Daniel Ryan

Juris Doctor University of Maryland 1984
Master of Business Administration California State University 1977
Master of Arts (Mathematics) University of Maryland 1971
Bachelor of Science (Mathematics) Tulane University 1966
10/12-date Law Offices of Daniel J. Ryan Pasadena, Maryland
Attorney at Law
11/04-9/12 Information Resources Management College National Defense University
Professor
6/99-11/04 Law Offices of Daniel J. Ryan Annapolis, Maryland
Attorney at Law
6/94-6/99 Science Applications International Corporation Washington, D.C.
Corporate Vice President and Division General Manager
6/93- 6/94 Central Intelligence Agency Washington, D.C.
Executive Assistant to the Director of Central Intelligence
1/92- 6/93 Department of Defense Pentagon, Washington, D.C.
Director, Information Systems Security
11/88-1/92 Booz•Allen & Hamilton Washington, D.C.
Principal
6/87-11/88 Bolt Beranek & Newman Columbia, Maryland
Director, Special Programs
8/79-6/87 TRW, Incorporated Washington, D.C.
Product Line Manager
2/78-8/79 Litton Systems College Park, Maryland
Director, Electronic Warfare Advanced Programs
11/72-2/78 Hughes Aircraft Company Los Angeles, California
Program Manager
7/66-11/72 National Security Agency Fort George Meade, Maryland
Cryptologic Mathematician
Data Systems Analyst

Professional Mathematician, Professional Computer Systems Analyst, Professional Cryptologic Mathematician 4011 Information Systems Security Professional, Certified Computer Forensics Professional Member, Maryland State Bar
Member, High Tech. Crime Investigation Assn. Member, Bar of the District of Columbia Fellow, American Academy of Forensic Sciences Member, Anne Arundel County Bar, Fellow of (ISC)2 Admitted to Practice, United States Supreme Court

DANIEL J. RYAN: ACADEMIC EXPERIENCE
2004-date National Defense University Professor (2004-2012)
Information Resources Management College Senior Fellow (2013-date)
Serve as recognized expert and professor of systems management contributing expertise in information security, information assurance, national intelligence, cryptography, network security, cyberlaw and digital forensics. Prepare curricula and instructional materials and teach in the classroom and on-line. Participate in the planning and development of courses of study. Make recommendations on course topics and content, instructional methods, and other aspects of the educational programs. Serve as research advisor to individual students on topics related to national security. Provide analyses of systems management issues significant to national security. Conduct studies, prepare papers, and give presentations in relevant areas of systems management. Serve as liaison with DoD, other government agencies and civilian institutions and businesses, as appropriate. Foster professional relationships with senior leaders in academia, industry, DoD, and other government agencies in the field of systems management.

Courses developed and taught:
Assuring the Information Infrastructure (AII) Graduate level, 3 sem. hr.
Lead professor for Assuring the Information Infrastructure (AII), a course which provides a comprehensive overview of information assurance and critical information infrastructure protection. Information assurance of information assets and protection of the information component of critical national infrastructures essential to national security are explored. The focus is at the public policy and strategic management level providing a foundation for analyzing the information security component of information systems and critical infrastructures. Laws, national strategies and public policies and strengths and weaknesses of various approaches are examined for assuring the confidentiality, integrity and availability of critical information assets. This course is appropriate for senior leaders who exploit the information component of national military and economic power. This includes--but is not limited to--federal and military information operators; Chief Information Officers; Chief Information Security Officers; military and federal personnel who develop and manage information resources; and students in Professional Military Education programs (intermediate and senior).

CyberLaw (CBL) Graduate level, 3 sem. hr.
Lead professor for CyberLaw (CBL), a course which presents a comprehensive overview of ethical issues, legal resources and recourses, and public policy implications inherent in our evolving on-line society, exploring issues faced by the Chief Information Officer and Chief Information Security Officer in executing their responsibilities for information assurance and critical infrastructure protection. The focus is at the public policy and strategic management level. The complex and dynamic state of the law as it applies to behavior in cyberspace is introduced, and the pitfalls and dangers of governing in an interconnected world are explored. Topics include intellectual property, electronic contracting and payments, notice to and consent from e-message recipients regarding monitoring, non-repudiation, computer crime and digital forensics. The course addresses the impact of ethical, moral, legal and policy issues on privacy, fair information practices, equity, content control and freedom of electronic speech using information systems. Laws, national strategies and public policies and strengths and weaknesses of various approaches are examined. This course is appropriate for senior leaders who exploit the information component of national military and economic power. This includes--but is not limited to--federal and military information operators; Chief Information Officers; Chief Information Security Officers; military and federal personnel who develop and manage information resources; and students in Professional Military Education programs (intermediate and senior).

National Intelligence and Cyber Policy (NIC) Graduate level, 3 sem. hr.
Lead professor for National Intelligence and Cyber Policy (NIC), a course that provides an overview of the cyber intelligence information and policy as an element of national power to include planning, collection, processing, analysis, dissemination and exploitation. The course describes the organizations that comprise the intelligence community and how they relate to one another, explores how the intelligence budget works and how congressional oversight provides checks and balances on the management of the intelligence community by the executive branch, and discusses the relationship between cyber intelligence and policy functions and counterintelligence functions.

1996-2004 The George Washington University Regular, Part-time Faculty
Courses developed and taught:

Internet and On-line Law Graduate level, 3 sem. hr.
This is a course for technical managers and is designed to create awareness of the ethical issues, legal resources and recourses, and policy implications inherent in our evolving on-line society. The course provides an overview of the ethical challenges faced by individuals and organizations in the information age and introduces the complex and dynamic state of law as it applies to behavior in cyberspace. It is intended to sensitize managers and computer professionals to the pitfalls and dangers of doing business in an interconnected world, and to familiarize the student with various organizations and materials that can be turned to for assistance in understanding how to ethically and legally operate and use modern computer systems and networks.

Introduction to Information Security Graduate level, 3 sem. hr.
This course presents a systems engineering approach to implementing and managing effective information security in contemporary highly networked enterprises. The course provides an overview of the security challenges faced by individuals and organizations in the information age and introduces the complex and dynamic state of information assurance in cyberspace. It is intended to sensitize managers and computer professionals to the pitfalls and dangers of doing business in an interconnected world, and to familiarize the student with various organizations and materials that can be turned to for assistance in understanding how to operate and use modern computer systems and networks securely.

Protection of Information Assets and Systems Graduate level, 3 sem. hr.
This course builds upon introductory information security concepts by delving deeper into the management challenges associated with implementing and maintaining effective protection of information assets and systems within an operational enterprise. This course covers all aspects of preventive security for information assets and systems with the exception of cryptographic applications. Since information security is a multi-disciplinary field, this course covers a variety of specialties and technologies ranging from physical security and privilege management to network security engineering and logical access control. Security concepts developed in both the Government and the private sector are included in the topics covered, as are the Bell-La Padula, Biba and Clark-Wilson mathematical models of information security.

Management of Cryptographic Systems Graduate level, 3 sem. hr.
It is the purpose of this course to provide a practical survey of the principles, best practices, policy, and management of cryptography with respect to business and government applications, and more specifically commercial computer security systems. The course covers symmetric cryptographic systems and associated problems in key management, asymmetric public key cryptographic systems, Certificate Authorities, public key infrastructures (PKI) and virtual private network (VPN) technologies. Policy issues relevant to cryptography are discussed, including key management and key recovery for national security and law enforcement purposes, privacy, and First and Fourth Amendment rights. Use of cryptography as an enabling technology for web-based transactions and electronic commerce are covered.

Detection of Vulnerabilities and Attacks Graduate level, 3 sem. hr.
This course begins with an exploration of hacking techniques and tools, and then examines defenses against hacking. Analyses for determining vulnerabilities in systems and networks are covered. Auditing and monitoring of information transactions on systems and networks are examined. Intrusion detection at both the host and the transaction levels are covered. Malicious code detection and eradication is explored.

