Welcome to my webpage! Full or Non Disclosure?

 

Assistant Professor - Dakota State University

College of Business & Information Systems

East Hall 3b

605.256.5259

 

Vita

I wrote a book!  It covers the basics steps and tools needed complete a penetration test (hack).  Every wondered how the hackers do it?  What tools they use?  What order they run them in? Ever wanted to know more?  This book is a quick read and should as a great introduction to anyone who is interested in the topic but doesn't know where to start.  Takes the reader quickly from beginning to end using lots of hands on examples.  Pick it up HERE (and please leave a 5 star review if you enjoyed it!).  By the time you finish the book you'll be comfortable with the basic tools and steps needed to conduct a simple PT and you'll be armed with enough knowledge to tackle more in-depth topics, trainings, and books!  ENJOY!

Available in:  Paperback, Kindle, and Nook editions!

Engebretson

 

Research:

  • My current research involves the study and decomposition of a formalized perspective on the subject of network security attacks.  (Translation = I study various forms of offensive security, penetration testing, and hacking techniques)
    • Why? 
      • It interests me.
      • Security researchers and white hats have long been behind the 8 ball.  The lack of a formal language for properly classifying technical security attacks has limited the study, advancement, and collaboration of information amongst researchers.
    • A formalized approach utilizing a common set of descriptive schema to classify security attacks has been introduced via the CAPEC Release 1 Dictionary
      • Attack Pattern examples include:  Injection via Cross Site Scripting (XSS), Sniffing, Protocol Manipulation, Fuzzing, and Password Cracking.
      • How can we best make use of this valuable information?

 

Publications:

A. Podhradsky, P. Engebretson, J. Pauli, and K. Streff. "A Restructured Information Technology Risk Assessment Model for Small and Medium-sized Financial Institutions". Proc. of 11th Annual Hawaii International Conference on Business. May 2011. Honolulu, HI, USA.

J. Pauli, M. Ham, M. Zautke, and P. Engebretson. "CookieMonster: Automated Session Hijacking Archival and Analysis". Proc. of the 7th International Conference on Information Technology : New Generations (ITNG 2011). April 2011, Las Vegas, NV, USA

P. Engebretson, J. Burroughs, and J. Pauli. “Attack Traffic Libraries for Testing and Teaching Intrusion Detection Systems”. Proc. of Information Systems Analysis and Synthesis: (ISAS 2011). March 2011. Orlando, FL, USA.

J. Pauli and P. Engebretson. "Cradle-To-Grave Approach to Retaining Students in Information Security Programs ". Proc. of the 2010 International Conference on Security and Management (SAM'10). July 2010, Las Vegas, NV, USA

P. Engebretson, J. Pauli, and J. Bosma. "Lessons Learned From an Evolving Information Assurance Lab". Proc. of the 2010 International Conference on Security and Management (SAM'10). July 2010, Las Vegas, NV, USA

Podhradsky, P. Engebretson, Streff, Lovaas. “An Innovative Information Technology Risk Assessment Model for Small and Medium-Sized    Financial Institutions.” Hawaii International Conference on Business (HICB 2009). June 2009, Honolulu, Hawaii, USA

P. Engebretson and J. Pauli. "Leveraging Parent Mitigations and Threats for CAPEC-Driven Hierarchies". Proc. of the 6th International Conference on Information Technology : New Generations (ITNG 2009). April 2009, Las Vegas, NV, USA

P. Engebretson and J. Pauli. "Realizing Knock-Out Effect and Parent Mitigation Power for Detailed Attack Patterns: A Case Study". Proc. of the 9th IASTED International Conference on Software Engineering and Applications (SEA 2008). November 2008. Orlando, FL, USA

P. Engebretson, J. Pauli and K. Streff. "Abstracting Parent Mitigations from the CAPEC Attack Pattern Dictionary". Proc. of the 2008 International Conference on Security and Management (SAM'08). July 2008, Las Vegas, NV, USA

J. Pauli, P. Engebretson, and K. Streff. "An Ethical Network Hacking Contest for Undergraduate Student Recruitment". Proc. of the 2008 International Conference on Frontiers in Education: Computer Science and Computer Engineering (FECS'08). July 2008, Las Vegas, NV, USA

J. Pauli. "Incentive-based Technology Start-up Program for Undergraduate Students". Proc. of the 5th International Conference on Information Technology : New Generations (ITNG 2008). April 2008, Las Vegas, NV, USA

P. Engebretson and J. Pauli. "Towards a Specification Prototype for Hierarchy-Driven Attack Patterns". Proc. of the 5th International Conference on Information Technology : New Generations (ITNG 2008). April 2008, Las Vegas, NV, USA

J. Pauli and P. Engebretson. "Hierarchy-Driven Approach for Attack Patterns in Software Security Education". Proc. of the 5th International Conference on Information Technology : New Generations (ITNG 2008). April 2008, Las Vegas, NV, USA

 

Grants:

  1. Jan. 2011: PI on $1,305,565 National Science Foundation - Scholarship for Service (NSF-SFS) Scholarship Grant titled "Dakota Defenders Information Assurance Scholarship Program". [pending]

  2. Oct. 2010: PI on $10,000 Department of Homeland Security (DHS) grant for administering the 2010 North Central Region of the Collegiate Cyber Defense Competition. [awarded]

  3. Oct. 2010: PI on $15,050 Department of Homeland Security (DHS) grant for administering the 2011 North Central Region of the Collegiate Cyber Defense Competition. [awarded]

  4. Feb. 2009: Co-PI on $140,790 Department of Defense Information Assurance Scholarship Program (DoD IASP) Grant titled "Virtual Ethical Hacking".

  5. October 2008: “Principle Faculty Participant” for the “National Science Foundation 08-522 Federal Cyber Services: Scholarship for Service (SFS): Upper Midwest Information Assurance Faculty Development Project”.  Responsible for taking a lead role in the virtualization component of the information assurance lab for collaborating universities.

  6. June 2008: Awarded 2 year continuing $1,000 stipend for participating in the National Science Foundation Cyber Workshop hosted by the University of North Carolina Charlotte. The purpose of this workshop is to incorporate hands-on, lab-based exercises into the classroom to enhance students’ interest in Information Assurance. Cyber games are highly interactive, real-time simulations in which students are asked to build IT network infrastructures and services while simultaneously managing and defending against realistic cyber attacks.

  7. Oct. 2007: Awarded a $1,000.00 faculty research award as PI from the Dakota State University Faculty Research Initiative for creation of new methodology to teach and aid in the understanding of Attack Patterns.

  8. Oct. 2007: Awarded a $350.00 research award as co-PI from the Dakota State University Student Research Initiative for oversight of student research (Cody Breese - Taxation on Internet Purchases).

  9. Oct. 2006: Awarded a $350.00 research award as PI from the Dakota State University Student Research Initiative for: “Multi Factor Authentication: The Evolution of Internet Banking”

    10.