safety researchers and the information security community through the Cyber Grant Program. Prior to OpenAI Gabriel was a senior analyst on the Apple Information Security Threat Intelligence team. Originally from the Bay Area, Gabriel holds a Masters of Arts in Public Diplomacy from USC, and a BA in International Relations from Occidental College. Gabe teaches Building with Artificial Intelligence: an Introduction to Leveraging LLMs for Automation and Intelligence.
Gavin Wilde is a senior fellow in at the Carnegie Endowment for International Peace. He previously served on the National Security Council as director for Russia, Baltic, and Caucasus affairs and served in senior analyst and leadership roles at the National Security Agency for over a decade, after several years as a linguist for the Federal Bureau of Investigation. He is a nonresident fellow at Defense Priorities and previously assessed geopolitical risk for multinational corporations as a managing consultant at Krebs Stamos Group, a cybersecurity advisory. Wilde holds a BA in Russian Studies from the University of Utah and graduated with distinction from the National War College with an MS in National Security Strategy. Gavin teaches Information Conflict and International Order.
Robert Lee is a recognized authority in the industrial cybersecurity community. He is CEO and co-founder of Dragos, a global technology leader in cybersecurity for industrial controls systems (ICS)/operational technology (OT) environments. Robert also serves on the Department of Energy’s Electricity Advisory Committee as the Vice Chair of the Energy’s Grid Resilience for National Security Subcommittee, and is a member of the World Economic Forum’s subcommittees on Cyber Resilience for the Oil & Gas and Electricity communities. Robert testified to the U.S. House of Representatives Committee on Energy and Commerce–Subcommittee on Oversight and Investigations, and to the U.S. Senate Energy and Natural Resources Committee, to advise on policy issues related to critical infrastructure cyber threats. He has also presented at the World Economic Forum Annual Meeting in Davos. Robert began his pioneering work in ICS/OT cybersecurity as a U.S. Air Force Cyber Warfare Operations Officer tasked to the National Security Agency, where he built a first-of-its-kind mission identifying and analyzing national threats to industrial infrastructure. He went on to build the industrial community’s first dedicated monitoring and incident response class at the SANS Institute (ICS515) and the industry recognized cyber threat intelligence course (FOR578).
Visiting Fellows
Richard Bach has spent over 30 years in the UK’s national security community in an extensive range of operational and technical roles, and in international relations. Since 2010 his focus has been on cyber security in both the public and private sectors. Since leaving the public sector in 2016, Richard has co-founded, led and advised a number of tech/security startups. Currently he is a partner with Heligan Group, a UK investment bank which specializes in technology relating to national security, public safety, and the detection and prevention of crime. He is also chairman of a defense and security scaleup. Richard has an MSc in computer and network security.
Kim Zetter is an award-winning investigative journalist and author who has covered cybersecurity and national security for more than a decade, initially for WIRED, where she wrote for thirteen years, and more recently for the New York Times Magazine, Politico, Washington Post, Motherboard/Vice, The Intercept and Yahoo News. She has been repeatedly voted one of the top ten security journalists in the country by security professionals and her journalism peers. Kim has broken numerous national stories about NSA and FBI surveillance, nation-state hacking, the hacker underground, the Russian sabotage of Ukraine’s power grid and its use of that country as a testing ground, and election security. She is considered one of the leading experts on the latter, and in 2018 authored a New York Times Magazine cover story on the crisis of election security. Kim has also written extensively about cyber warfare and wrote an acclaimed book on the topic — Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon — about a sophisticated virus/worm developed by the U.S. and Israel to covertly sabotage Iran’s nuclear program.
Camille Francois’ work spans several aspects of cybersecurity, from developing industry-leading programs focused on protecting vulnerable users to detecting information operations. She was previously Chief Innovation Officer at Graphika, where she built and led a team dedicated to exposing and mitigating information operations across platforms. Prior to that, she served as a Principal Researcher at Google. She has advised governments and parliamentary committees on both sides of the Atlantic and investigated Russian interference in the 2016 U.S. presidential election on behalf of the U.S. Senate Select Intelligence Committee. Camille is working with Thomas on a larger project.
PhD Fellows
Sandra Joyce is an Alperovitch PhD Fellow. She is the Vice President of Mandiant Intelligence at Google Cloud. She was previously the Executive Vice President of Mandiant, where she oversees intelligence collection, research, analysis, and services for the Mandiant security product portfolio. She previously served in positions in intelligence research, product management, and business development over the course of over 24 years in both national security and commercial industries. As a Lieutenant Colonel in the U.S. Air Force Reserve, Sandra serves as a faculty member at the National Intelligence University. She holds an MBA from MIT, and four additional master’s degrees in cyber-policy, international affairs, science and technology intelligence, and military operational art and science. Sandra speaks English, Spanish, and German.
Martin Wendiggensen is an Alperovitch PhD Fellow, and a research assistant at the Alperovitch Institute, focusing on Great Power Competition in Cyberspace including state-sponsored disinformation, influence campaigns, and cyber-security incidents. Previously, he received a Bachelor’s degree in Political Science with a focus on quantitative methods from the University of Mannheim and studied in China, Israel, and Italy. After working for a member of the German National Parliament’s Foreign Affairs Committee, Martin is now studying towards a Master’s degree in International Relations at SAIS. He has conducted research at NATO as well as the University of Mannheim and is currently engaged in a SAIS research grant.
Oskar Galeev is an Alperovitch PhD Fellow. His research is concerned with the proliferation of digital control tools in developing countries. Oskar speaks Russian, Chinese, French, and Tatar language. He has previously received a bachelor’s degree in International Studies from Leiden University and a master’s degree in China Studies from the Yenching Academy of Peking University. Prior to joining the Alperovitch Institute, Oskar worked in non-governmental organizations, in academia, and in the telecommunications sector, focusing on the cybergeography of emerging markets.
Simin Kargar is a PhD student under the supervision of Prof. Rid. Her research centers on the synergies between the public and private sectors on cybersecurity and counterintelligence. She studies the emergence of the threat intelligence industry, its contributions to strategic cyber defense, and the implications for national security. Kargar has a background in human rights and emerging technologies and is a Senior Non-resident Fellow at the Atlantic Council’s Digital Forensic Research Lab (DFRLab), where she focuses on information warfare in the Middle East and the policy responses that it calls for. Previously, Simin has worked with a variety of public and private stakeholders on the interrelations of cybersecurity and geopolitics in repressive environments.