Business Continuity Planning and Crisis Management Graduate level, 3 sem. hr.
This course identifies, examines, and integrates the diverse crisis and emergency management, disaster recovery, and organizational continuity planning and management issues facing modern organizations that rely upon information infrastructures to create, process, store and communicate information assets and intellectual capital. Basic crisis management, contingency planning, disaster recovery, business continuity/resumption, and emergency management skills are developed. The strategic importance of backups, beta sites and sound policies, practices and procedures are emphasized throughout the course. Composing, equipping and managing Computer Emergency Response Teams are explored.

Cybercrime Graduate level, 3 sem. hr.
This is a designed to familiarize the student with criminal law, criminal procedure, and digital forensics as they apply to behavior in cyberspace. It is intended to sensitize professionals to the pitfalls and dangers of criminal activity in cyberspace, and to acquaint the student with various organizations and materials that can be turned to for assistance in understanding how to recognize, detect and investigate crimes that use modern computer systems and networks. The course explores investigations of possible criminal activities on information infrastructures and the potential evidentiary issues involved in collecting, storing, analyzing and presenting digital evidence.

The Scientist/Engineer as an Expert Witness Graduate level, 3 sem. hr.
Engineers, engineering managers and professors of science or engineering increasingly find that they are needed as expert witnesses in both civil and criminal litigation involving design, development, fabrication, construction, implementation, utilization and even destruction in engineering projects and product design. Acting as an expert witness is a specialized art, and the skills that make one a good scientist or engineer are not sufficient in and of themselves to make one a good expert witness. Expert witnesses must educate and inform the jury. They must also withstand sometimes withering attacks by opposing counsel on the admissibility of the evidence or the credibility of the expert. This course introduces the strategies and tactics surrounding the use of expert witnesses in lawsuits. The relevant statutory and case law is explored. Procedures including non-deposition discovery against experts, depositions, direct examination, and cross examination are studied. Case studies and scenarios are used to work through concepts thoroughly.

2009 Oklahoma State University Adjunct Professor
Courses developed and taught:
Internet and On-line Law Mixed Graduate and
Undergraduate level, 3 sem. hr.
This is a course for technical managers and is designed to create awareness of the ethical issues, legal resources and recourses, and policy implications inherent in our evolving on-line society. The course provides an overview of the ethical challenges faced by individuals and organizations in the information age and introduces the complex and dynamic state of law as it applies to behavior in cyberspace. It is intended to sensitize managers and computer professionals to the pitfalls and dangers of doing business in an interconnected world, and to familiarize the student with various organizations and materials that can be turned to for assistance in understanding how to ethically and legally operate and use modern computer systems and networks.

2011 University of Alaska Fairbanks Adjunct Professor
Courses developed and taught:
Internet and On-line Law Mixed Graduate and
Undergraduate level, 3 sem. hr.
This is a course for technical managers and is designed to create awareness of the ethical issues, legal resources and recourses, and policy implications inherent in our evolving on-line society. The course provides an overview of the ethical challenges faced by individuals and organizations in the information age and introduces the complex and dynamic state of law as it applies to behavior in cyberspace. It is intended to sensitize managers and computer professionals to the pitfalls and dangers of doing business in an interconnected world, and to familiarize the student with various organizations and materials that can be turned to for assistance in understanding how to ethically and legally operate and use modern computer systems and networks.

1994-1996 Eastern Michigan University Adjunct Professor
Courses developed and taught:
Administration of Information Security Graduate level, 3 sem. hr.
This addresses administrative challenges associated with implementing and maintaining effective protection of information assets and systems within an operational enterprise. The course covers all aspects of preventive security for information assets and systems, including risk management, protection using policies, practices, procedures and technologies, and insurance. Since information security is a multidisciplinary field, this course covers a variety of specialties and technologies ranging from physical security and privilege management to network security engineering and logical access control. Security concepts developed in both the Government and the private sector are included in the topics covered, as are the Bell-La Padula, Biba and Clark-Wilson mathematical models of information security. Auditing, monitoring and intrusion detection are explored. Business continuity planning and crisis management are covered as well.

Invited lectures at EMU not part of courses taught:
Enhanced Human Performance on the Battlefield: Technology for Tomorrow’s Wars 1997
Government and Military Information Security 1998
Security in an Era of Globalization 2001
National Perspectives on Cybersecurity 2003

1999-2004 James Madison University Adjunct Professor
Courses developed and taught:
For the Masters Degree in Computer Science:
Internet and On-line Law Graduate level, 3 sem. hr.
This is a course for computer scientists and is designed to create awareness of the ethical issues, legal resources and recourses, and policy implications inherent in our evolving on-line society. The course provides an overview of the ethical challenges faced by individuals and organizations in the information age and introduces the complex and dynamic state of law as it applies to behavior in cyberspace. It is intended to sensitize managers and computer professionals to the pitfalls and dangers of doing business in an interconnected world, and to familiarize the student with various organizations and materials that can be turned to for assistance in understanding how to ethically and legally operate and use modern computer systems and networks.

Introduction to Information Security Graduate level, 3 sem. hr.
This course presents a systems engineering approach to implementing and managing effective information security in contemporary highly networked enterprises. The course provides an overview of the security challenges faced by individuals and organizations in the information age and introduces the complex and dynamic state of information assurance in cyberspace. It is intended to sensitize managers and computer professionals to the pitfalls and dangers of doing business in an interconnected world, and to familiarize the student with various organizations and materials that can be turned to for assistance in understanding how to operate and use modern computer systems and networks securely.

For the degree of Master of Business Administration:
Protection of Information Assets and Systems Graduate level, 3 sem. hr.
This course for business majors explores the management challenges associated with implementing and maintaining effective protection of information assets and systems within an operational enterprise. The course covers all aspects of preventive security for information assets and systems, including cryptographic systems and access control. Trustedness in computer systems and networks is addressed through studies of the Orange Book and the Common Criteria standards. Since information security is a multi-disciplinary field, this course covers a variety of specialties and technologies ranging from physical security and privilege management to network security engineering and logical access control. Security concepts developed in both the Government and the private sector are included in the topics covered, as are the Bell-La Padula, Biba and Clark-Wilson mathematical models of information security.

Detection and Correction in Information Security Graduate level, 3 sem. hr.
This course for business majors explores analyses for determining vulnerabilities in systems and networks are covered. Auditing and monitoring of information transactions on systems and networks are examined. Intrusion detection at both the host and the transaction levels are covered. Malicious code detection and eradication is explored. Basic crisis management, contingency planning, disaster recovery, business continuity/resumption, and emergency management skills are developed. The strategic importance of backups, beta sites and sound policies, practices and procedures are emphasized throughout the course. Composing, equipping and managing Computer Emergency Response Teams are explored.

Internet and On-line Law Graduate level, 3 sem. hr.
This is a course for MBA students and is designed to create awareness of the ethical issues, legal resources and recourses, and business and policy implications inherent in our evolving on-line society. The course provides an overview of the ethical challenges faced by executives and organizations in the information age and introduces the complex and dynamic state of law as it applies to behavior in cyberspace. It is intended to sensitize managers to the pitfalls and dangers of doing business in an interconnected world, and to familiarize the student with various organizations and materials that can be turned to for assistance in understanding how to ethically and legally operate and use modern computer systems and networks.

2000-2001 Utica College Adjunct Professor
Courses developed and taught:
Courses developed and taught for the Economic Crimes and Computer Forensics Programs:
Introduction to Information Security Graduate level, 3 sem. hr.
This course presents a systems engineering approach to implementing and managing effective information security in contemporary highly networked enterprises. The course provides an overview of the security challenges faced by individuals and organizations in the information age and introduces the complex and dynamic state of information assurance in cyberspace. It is intended to sensitize managers and computer professionals to the pitfalls and dangers of doing business in an interconnected world, and to familiarize the student with various organizations and materials that can be turned to for assistance in understanding how to operate and use modern computer systems and networks securely.

