J. Thomas Haigh, Ph.D.
Dr. Haigh has a unique combination of academic, industrial research, and high tech strategic planning and product development experience. His own research on formal security policy modeling and verification for operating systems and database management systems led to the concept of role based access control (RBAC), which has become the cornerstone for enterprise information security policies. He has developed and implemented successful corporate research strategies in cyber security, and he has provided the technical vision for a comprehensive portfolio of information security products.
Since joining Adventium, Dr. Haigh has served as Principal Investigator on the Behavioral Adversary Modeling (BAMS) project funded by ARDA, the Sensor Configuration Oriented to Adversary Plans (SCOAP) project funded by the Air Force Research Laboratory, and the DARPA-funded Strengthen, Protect, Detect, and React (SPDR) project. For BAMS, Dr. Haigh and his team investigated methods for applying artificial intelligence planning techniques to perform network vulnerability analysis by generating the attacks that an adversary could mount against a given network. On the SCOAP project, he and his team are applied the results of BAMS to automatically generate intrusion detection sensors and then to select and place an optimal set of these sensors on the network. For SPDR his team developed a system for detecting, thwarting, and attributing attacks by malicious insiders. To accomplish this they integrated results from the SCOAP project with plan recognition technology and an innovative Detection and Response Embedded Device (DRED™) being developed for SPDR.
As a researcher at the Honeywell Secure Computing Technology Center, Dr. Haigh led the team that developed the security policy and the formal verification for several secure operating systems. He also served as the architect and principal investigator for several secure database management systems. As Vice President for Research at the Secure Computing Corporation, he developed the corporate research capability and grew it from a $300 thousand operation to a $2.7 million operation in three years. Teams under his direction performed the initial research in several security technologies that have been commercialized, including Security Enhanced Linux (SE Linux), the Sidewinder firewall, and the 3Com Embedded Firewall. As the CTO at Secure Computing, Dr. Haigh was responsible for the integration of the three disparate product lines, and he worked closely with marketing to identify key technology trends and to determine their impact on the Secure Computing product suite. While working for the Cyber Defense Agency (CDA), Dr. Haigh provided technical leadership for the Global Information Grid (GIG) IA risk assessment, funded by NSA. He served as technical lead for the development of a new efficient, quantitative approach for comparing the reduction in risk associated with different combinations of IA protection mechanisms.