Bill Stackpole

Professor

Department of Cybersecurity

Golisano College of Computing and Information Sciences

bill.stackpole@rit.edu

585-475-5351

Office Mailing Address

152 Lomb Memorial Drive Rochester, NY 14623

Bill Stackpole

Professor

Department of Cybersecurity

Golisano College of Computing and Information Sciences

Education

BS, Roberts Wesleyan College; MS, Rochester Institute of Technology

Bio

Professor in the Cybersecurity department, received his MS in Information Technology from Rochester Institute of Technology. Since joining RIT in 2001, Professor Stackpole has been actively involved in the IT security area, especially in computer forensics, penetration testing and security competitions. His current research interests include system security, computer forensics and incident response, and training for blue and red teams. He has published papers in research conferences and journals and received grants from the DOD, RIT, ETRI, University of Tulsa, and private sector companies. Professor Stackpole teaches a variety of undergraduate and graduate courses in digital forensics and security and created and directed the Collegiate Penetration Testing Competition at RIT. nationalcptc.org

bill.stackpole@rit.edu

585-475-5351

Areas of Expertise

Security and Privacy

Ethical hacking/pentesting

Defensive and Offensive Security

Open-source intelligence

Digital Forensics

Select Scholarship

Published Conference Proceedings

Kim, Youngho, Bill Stackpole, and Tae Oh. "Analysis of Mobile Malware Based on User Awareness." Proceedings of the 3rd Annual Conference on Research in Information Technology, Atlanta, GA. Ed. Rob Friedman. Atlanta, GA: n.p., 2014. Web.

Sharma, Kuhu, et al. "Meshed Tree Protocol for Faster Convergence in Switched Networks." Proceedings of the ICNS 2014: The Tenth International Conference on Networking and Services. Chamonix, France: n.p., 2014. Web.

Hartpence, Bruce, et al. "Natural Selection in Virtualization Environments: A Decade of Lessons from Academia." Proceedings of the 11th International Conference on Education and Information Systems, Technologies and Applications: EISTA, Orlando Florida, July 2013. Orlando, Fl: n.p., Print.

Johnson, Daryl, et al. "Designing, Constructing and Implementing a Low-Cost Virtualization Cluster for Education." Proceedings of the 11th International Conference on Education and Information Systems, Technologies and Applications: EISTA, Orlando, FL July 2013. Orlando, FL: n.p., Print.

Markowsky, George, et al. "The 2013 NECCDC - Lessons Learned." Proceedings of the 2013 International Conference on Security and Management. Las Vegas, NV: n.p., Print.

Szost, Colin, et al. "Teaching Android Malware Behaviors for Android Platform using Interactive Labs." Proceedings of the Annual Symposium on Information Assurance, Albany, NY June 2013. Albany, NY: n.p., Print.

Sharma, Kriti, et al. "Malware Analysis for Android Operating System." Proceedings of the Annual Symposium on Information Assurance, Albany, NY June 2013. Albany, NY: n.p., Print.

Andrews, Benjamin, Tom Oh, and Bill Stackpole. "Android Malware Analysis Platform." Proceedings of the Annual Symposium on Information Assurance, Albany, NY June 2013. Albany, NY: n.p., Print.

Mauer, Brandon, William Stackpole, and Daryl Johnson. "Developing Small Team-based Cyber Security Exercises." Proceedings of the 2012 International Conference on Security and Management. Las Vegas, NV: SAM, 2012. Web.

Hirwani, M, et al. "Forensic Acquisition and Analysis of VMware Virtual Hard Disks." Proceedings of the 2012 International Conference on Security and Management. Las Vegas, NV: SAM, 2012. Web.

Pan, Yin, et al. "Game-based Forensics Course For First Year Students." Proceedings of the SIG ITE 2012. Ed. ACM. Calgary, Alberta, Canada: ACM 978-1-4503-1464-0/12/10, 2012. Web.

Gonzalez, Carlos, Bill Stackpole, and Tae Oh. "Anti-Spyware Analysis for iOS: An Evaluation of Current Security Products Available for iOS." Proceedings of the Annual Symposium on Information Assurance & Secure Knowledge Management. Albany, NY: ASIA, 2012. Print.

Cummins, Emily, Bill Stackpole, and Tae Oh. "Blackberry Structure and Anti-Malware Analysis." Proceedings of the Annual Symposium on Information Assurance & Secure Knowledge Management. Albany, NY: SAM, 2012. Print.

Ramachandran, Rahul, Tae Oh, and William Stackple. "Android Anti-Virus Analysis." Proceedings of the Annual Symposium on Information Assurance & Secure Knowledge Management. Albany, NY: ASIA, 2012. Print.

