About Us

At the CERT Division of the Software Engineering Institute (SEI), we study and solve problems with widespread cybersecurity implications, research security vulnerabilities in software products, contribute to long-term changes in networked systems, and develop cutting-edge information and training to help improve cybersecurity.

We are more than a research organization. Working with software vendors, we help resolve software vulnerabilities. We develop tools, products, and methods to help organizations conduct forensic examinations, analyze vulnerabilities, and monitor large-scale networks. We help organizations determine how effective their security-related practices are. And we share our work at conferences; in blogs, webinars, and podcasts; and through our many articles, technical reports, and white papers. We collaborate with high-level government organizations, such as the U.S. Department of Defense and the Department of Homeland Security (DHS); law enforcement, including the FBI; the intelligence community; and many industry organizations.

Working together, DHS and the CERT Division meet mutually set goals in areas such as data collection and mining, statistics and trend analysis, computer and network security, incident management, insider threat, software assurance, and more. The results of this work include exercises, courses, and systems that were designed, implemented, and delivered to DHS and its customers as part of the SEI's mission to transition SEI capabilities to the public and private sectors and improve the practice of cybersecurity.

The Value of Knowledge and Experience

Our diverse group of researchers, software engineers, security analysts, and digital intelligence specialists relies on both theoretical and empirical knowledge to understand security problems. In addition to our scientific research, collecting actual, real-world data helps us to gain insight into the current climate. By analyzing network traffic, we can help organizations to identify patterns that may indicate attacks.

Our databases of information about software vulnerabilities and malicious code, coupled with our understanding of the software development lifecycle, serve as a basis for developing remediation strategies and solutions and working with developers to improve new software. We also focus on improving organizations' security by helping them identify security gaps and internal threats. Malicious insiders pose a serious threat to organizations, and our database of information about over 1,000 actual insider threat cases helps us to identify motivations and warning signs.

Creating Impact in the Community

We use the insights gained through our research and analysis of these data collected across the CERT Division to develop practical, applicable solutions to relevant problems. Then we make these solutions available to the people who need them. We also contribute to standards efforts to improve software security. We publish numerous tools for a range of activities, including discovering vulnerabilities, analyzing network traffic, and facilitating digital investigations.

Organizations can choose from our many assessments and models to enhance their security profiles through activities such as identifying information security gaps, improving resilience, and measuring susceptibility to insider threats.

In the area of digital intelligence and investigation, we work closely with federal law enforcement and intelligence agencies to provide operational support, identify and develop tools that address gaps not met by commercial tools, and provide training to improve the state of the practice among digital forensic analysts. Our staff members help agencies craft strategies for executing search warrants when the subject is known to be employing particularly sophisticated, technical countermeasures. We also provide the analytical support that law enforcement needs to successfully prosecute some of the nation's largest credit card theft cases.

To increase the preparedness of other cybersecurity professionals faced with these issues, we developed training. Our cybersecurity courses help you tackle the cybersecurity challenges you face in areas such as insider threats, DevOps, and software assurance, to name a few. Formally acknowledge your professional accomplishments by earning one of our professional certificates in fields such as insider threat, digital forensics, secure coding, and security management.

In addition to traditional classroom-based courses, we offer course materials through STEP, our virtual training environment that allows users to access a variety of online resources at their own pace, at any time and from any location. Geographically dispersed team members can work together on customized scenarios to improve and hone their skills. 

Our staff has also collaborated with educators from a number of other universities to develop a curriculum in software assurance, which will join our existing survivability and information assurance curriculum. In addition, many of our staff members teach courses in information security at Carnegie Mellon University.

Contributing to National Security Efforts

Our efforts extend to the national and global levels as well. Over the years, we have provided direct support to the Department of Defense (DoD) through projects designed to improve the security of networks. Working with the Defense Information Systems Agency in an effort to increase global situational awareness, we provide core analytical systems that are used across the DoD. Our technical staff members have also been at the center of the engineering and development activities for the Community Data Center, an initiative created to compile an array of analytical processes and systems to address threats to DoD networks.

We are working with partners in the Navy's Space and Naval Warfare Systems Center and the MITRE Corporation to develop a proof-of-concept vulnerability remediation capability that will use standards-based remediation processes for the first time. In the area of malicious code analysis, our analysts are providing critical support to DoD and intelligence community partners to understand and counter the malicious code threat to national systems.

We also provide core analytical support to the Defense Industrial Base Collaborative Information Sharing Environment (DCISE), the focal point and clearinghouse for referrals of intrusion events on defense organizations' unclassified corporate networks. In this project, our analysts work with multiple DoD agencies to produce threat information products for industry partners who share relevant information to more effectively protect critical data.

We have been instrumental in building a network of more than 50 computer security incident response teams (CSIRTs) with national responsibility, and we worked with the Department of Homeland Security (DHS) to create US-CERT, work that draws on CERT/CC capabilities to help prevent cyber attacks, protect system, and respond to the effects of cyber attacks across the internet. Although the CERT Division and US-CERT are two distinct organizations, CERT staff work closely with the staff at US-CERT and have contributed content to their website, as well as the Build Security In and Software Assurance Community Resources and Information Clearinghouse websites.

Our involvement with DHS extends beyond US-CERT, however. Various agencies within DHS, as well as other government entities, regularly seek our experience and insights to assist them with projects that strengthen our nation's resistance to cyber threats.

We are also involved with the Software Engineering Institute's Smart Grid effort. This project focuses on improving the efficiency of the power grid while reducing the impact to the environment.

The CERT Mission

The CERT Division is a trusted provider of operationally relevant cybersecurity research and innovative and timely solutions to our nation's cybersecurity challenges. Through our operationally relevant cybersecurity research, innovative and timely responses to cybersecurity challenges, and broad transition to our stakeholder communities, we develop, execute, and evolve a technical agenda that brings unique solutions to cybersecurity challenges that measurably improve the security of the cyber environment.