Dan Costa is the Technical Manager of the Enterprise Threat and Vulnerability Management team in the CERT Division of the Carnegie Mellon University Software Engineering Institute. Dan leads the research and engineering efforts of the Insider Risk and Applied Network Defense teams, which conduct empirical research and develop solutions that enable organizations to effectively manage insider risks and advance the state of the practice in technical cybersecurity assessments. Dan has extensive experience evaluating insider threat and cybersecurity programs, assessing organizations’ vulnerabilities to specific threats, developing and measuring the efficacy of technical and administrative controls, and insider threat program building for a multitude of government and industry organizations.

Dan has published numerous technical reports, journal articles, white papers, and blog posts, presented publicly over 100 times at academic, government and industry conferences, and received the Michael Dean Best Paper Award at the 9th International Conference on Semantic Technology for Intelligence, Defense, and Security.
Dan has over 14 years of professional experience in cybersecurity and software engineering and is a Certified Information Systems Security Professional and an IEEE Certified Professional Software Engineering Master. Dan holds a Bachelor of Science in Computer Science degree from Bucknell University and is an adjunct instructor and advisor in the H. John Heinz III College at Carnegie Mellon University.