Levinson, Alex, Bill Stackpole, and Daryl Johnson. "Third Party Application Forensics on Apple Mobile Devices." Proceedings of the Hawaii International Conference on System Sciences. Ed. Ralph H. Sprague, Jr. Kauai, HI: HICSS, 2011. Print.

Shows/Exhibits/Installations

Szost, Colin. Teaching Android Malware Behavior for the Android Platform Using Interactive Labs. By Colin Szost, Tom Oh, and Bill Stackpole. May 2013. ImagineRIT, Rochester. Exhibit.

Journal Paper

Alghamdi, Khaled, Tae Oh, and Bill Stackpole. "Bluetooth Security Lock for Android Smart Phone Platform." International Journal of Scientific and Engineering Research 3. 7 (2012): 2. Web.

Currently Teaching

CSEC-380

Principles of Web Application Security

3 Credits

This course is designed to give students a foundation in the theories and practice relating to web application security. The course will introduce students to the concepts associated with deploying and securing a typical HTTP environment as well as defensive techniques they may employ.

CSEC-471

Penetration Testing Frameworks & Methodologies

3 Credits

The process and methodologies employed in negotiating a contract, performing a penetration test, and presenting the results will be examined and exercised. Students will be exposed to tools and techniques employed in penetration testing. Assignments will explore the difficulties and challenges in planning for and conducting an assessment exposing potential vulnerabilities. Students will develop a metric used to evaluate the security posture of a given network and will develop a coherent and comprehensive report of their findings to present to their client. Particular attention will be paid to the ramifications of the findings toward the security of the targets.

CSEC-473

Cyber Defense Techniques

3 Credits

Students will study, build, defend and test the security of computer systems and networking infrastructure while potentially under attack. Students will gain an understanding of standard business operations, timelines and the value of risk and project management. Techniques as related to security guidelines and goals will be studied. Aspects of legal requirements, inheriting existing infrastructure, techniques for backup and recovery of data and systems will be examined.

CSEC-559

UG Sem in Computing Security

0 - 3 Credits

This course explores current topics in computing security. It is intended as a place holder course for faculty to experiment new course offerings in Computing Security undergraduate program. Course specific details change with respect to each specific focal area proposed by faculty.

CSEC-603

Enterprise Security

3 Credits

This course is designed to provide students with the advanced concepts needed to establish network security strategies to ensure adequate protection for the corporate environment and yet provide accessibility for the corporate community.

CSEC-659

Seminar in Computing Security

3 Credits

This course offers an opportunity to learn about a specific seminar topic in more depth. The course description will be replaced by the specific instance of the seminar, as it is proposed by faculty.

CSEC-742

Computer System Security

3 Credits

The importance of effective security policies and procedures coupled with experience and practice is emphasized and reinforced through research and practical assignments. Organization and management of security discipline and response to threats is studied. Case studies of effective and failed security planning and implementation will be examined and analyzed. The issues influencing proper and appropriate planning for security and response to attacks will be studied. To be successful in this course students should be knowledgeable in networking, systems, and security technologies.

MGIS-589

Hacking for Defense (H4D)

3 Credits

Students work with multidisciplinary teams to solve real problems for the United States government, as well as critical infrastructure partners in the Healthcare, Finance, and Energy sectors, through the Hacking for Defense initiative (www.H4Di.org). Students will build a foundation in requirements elicitation through structured interview. Students learn lean launchpad methods to define problems and design technology and/or service innovations, ultimately leading to well-grounded opportunities for follow-on commercialization and academic research.

In the News

March 21, 2022

RIT competes in 2022 Northeast regional collegiate cyber defense competition

A team of Rochester Institute of Technology cybersecurity students competed in the 2022 Northeast Collegiate Cyber Defense Competition (NECCDC) March 18-20.
March 22, 2021

RIT wins Northeast regional collegiate cyber defense competition

A team of RIT cybersecurity students is moving on to the National Collegiate Cyber Defense Competition (NCCDC), after taking first place at the regional competition March 19–21. The annual event is part of the nation’s largest college-level cyber defense competition.
May 21, 2020

RIT team prepares for virtual cyber defense national championship

RIT’s cyber defense team is getting a first-hand look at the challenges of socially distanced business operations, as they prepare for a new format of the National Collegiate Cyber Defense Competition (CCDC). The annual championship is part of the nation’s largest college-level cyber defense competition, an extracurricular event that helps to train the next generation of cybersecurity experts.

More News