2003-date University of Maryland, University College Adjunct professor
Courses developed and taught:
Management of Cryptographic Systems Graduate level, 3 sem. hr.
It is the purpose of this course to provide a practical survey of the principles, best practices, policy, and management of cryptography with respect to business and government applications. The course is taught entirely on-line, and covers symmetric cryptographic systems and associated problems in key management, asymmetric public key cryptographic systems, Certificate Authorities, public key infrastructures (PKI) and virtual private network (VPN) technologies. Policy issues relevant to cryptography are discussed, including key management and key recovery for national security and law enforcement purposes, privacy, and First and Fourth Amendment rights. Use of cryptography as an enabling technology for web-based transactions and electronic commerce are covered.

Internet and On-line Law Graduate level, 3 sem. hr.
This is a course for technical managers and is designed to create awareness of the ethical issues, legal resources and recourses, and policy implications inherent in our evolving on-line society. The course provides an overview of the ethical challenges faced by individuals and organizations in the information age and introduces the complex and dynamic state of law as it applies to behavior in cyberspace. It is intended to sensitize managers and computer professionals to the pitfalls and dangers of doing business in an interconnected world, and to familiarize the student with various organizations and materials that can be turned to for assistance in understanding how to ethically and legally operate and use modern computer systems and networks.

Service on Dissertation Committees:
Barbara Endicott-Povosky (2007) A Methodology for Calibrating Forensic-Ready, Low-Layer Network Devices. University of Idaho, Moscow, Idaho.
Christopher Ralph Costanzo (2008) Long-chain molecule analog as key in secure active encoding for access control and encryption. The George Washington University, Washington, DC.
Eneken Tikk (2011) Comprehensive Legal Approach to Cyber Security. University of Tartu, Tartu, Estonia.

Other academic experience:
1994-date Curriculum development. I have served on committees responsible for developing the information security curricula for several colleges and universities. These include the National Defense University, George Washington University, Eastern Michigan University, James Madison University, The University of Maryland, Utica College, Northern Virginia Community College, Anne Arundel Community College, and Norwalk Community College.

1997-2003 The Colloquium for Information Security Education. I served for four years as a member of the Executive Committee of the National Colloquium for Information Security Education. Founded in 1997, the National Colloquium for Information Systems Security Education is one of the leading proponents for implementing courses of instruction in INFOSEC into American higher education. The Colloquium provides a forum for academia, government and industry INFOSEC experts to discuss and form needed direction in (1) INFOSEC undergraduate and graduate curricula, (2) common requirements, (3) specific knowledge, skills and abilities, (4) certification requirements, and (5) establishment of professional certification boards. I continued to serve as the organization’s General Counsel until 2009.

2002 Based inter alia on the courses I developed and taught, The George Washington University has been selected as a Center of Academic Excellence in Information Security Education by the United States Government, and the University has also been certified pursuant to the Information Assurance Courseware Evaluation Process and is authorized to issue to students completing our courses several Professional Certifications as Information Systems Security Professionals (NSTISSI 4011), Designated Approving Authorities (CNSSI 4012), Professional Administrators of Information Systems Security (CNSSI 4013), and Professional System Certifiers (NSTISSI 4015).

2006 & 2009 Based inter alia on the courses I developed and taught, the Information Resources Management College of the National Defense University has twice been renewed as a Center of Academic Excellence in Information Security Education by the United States Government, and is authorized to issue to students completing courses several Professional Certifications as Information Systems Security Professionals (NSTISSI 4011), Designated Approving Authorities (CNSSI 4012), Professional System Certifiers (NSTISSI 4015), and Professional Risk Analyst (CNSSI 4016).

2012 Working with Anne Arundel Community College, I developed and the College offered a Continuing Legal Education seminar on Cyberlaw and Digital Evidence.

DANIEL J. RYAN: SUMMARY OF EXPERIENCE
10/12-date Law Offices of Daniel J. Ryan – Daniel J. Ryan, Attorney and Counselor at Law, is a full-service law firm in general practice. Founded in 1984, the firm is located in Pasadena, Maryland. Because the firm is small, it specializes in personalized service and concentrates on providing comprehensive support to businesses and individuals. Practice areas include Internet and On-line Law, business and corporate law, corporate representation in Washington, D. C., tax matters and family matters. I also consult through Wyndrose Technical Group, Inc., on technical and management issues in information security, and I teach information security, Internet and e-commerce law and computer forensics. I serve as a Senior Fellow at the national Defense University, Washington, DC, and I teach as an adjunct professor at The George Washington University, Washington, DC. Co-author of Defending Your Digital Assets, McGraw-Hill, 2000, Cases and Materials in Cyberlaw, Wyndrose, 2001-2013, and Information Security
Source Materials, Wyndrose, 1997-2013, as well as author of numerous articles on law, information assurance, information warfare, and information technologies.

11/04-9/12 National Defense University, Information Resources Management College − Serve as recognized expert and professor of systems management contributing expertise in information security, information assurance, cryptography, network security and computer forensics. Prepare curricula and instructional materials and teach in the classroom and on-line. Participate in the planning and development of courses of study. Make recommendations on course topics and content, instructional methods, and other aspects of the educational programs. Serve as research advisor to individual students on topics related to national security. Provide analyses of systems management issues significant to national security. Conduct studies, prepare papers, and give presentations in relevant areas of systems management. Serve as liaison with DoD, other government agencies and civilian institutions and businesses, as appropriate. Foster professional relationships with senior leaders in academia, industry, DoD, and other government agencies in the field of systems management.

6/99-11/04 Law Offices of Daniel J. Ryan – Daniel J. Ryan, Attorney and Counselor at Law, is a full-service law firm in general practice. Practice areas include Internet and On-line Law, business and corporate law, corporate representation in Washington, D. C., tax matters and family matters.

6/94-6/99 Science Applications International Corporation – Strategic planning, business development, management and coordination for this Fortune 500 employee-owned high-technology company in the areas of systems integration of secure computer and telecommunications systems and networks, in development of high-quality (SEI levels 3 and 4) software, and in information technology outsourcing. Developed and provided security products and services for use in assessing security capabilities and limitations of client systems and networks, enhancing protection through a balanced mix of security disciplines, detecting intrusions or abuses, and reacting effectively to attacks to prevent or limit damage. Started and was the first Director of the Center for Information Protection providing information security services to commercial clients. Served as Division General Manager of a US$ 1.1 billion cap IDIQ program providing information security products and services to the Department of Defense and the military services, and other Federal Agencies and Departments. Chaired a Policy Expert Team developing information security policies for the United States Postal Service. Started the Center for Information Security Education providing education, training and awareness programs in risk management, computer and network security, and protection of information assets and systems.
In addition to professional responsibilities for SAIC, serve as a curriculum advisor on information security to George Washington University and James Madison University, and as an Adjunct Professor for George Washington University, Eastern Michigan University, James Madison University and the University of Maryland. Member of the Board of Directors of A Classic Sailing Adventure, a Maryland corporation which specializes in maritime leases and products. Trustee of the James E. Morgan Cancer research trust, which sponsors medical research into the causes of and potential cures for cancer. Member of the Lawyer’s Roundtable on Information Security investigating the legal and ethical issues associated with the protection of on-line privacy, data integrity and system and network availability. Member, Executive Committee, National Colloquium for Information Systems Security Education.

6/93-6/94 Central Intelligence Agency - Served the Director of Central Intelligence as Executive Director of the Joint DCI-DoD Security Commission conducting a comprehensive review of the security practices and procedures of the intelligence and defense communities, including all compartmented and collateral security programs. Considered requirements in the context of risk management for protection of intelligence sources and methods, security for Special Access Programs, secure interoperability between intelligence organizations and military operations, foreign access to sensitive industries, facilities and information, and exchanges and relationships with other nations and international entities. Examined classification, declassification, compartmentation and other controls, protection of information assets in documentary and electronic form, measures to provide for confidentiality, integrity, and availability of information, and the impact of security procedures on the timeliness, accessibility and usefulness of sensitive information to consumers. Special attention devoted to personnel security programs, including investigations, adjudications, and appeals, use of the polygraph, and establishment of common counterintelligence and security databases. Analyzed requirements for physical and technical security of facilities, equipment, and information, as well as for protection of personnel and infrastructure against terrorist and criminal activity. Final report Redefining Security provided to Secretary of Defense and DCI on March 1, 1994.

1/92- 6/93 Department of Defense - Director of Information Systems Security for the Office of the Secretary of Defense. Principal technical advisor to the Secretary of Defense, the ASD(C3I) and the DASD(CI & SCM) for all aspects of information security. Managed information security policy for the Department of Defense and allocation of over US$ 1.8 billion to create, operate and maintain secure computers, systems and networks. Specific areas of responsibility spanned information systems security (INFOSEC), including classification management, communications security (COMSEC), computer security (COMPUSEC) and transmission security (TRANSEC), as well as TEMPEST, technical security countermeasures (TSCM), operational security (OPSEC), port security, overflight security and counterimagery. Chaired several working groups and represented DoD, the ASD(C3I) and the DASD(CI & SCM) on a variety of panels and committees, including the Technical Security Committee of the Advisory
Group/Security Countermeasures, the Network Security Information Exchange, the Interagency Committee on Real Estate Acquisitions, and the Subcommittees on Telecommunications Security and Information Systems Security of the National Security Telecommunications and Information Systems Security Committee (NSTISSC).

11/88-1/92 Booz•Allen & Hamilton - Consultant in the areas of strategic planning, systems design and operations, data processing and telecommunications. Assessed the rapidly changing geopolitical scene and planned the evolution of client and Corporate programs given the world situation, technological progression, and expected limitations on budgets. Investigated telecommunications support and connectivity within wide-area networks and devised an extremely low-cost, low-risk approach to expanding capabilities to accomplish bulk data transfers, send and receive message traffic world-wide, and take advantage of redundant and back-up communications capabilities. Chaired a committee of senior Government and industry personnel that analyzed the functions and processes of a worldwide distributed data collection, processing and reporting system, devising a new open architecture for future development. Managed proposal efforts resulting in the award of over US$10 million contract for analysis, technical support and training to the Government.

6/87-11/88 Bolt Beranek & Newman - Managed BBN's US$ 10 million hardware and US$ 8 million professional engineering and support services business supplying secure wide-area networks to Government agencies responsible for telecommunications, including network design, topological analyses of packet switching, circuit switching and integrated voice-over-data networks, and implementation of network management protocols and capabilities. Developed computer and network security and telecommunications privacy for protection against viruses and similar technological dangers that can be propagated on networks. Responsible for business planning, budgeting, sales forecasting, and strategic planning functions.

8/79-6/87 TRW, Incorporated - Technical support in operations analysis, systems engineering and integration, program development, and management of senior analysts in developing and exploiting product applications. Washington, D.C. representative of the Systems Development Division responsible for strategic planning for Division activities in support of the United States Government, for identification of possible acquisitions that would expand the capabilities of the Division or of TRW in supporting the Government with computer-based systems, for business development, and for liaison with other companies pursuing similar lines of work.

2/78-8/79 Litton Systems - Managed the Corporation's US$ 30 million business in defensive electronic systems, including avionics, fixed and mobile landbased electronic systems, and shipborne electronics. Supervised highly competitive proposal efforts and managed research and development programs generating new hardware and software. Responsible for business planning and for budgeting for Bid & Proposal, research and development of new products, and technical marketing.

11/72-2/78 Hughes Aircraft Company - Managed mathematicians, engineers and computer scientists in deriving system requirements, contracting for development and support, performing acceptance testing on delivered hardware and software, integrating delivered products, and managing the operation of computer-based systems. Project and program development responsibilities for sophisticated data reduction systems.

7/66-11/72 National Security Agency - Responsible for designing and implementing computer processing systems for obtaining and analyzing data on the characteristics of advanced electronic and communication systems. Advisor to the Commander of the Pacific Command Electronic Intelligence Center evaluating his data processing architecture and designing an integrated, on-line system to modernize and expand the Center's capabilities.

Other service:
Member of the Board of Directors, Wyndrose Technical group, Inc.
Member, Board of Directors, A Classic Sailing Adventure, Inc.
General Counsel, (ISC)2 Board of Directors
General Counsel, Colloquium for Information Systems Security Education
Emeritus Member, Executive Committee, Colloquium for Information Systems Security Education
Planning Committee Chair, Digital & Multimedia Science Section, American Academy of Forensic Sciences
Trustee, James E. Morgan Cancer Research trust
Member, Lawyer’s Roundtable on Information Security
Member, Senior Advisory Board, AOC
Member, Government and Industry Liaison Committee for GOVSEC
Adjunct professor, The George Washington University
Adjunct Professor, Eastern Michigan University
Adjunct professor, James Madison University
Adjunct Professor, Utica College, Syracuse University
Adjunct Professor, University of Maryland University College
Adjunct Professor, University of Alaska Fairbanks
Adjunct Professor, Oklahoma State University

Awards
1994 National Intelligence Medal of Achievement. In accordance with Director of Central Intelligence Directive 7/1, “The National Intelligence Medal of Achievement may be awarded for especially meritorious conduct in the performance of outstanding service to the United States by a member of the Intelligence Community. This award recognizes performance of an especially difficult duty in a clearly exceptional manner. The service being recognized must relate directly to the Intelligence Community's mission to provide the intelligence required for national security policy determinations.”

2000 The George Washington University INFOSEC Achievement Award. Other recipients include David Elliott Bell of the Bell-LaPadula model and Dorothy Denning.

2005 William Hugh Murray Founders Award, Colloquium for Information Systems Security Education. Named for its first recipient, the award recognizes a lifetime of achievements in information assurance serving the public and private sectors and academia. Former recipients of the award include Richard Clarke, Michael Jacobs and Gene Spafford.

2007 Fellow of ISC2. The award was granted by the Board of Directors of the International Information Systems Security Certification Consortium, Inc., the non-profit corporation which manages the Certified Information Systems Security Professional certificate. According to the ISC2 website, "The Fellow of (ISC)² was established to honor and distinguish a select number of elite information security professionals who have made outstanding contributions throughout their careers to the information security profession." Other Fellows include Professor William “Bill” J. Caelli, PhD, Queensland University of Technology, Lynn McNulty, Dr. Fredrick B. Cohen, Dr. Ronald L. Rivest, Dr. Whitfield Diffie, Dr. Corey Schou, and others.

2013 Joint Meritorious Civilian Service Award. Chairman of the Joint Chiefs of Staff, Department of Defense. “Doctor Daniel J. Ryan distinguished himself by exceptionally meritorious service while serving as Professor, Cyber Integration and Information Operations Department, iCollege, National Defense University from November, 2004 through September, 2012. As a senior National Defense University faculty member, Dr. Ryan made lasting contributions to the intellectual life and educational experience of the iCollege and the National Defense University. His reputation as a leader in the fields of cyberspace operations strategy and cyber law enhanced the learning climate and academic reputation of the University and Joint Professional Military Education. In service to the college, he has hosted countless interagency visitors, conducted senior symposia, and has been a featured speaker at numerous domestic conferences and international seminars. The distinctive accomplishments of Dr. Ryan reflect great credit upon himself and the Department of Defense. Martin E. Dempsey, Chairman of the Joint Chiefs of Staff”

2013 Certified Computer Forensics Professional. International Information Systems Security Certification Consortium. “The CCFP credential indicates expertise in forensics techniques and procedures, standards of practice, and legal and ethical principles to assure accurate, complete and reliable digital evidence admissible to a court of law. It also indicates the ability to apply forensics to other information security disciplines, such as e-discovery, malware analysis, or incident response.”

2014 Fellow, American Academy of Forensic Sciences. Named Fellow at the 66th Annual Convention, Seattle, Washington.

DANIEL J. RYAN: DETAILS OF EXPERIENCE
2012-date Law Offices of Daniel J. Ryan
Pasadena, Maryland
After eight years at NDU, I elected to return to the practice of law, consulting, teaching and writing. My law practice is small, so I can focus on personalized service and concentrate on providing comprehensive support to my clients, which include both businesses and individuals. My practice areas include Internet and on-line law, business and corporate law, corporate representation in Washington, D. C., tax matters and family matters. I especially like working with high-tech startups, helping them grow and, in some cases, to position themselves for a sale or an IPO. Also, working through Julie’s small, woman-owned corporation, Wyndrose Technical Group, Inc., I consult on technical and management issues in information security. I teach as an adjunct professor for The George Washington University in Washington, DC.

11/04-9/12 National Defense University
Information Resources Management College
Washington, D. C.
Having taught for ten years as an adjunct professor for Eastern Michigan University, George Washington University, James Madison University, Utica College of Syracuse University, and University of Maryland University College, and served as an advisor on information security curricula at those universities as well as Northern Virginia Community College and Norwalk Community College, I decided to accept a position as a full-time professor at the National defense University.
I serve as recognized expert and professor of systems management contributing expertise in information security, information assurance, cryptography, network security and computer forensics. I prepare curricula and instructional materials and teach in the classroom and on-line. Participate in the planning and development of courses of study. I make recommendations on course topics and content, instructional methods, and other aspects of the educational programs. I also serve as research advisor to individual students on topics related to national security. I provide analyses of systems management issues significant to national security. I conduct studies, prepare papers, and give presentations in relevant areas of systems management.
I also serve as liaison with DoD, other government agencies and civilian institutions and businesses, as appropriate. And I foster professional relationships with senior leaders in academia, industry, DoD, and other government agencies in the field of systems management.

1999-2004 Law Offices of Daniel J. Ryan
Annapolis, Maryland
After five years at SAIC, I elected to leave in order to practice law, consult, teach and write. With my wife Julie and our friend Randy Nichols, I published our first book, Defending Your Digital Assets (McGraw- Hill, 2000) covering all aspects of our systems approach to information assurance. I focus on personalized service and concentrate on providing comprehensive support to my clients, which include both businesses and individuals. My practice areas include Internet and on-line law, business and corporate law, corporate representation in Washington, D. C., tax matters and family matters. Also, working through Julie’s small, woman-owned corporation, Wyndrose Technical Group, Inc., I consult on technical and management issues in information security.
In addition to my professional responsibilities, I have been appointed a regular, part-time faculty member at George Washington University, a Member of the Faculty at James Madison University, and I serve as a curriculum advisor on information security to George Washington University, James Madison University, the University of Maryland, Northern Virginia Community College and Norwalk Community College. I teach information security and Internet and On-Line Law for George Washington University, Eastern Michigan University, James Madison University, and in the Computer Forensics Program at Utica College of Syracuse University. I am a Member of the Boards of Directors of Wyndrose Technical Group, Incorporated and A Classic Sailing Adventure, a Maryland corporation that specializes in maritime leases and products. I served as a Trustee of the James E. Morgan Cancer research trust that sponsors medical research into the causes and potential cures for cancer. I am a Member of the Lawyer’s Roundtable on
Information Security investigating the legal and ethical issues associated with the protection of on-line privacy, data integrity and system and network availability. I am a member of the High Technology Crime Investigations Association, the Security Affairs Support Association and the American Society for Industrial Security. I also served as a member of the Executive Committee of the National Colloquium for Information Systems Security Education.

1994-1999 Science Applications
International Corporation
Washington, D. C.
After serving the Director of Central Intelligence and Secretary of Defense for a year as the Executive Secretary and Staff Director for the Joint DoD-DCI Security Commission (described below), I was offered the opportunity to return to private industry as Corporate Vice President of this US$ 4+ billion high-technology research and development and systems integration company. My role at SAIC was in strategic planning, management and coordination in the areas of integrating secure computer and telecommunications systems and networks and in development of high-quality (SEI-3 and 4) software. I also helped develop and provide security products and services for use in assessing security capabilities and limitations of client systems and networks, enhancing protection through a balanced mix of security disciplines, detecting intrusions or abuses, and reacting effectively to attacks to prevent or limit damage. I opened and served as the first Director and General Manager of the Center for Information Protection, managing the Corporation’s contracts on behalf of commercial clients assessing the security capabilities and limitations of their local and wide area systems and networks, providing recommendations for improvements to system and network architectures to increase security, enhancing protection through the application of a balanced mix of security disciplines and countermeasures, detecting intrusions from outside or abuses by those with authorized access to the systems and networks, and reacting effectively to attacks to prevent or limit damage. My clients included banks, insurance companies, entertainment companies and organizations in the health care community. On behalf of the United States Postal Service, I chaired the Security Policy Expert Team developing information security policies for the Service’s planned participation in electronic commerce. As Division General Manager of the Government-Wide Information Systems Security Program, an IDIQ contract with a cap of over US$ 1.1 billion, I directed, managed and coordinated the efforts of three Sectors of SAIC and twenty subcontractors helping our Government customers establish, standardize and implement common information security programs; improve security management to minimize costs, eliminate redundancies, and allocate resources efficiently; foster interoperability; develop security architectures and standards for certification and accreditation of systems and networks; create a viable multilevel secure infrastructure; ensure timely dissemination of threat and vulnerability information; engineer secure information systems and networks; perform risk management assessments and analyze consequent security requirements; support the creation and operation of teams to respond to security incidents; and define and implement training, awareness and professionalization programs for Government managers and security officers. Working with three universities, I created and serve as the Director of SAIC’s Center for Information Security Education. The Center, in partnership with the universities, sponsors three Master's Degree programs in information security, and offers a variety of non-degree seminars and courses for executives and professionals in topics concerning the protection of information assets and systems. Through the Center, graduate students will be able to serve internships at SAIC and visiting professors will be able to work with SAIC professionals on real-world information security projects. The Center also supports research and development of products and new technologies for delivering information security education, including distance learning, just-in-time teaching, and interactive computer-based courses and programs.

1993-1994 Central Intelligence Agency
Washington, D.C.
After eighteen months at the Pentagon, I was contacted by the Director of Central Intelligence and asked to become his Executive Assistant with initial responsibility for managing the Joint DCI-DoD Security Commission. As Executive Director of the Commission, I managed twenty senior staff personnel supporting ten Commissioners. During the period from June, 1993 to June, 1994, the JSC conducted a comprehensive review of the security practices and procedures of the intelligence and defense communities, including threat analysis, classification, information systems, personnel, physical, technical, operational, industrial, international and related security domains. All compartmented and collateral security programs were included.
Among the factors the Commission took into account were the need for an effective flow of information and for compatibility between military and commercial technologies, the relationship between threat assessments and security programs, the emergence of new systems of communications and information, the soundness and cost-effectiveness of security practices, new security countermeasures methods and technologies, and fiscal constraints.
The Commission also considered various security issues such as identification of data, activities and people needing special protection in the context of risk management, protection of intelligence sources and methods, security for Special Access Programs, foreign access to sensitive industries, facilities and information, exchanges and relationships with other nations and international entities, the involvement of policy makers, commanders and other users in security policy formulation, execution and resource management, and exchange of personnel and information across government, industry, and academia. We examined classification, declassification, compartmentation and other controls, protection of information assets in documentary and electronic form, measures to provide for confidentiality, integrity, and availability, the impact of security procedures on the timeliness, accessibility and usefulness of sensitive information to consumers, and related information security matters.
A hard look was taken at personnel security programs, including investigations, adjudications, and appeals, Special Access determinations, use of the polygraph; and establishment of common counterintelligence and security data bases. We also examined requirements for physical and technical security of facilities, equipment, and information, as well as for protection of personnel and infrastructure against terrorist and criminal activity. Finally, the Commission reviewed cross-discipline management, career paths and inter-agency assignments, training, research and development, the practices and procedures for providing intelligence, counterintelligence, and law enforcement information to policy makers, commanders and other users, procedures that link security measures and costs to threat
assessments and risks of disclosure. I also performed a wide variety of special highly-classified assignments for the DCI, and advised him on matters related to intelligence, counterintelligence and security countermeasures.

1992-1993
Department of Defense
OSD(C3I)/ODASD(CI & SCM)
Washington, D.C.
Director, Information Systems Security
In late 1991, after serving for three years as a consultant to the Government with Booz•Allen & Hamilton, I was asked by the Deputy Assistant Secretary of Defense (Counterintelligence and Security Countermeasures) to return to the Government as the Director for Information Systems Security for the Office of the Secretary of Defense (C3I). In this role, I was the principal technical advisor to the Secretary of Defense, the ASD(C3I) and the DASD(CI & SCM) for all aspects of information security. My responsibilities included managing a group of senior Government civilians and military personnel writing information security policy for the Department of Defense and allocating over US$ 1.8 billion among NSA, DISA, the military services and other DoD components to create, operate and maintain secure computers, systems and networks. Specific areas of my responsibility spanned information systems security (INFOSEC), including classification management, communications security (COMSEC), computer security (COMPUSEC) and transmission security (TRANSEC), as well as TEMPEST, technical security countermeasures (TSCM), operational security (OPSEC), port security, overflight security and counterimagery. I chaired the Multilevel Security Working Group and the INFOSEC Issues Working Group, and I represented DoD, the ASD(C3I) and the DASD(CI & SCM) on a variety of panels, committees and working groups, including the Technical Security Committee of the Advisory Group/Security Countermeasures, the Network Security Information Exchange, the Interagency Committee on Real Estate Acquisitions, and the Subcommittees on Telecommunications Security and Information
Systems Security of the National Security Telecommunications and Information Systems Security Committee (NSTISSC).
The mandate of my Directorate was to protect the confidentiality, integrity and availability of DoD information, ncluding safeguarding information, computers and communications systems against sabotage, tampering, denial of service, espionage, fraud, misappropriation, misuse, or release to unauthorized persons. To accomplish this, I developed strategic plans for Counterintelligence & Security Countermeasures, and for my own organization. I also appeared personally before various committees and subcommittees of Congress that have oversight of information security and other programs in my area of responsibility. I recommended objectives, plans, policies and developed the means to verify the responsiveness of DoD Components to national and DoD policies. My group formulated, prepared and coordinated DoD Directives, Instructions and other policies dealing with all aspects of information and operational security and other assigned programs. We provided oversight with technical emphasis to assure uniform and effective DoD implementation of security requirements.

1988-1992
Booz•Allen & Hamilton
Washington, D.C.
Principal
After eighteen months of managing a communications business area for BBNCC, I was contacted by a long-time friend and colleague in the United States Government and asked if I would serve as a special consultant to a Government Program. My experience in the areas of strategic planning, multi-system operations and coordination, data processing and telecommunications were needed by the Program Office in assessing the Program's applicability within the rapidly changing geopolitical scene and in planning the evolution of the Program given the world situation, technological progression, and expected limitations on Government budgets. I joined Booz•Allen & Hamilton as a Principal in order to provide these consulting services.
As consultant to the Government, I have managed several efforts on behalf of the Program Office:
- I spent most of six months in Europe evaluating the utility of the Program to agencies and organizations in the European community and assessing the potential impact of the European Economic Community changes in 1992, the realignment of Eastern Europe, and the changing U.S. commitment to Europe;
- I evaluated the telecommunications support provided to the Program and its connectivity within the wide-area networks used by the Program and devised an extremely low-cost, low-risk approach to expanding the capabilities of the Program to accomplish bulk data transfers, send and receive message traffic world-wide, and take advantage of redundant and back-up communications capabilities.
- I chaired a committee of senior Government and industry personnel that analyzed the functions and processes of a world-wide distributed data collection, processing and reporting system and devised a new open architecture approach for future development.
In addition to my services to the Government, during this period:
- I managed a proposal effort resulting in the award of a US$10 million contract to Booz•Allen & Hamilton for analysis, technical support and training to the Government;
- I sought and obtained a contract for US$850K to cover my own efforts and those of my staff on behalf of the Government;
- I obtained a US$ 300K extension of Booz•Allen & Hamilton's Test Engineering contract with the Government for independent testing of systems upgrades to computer processing networks: and
- I evaluated the potential for government-sensitive consulting support and technology development in Europe, supporting the strategic planning of Booz•Allen & Hamilton in this dynamic market.

1987-1988 BBN Communications Corporation
A subsidiary of Bolt Beranek and Newman, Inc.
Columbia, Maryland
Director, Special Programs
In June of 1987, I was recruited by the VP of Government Systems to manage BBN's business supplying secure wide-area networks to several United States Government agencies responsible for telecommunications. During the Company's fiscal year that ended July 1, 1988, my Columbia, Maryland based organization produced US$ 10 million in hardware sales ($4 million more than forecast when I took charge), and US$ 8 million in professional engineering and support service revenues, totaling about 15% of BBN Communication's US$ 121 million total revenues Operating as an independent Department within Government Systems, the activities of my business included network design, topological analyses of packet switching, circuit switching and integrated voice-over-data networks, and implementation of network management protocols and capabilities. We were especially concerned with computer (Orange Book) and network (Red Book) security, both from the standpoint of data and telecommunications privacy and with regard to protection against viruses and similar technological dangers that could be propagated on telecommunications networks. As an OEM, I supplied hardware and software for communications networks, and I provided engineering and field service support for installing, operating and maintaining our networks. As business area manager, I was personally responsible for business planning, budgeting, sales forecasting, and strategic planning functions.

1979-1987 Systems Development Division
Defense Systems Group
TRW, Inc.
Washington, D.C.
Product Line Manager (82-87)
Senior Project Engineer (79-82)
I joined this US$ 300 million Los Angeles-based Division of the US$ 6 billion aerospace conglomerate in September of 1979. As a Senior Project Engineer in Washington, D.C., I was assigned as a special advisor to the Program Manager of a United States Government program worth over US$120 million in data processing systems and services to SDD. I provided technical support in operations analysis, systems engineering, and program development, and I managed the efforts of several senior analysts in developing and exploiting product applications. In 1983, I was asked to assume duties as the Washington, D.C. representative of the Systems Development Division reporting directly to the Vice President and General Manager of SDD. In this role, I was responsible for strategic planning for the Division with regard to all activities in support of the United States Government, for identification of possible acquisitions that would expand the capabilities of the Division or of TRW in supporting the Government with computer-based systems, for business development, and for liaison with other companies doing similar kinds of business with the Government.

1978-1979
AMECOM Division
Litton Systems, Inc.
College Park, Maryland
Director, EW Advanced Programs
In February of 1978, I joined Litton AMECOM, reporting to the Director of Advanced Programs, to manage the Corporation's US$ 30 million business in defensive electronic systems. My responsibilities included applications in avionics, fixed and mobile landbased electronic systems, and shipborne electronics. I supervised the efforts of three senior managers responsible for obtaining highly competitive contracts, and I managed the Independent Research and Development (IRAD) programs generating new hardware and software applications - for example, Bragg cell receivers to replace older instantaneous frequency measurement (IFM) receivers in use in AMECOM systems, and thin film technology for engineering development of new systems. We provided technical support to marketing and managed all proposal efforts for my business area. As Director, I was responsible for business planning and for budgeting for Bid & Proposal, IRAD and technical marketing.

1972-1978
Strategic Systems Division
Hughes Aircraft Company
Los Angeles, California
Program Manager (77-78)
Section Head (75-77)
Group Head (73-75)
MTS (72-73)
I left the Government in November of 1972 to join Hughes Aircraft Company as a Member of the Technical Staff in the Division that supplied large computer-based systems. For four years I served in increasingly responsible management positions on a US$ 540 million project, first performing technical feasibility analyses, then heading a Group of three that developed software for the project and eventually a systems engineering Section of twelve acquiring both hardware and software for integration into the system being developed. The mathematicians, engineers and computer scientists that reported to me were responsible for the technical direction of a US$ 10 million per year ($6 million O&M, $4 million evolutionary development) subcontract for one of two key functional subsystems of the program. We derived requirements for the subsystem from the higher-level system requirements, contracted for development and support, performed acceptance testing on delivered hardware and software, integrated the delivered products into the larger system, and managed the operation of the system for the customer. During this period, I also had project and program development responsibilities on individual programs ranging in value up to US$ 3.5 million, including supervision of the development of sophisticated data reduction systems combining analog and digital technologies. I personally served a proposal manager on two multi-million dollar proposal efforts, and managed an organization responsible for feasibility analyses, marketing, material and equipment sizing, and specification of requirements. I participated in fact-finding and negotiations with both customers and subcontractors for providing new or improved hardware or software systems, subsystems and components. At the end of my fourth year at Hughes, I was named Program Manager responsible for the design, development and implementation of a data processing system for interactive analysis in a van-mounted minicomputer system. My program team developed highly-sophisticated software for narrow-band and wide-band signals analyses using this system. I delivered a fully operational system on-time and within budget.

1966-1972
National Security Agency
Fort George G. Meade, Maryland
Data Systems Analyst(Hawaii) (71-72)
Group Leader (70-71)
Cryptologic Mathematician (69-70)
Data Systems Intern (66-69)
I was recruited as a new college graduate by the National Security Agency and began at Fort Meade in July of 1966 as a Data Systems Intern, a position that was designed to teach me computer science and applications as developed by and employed at the Agency. For three years I changed offices regularly, working on a variety of problems in scientific programming in several languages (FORTRAN, COBOL, ALGOL, SIMSCRIPT, assembly and machine) and on numerous types of computers (IBM, Burroughs, CDC, UNIVAC, DEC). Following completion of my internship, I was given responsibility for a Group of programmer mathematicians designing and implementing computer processing systems for obtaining and analyzing data on the characteristics of advanced electronic and communication systems. We were able to reduce processing time to one-half and throughput time to one-quarter of previous values in routine production. We introduced a multi-program (ten initially, growing to twenty-eight separate programs) system to provide interactive data analysis and exploitation, including system simulation, aiding the orchestration of data collection by widely separated systems employing diverse technologies. And we automated data collection to provide computerized analysis capability as part of the management planning cycle. In mid-1971, I was assigned as an advisor to the Commander of the Pacific Command Electronic Intelligence Center (PEC -- later the Intelligence Center Pacific or IPAC). There I evaluated the entire data processing architecture and designed an integrated, on-line system to modernize and expand the Center's capabilities for obtaining, transmitting and analyzing electronic intelligence (ELINT) data. I provided advice and technical guidance to Center personnel concerning data processing problems, systems analysis and systems engineering, and computer science applications relevant to the Center's mission. I was also responsible for maintaining liaison on data processing and telecommunications systems and technologies with other organizations in the Pacific basin and throughout the continental United States.

Books, Chapters, Materials, Papers and Presentations
Books
Randall K. Nichols, Daniel J. Ryan & Julie J.C.H. Ryan (2000) Defending Your Digital Assets, New York: McGraw-Hill.
Daniel J. Ryan, Ed., (1994) Redefining Security, Washington, DC: Joint Security Commission.
Book Chapters
Julie Ryan & Daniel Ryan (2013) “Neutrality in the Context of Cyberwar.” in Matthew Warren, Case Studies in Information Warfare and Security. Reading, UK: Academic Conferences and Publishing International Limited.
Baker, David W., Brothers, Samuel I., Geradts, Zeno J., Lacey, Douglas S. Nance, Kara L., Ryan, Daniel J.,
Sammons, John E, and Stephenson, Peter (2012) “Digital Evolution: History, Challenges and Future
Directions for the Digital and Multimedia Sciences Section.” In Douglas H. Ubelaker, Ed. (2012) Global Forensic Science: Current Issues - Future Directions. Colorado Springs: American Academy of Forensic Sciences.
Julie J. C. H. Ryan, Daniel J. Ryan & Eneken Tikk (2010). “Cybersecurity Regulation: Using Analogies to
Develop Frameworks for Regulation.” In Eneken Tikk & Anna-Maria Talihärm (Ed.), International Cyber
Security: Legal & Policy Proceedings. (pp. 76-99). Tallinn, Estonia: Cooperative Cyber Defence Center of Excellence.
Daniel J. Ryan (1998) “INFOSEC and INFOWAR: Considerations for Military Intelligence” in Oceana
Publications, Cybercrime and Security. New York: Oxford University Press.
Daniel J. Ryan & Julie J.C.H. Ryan (1996) “Protecting the National Information Infrastructure Against
Infowar.” in Winn Schwartau, Information Warfare, 2nd. Ed. New York: Thunder’s Mountain Press.
Materials
Daniel J. Ryan , Robert Shepherd, Jr., Julie J.C.H. Ryan & Enneken Tikk (2000-2013) Cases and Materials on CyberLaw, DVD, Pasadena, MD: Wyndrose Technical Group.
Daniel J. Ryan & Julie J. C. H. Ryan (2013-2014) Cases and Materials on Scientific and Digital Evidence, DVD, Pasadena, MD: Wyndrose Technical Group.
Daniel J. Ryan & Julie J.C.H. Ryan (1996-2013) Information Security Source Materials, DVD, Pasadena,
MD: Wyndrose Technical Group.
Journals
Co-Editor (with Dr. Julie J. C. H. Ryan), The George Washington University Journal of Information
Security. Washington, DC: The George Washington University.
Papers (not including classified papers)
Peer reviewed journals and conference proceedings:
Daniel J. Ryan & Julie J. C. H. Ryan (2012) Attribution : Accountability for Cyber Incidents. Proceedings of the 7th International Conference on Information Warfare and Security, pp. 265-271. Seattle, WA: University of Washington.
Julie J. C. H. Ryan & Daniel J. Ryan. (March, 2011) Neutrality in the Context of Cyberwar. Proceedings of the 6th International Conference on Information Warfare and Security, pp. 221-7. George Washington University, Washington, DC, USA.
Julie J.C.H. Ryan, Thomas A. Mazzuchi, Daniel J. Ryan, Juliana Lopez de la Cruz, and Roger Cooke (April, 2012) Quantifying Information Security Risks Using Expert Judgment Elicitation. Computers & Operations Research, Vol. 39, No. 4, Elsevier, pp. 774-784.
Daniel J. Ryan , Maeve Dion, Eneken Tikk & Julie J. C. H. Ryan (Summer, 2011) International Cyberlaw: A Normative Approach. Georgetown Journal of International Law, Vol. 42, No. 4, pp. 1161-1197.
Kara Nance & Daniel J. Ryan (January, 2011) Legal Aspects of Digital Forensics: A Research Agenda.” Proceedings of the 44th Hawaii International Conference on Systems Sciences, pp. 1-6.
Julie J. C. H. Ryan & Daniel J. Ryan. (Sep/Oct 2008) Performance Metrics in Information Assurance Management. IEEE Security & Privacy Magazine, Vol. 6, No. 5, pp. 38-44.
Julie J. C. H. Ryan & Daniel J. Ryan. (June, 2008) Biological Systems and Models in Information Security.
Proceedings of the 12th Colloquium for Information Systems Security Education.
Julie J. C. H. Ryan & Daniel J. Ryan. (November, 2006) Expected Benefits of Information Security Investments. Computers and Security, Vol. 25, Issue 8. Amsterdam: Elsevier. Pages 579-588.
Mary L. Polydys, Daniel J. Ryan & Julie J. C. H. Ryan (2006) Best Software Assurance Practices in Acquisition of Trusted Systems. Proceedings of the 10th Colloquium for Information Systems Security Education, University of Maryland, University Collage, Adelphi, MD June 5-8, 2006
B. Endicott-Popovsky, D. Ryan & D. Frincke. (September, 2005) The New Zealand Hacker Case: A Post
Mortem. Proceedings of the Oxford Internet Institute Cybersafety Conference. Oxford, England: Oxford University.
Daniel J. Ryan & Julie J. C. H. Ryan. (January, 2006) Daubert and Digital Forensics. Proceedings of the 2006 Cybercrime Conference. Palm Harbor, Florida: DoD Cyber Crime Center and Joint Task Force –
Global Network Operations.
Julie J. C. H. Ryan & Daniel J. Ryan. (2005) Proportional Hazards in Information Security. Risk Analysis:
An International Journal, Vol. 25, No. 1, Society for Risk Analysis.
Daniel J. Ryan (January, 2003) Product Liability for Security Software. IEEE Security & Privacy Magazine, Vol. 1, No. 1.
Daniel J. Ryan & Gal Schpantzer (September 23-25, 2002 ) Forensic Readiness. Proceedings of the
Forensics Workshop, University of Idaho, Moscow, Idaho.
Daniel J. Ryan & Paul Proctor (December 19, 1995) Risk Management and Information Security.
Proceedings: 11th Computer Security Applications Conference, New Orleans, Louisiana.
Daniel J. Ryan (December, 1993) Evaluation, Certification and Accreditation of Computer Systems and
Networks. Journal of the Information Systems Security Association, Vol. 1, No. 1.
Daniel J. Ryan (Summer, 1984) The Work of the Court of Appeals: A Statistical Miscellany. 43 Md. L. Rev.
863.
Non-peer reviewed articles
Daniel Ryan & Jolly Sienda (Oct. 17, 2011) How Prepared Will You Be for the Next Cyberrevolution?
Homeland Security Today. http://www.hstoday.us/blogs/best-practices/blog/how-prepared-will-you-bewhen-
the-next-cyberrevolution-occurs/d43bf7f3dc47c84ffd4822f40d9056cb.html
Daniel J. Ryan & Julie J.C.H. Ryan (Winter, 2006) “he Perfect Graduate. The Information Leader: A
Quarterly Journal on Information Trends, Vol. 12, No. 1, Washington, DC: Information Resources
Management College.
Mary Linda Polydys & Daniel J. Ryan (Fall, 2006) “nformation Resources Management: The Key to
Effective Government and National Security. The Information Leader: A Quarterly Journal on Information
Trends, Vol. 11, No.4. Washington, DC: Information Resources Management College.
Daniel J. Ryan “Get the Picture”, Federal Computer Week, Apr. 30, 2001
Daniel J. Ryan “Reality Check”, Federal Computer Week, Apr. 16, 2001
Daniel J. Ryan “How to Protect Your Laptop”, Federal Computer Week, Oct. 16, 2000
Daniel J. Ryan “Warding Off PC Spies, Federal Computer Week, Aug. 7, 2000
Daniel J. Ryan “Cookies: Trick or Treat”, Federal Computer Week, June 19, 2000
Daniel J. Ryan “Old-Fashioned Hacker Deceit”, Federal Computer Week, May 29, 2000
Daniel J. Ryan “Spotting Mischief”, Federal Computer Week, Apr. 24, 2000
Daniel J. Ryan “Making Passwords Secure”, Federal Computer Week, Apr. 10, 2000
Daniel J. Ryan “The Composition Problem”, Federal Computer Week, March 20, 2000
Daniel J. Ryan (February, 1999) Business Value and Third-Generating Outsourcing. Science Applications
International Corporation.
Daniel J. Ryan & Julie J.C.H. Ryan (September, 1998) Protection of Information: The Lessons of History.
Colloquy, Vol. 19, No. 3, Security Affairs Support Association.
Daniel J. Ryan & Julie J.C.H. Ryan (July, 1996) Protecting the National Information Infrastructure against
INFOWAR. Colloquy, Vol. 17, No. 1, Security Affairs Support Association.
Daniel J. Ryan (May, 1993) Economic Implications of Information Security Failures. Colloquy, Vol. 14,
No. 1, Security Affairs Support Association.
Daniel J. Ryan (1989) A White Paper on Prototyping: A New System Acquisition Methodology. Booz Allen
& Hamilton White Paper Series.
Daniel J. Ryan (1971) “Cohn-Vossen’s Extension of the Gauss-Bonnet Theorem to Non-Compact Spaces”,
Master’s Thesis, University of Maryland.
Daniel J. Ryan (1969) “The Angle Between PRI-Ambiguity Isochrones”, Cryptologic Mathematician
Certification Program, National Security Agency.
Daniel J. Ryan (1969) “Random Number Generators”, Data Systems Certification Program, National
Security Agency.
Daniel J. Ryan (1969) “The Distance Between PRI-Ambiguity Isochrones”, Cryptologic Mathematician
Certification Program, National Security Agency.
Daniel J. Ryan (1969) “Generation of Unambiguous Isochrones”, Cryptologic Mathematician Certification
Program, National Security Agency.
Daniel J. Ryan (1968) “PRI Ambiguity resolution”, Cryptologic Mathematician Certification Program,
National Security Agency.
Daniel J. Ryan (1968) “Position Fixing Using Time of Arrival”, Cryptologic Mathematician Certification
Program, National Security Agency.

Speeches and Presentations
1999-2014
2/21/14 “Credentialing the Digital and Multimedia Forensics Professional.” 66th Annual Convention of the
American Academy of Forensic Sciences. Seattle, WA.
10/23/13 “Cyberwar and the Laws of Armed Conflict.” Swedish Delegation, National Defense University.
Washington, DC.
10/16/13 Panelist. “Methods to Apply Digital Forensics and Mitigate Cyber Risk.” FCW Executive Briefs,
Examining Insider Threats, Digital Forensics, and Incident Response. National Press Club,
Washington, DC.
9/24/13 Invited lecture, “Certification of Digital and Multimedia Professionals.” Third Annual (ISC)2
Security Congress. Chicago, Illinois.
9/17/13 Panelist. “Holistic Cyber Security Education: Balancing Breadth and Depth. 2013 NICE
Workshop. National Institute of Standards and Technology. Gaithersburg, Maryland.
8/5/13 Invited lecture.”Cyberlaw.” National Defense University.
3/12/13 Panelist. “Forensic Readiness from a Legal Viewpoint.” 2013 Annual Conference of the
Association of Digital Forensics, Security and Law. Richmond, VA.
3/11/13 Invited lecture, “Certification of Digital and Multimedia Professionals.” 2013 Annual Conference
of the Association of Digital Forensics, Security and Law. Richmond, VA.
3/23/12 Panel Moderator: “Legal Issues in Information Warfare.” 2012 International Conference on
Information Warfare. University of Washington: Seattle, WA.
2/15/12 “Current Events in CyberLaw” Harford Community College: Bel Air, MD.
1/26/12 “In the Path of Heracles: Admissibility of Digital and Multimedia Evidence.” 2012 DoD
Cybercrime Conference. Atlanta, GA.
2/24/11 Panel Moderator, "Digital and Multimedia Forensics." 63d Annual Scientific Meeting, American
Academy of Forensic Sciences. Chicago, IL.
2/10/11 "Cyberwar: The Laws of Armed Conflict in Cyberspace." ISSCA. Edmonton, Alberta, Canada.
2/10/11 "Information Security Curricula," Concordia University College of Alberta. Edmonton, Alberta,
Canada.
10/14/10 “Cyber Incidents: The Spectrum of Possible Legal Responses,” Conference on Cyberlaw as an
Element of National Power. National Defense University. Washington, DC.
9/9/10 Moderator, Keynote Legal Conversation. 3d Annual Washington, D.C. Space and Cyber
Conference, University of Nebraska College of Law, Newseum, Washington, DC. With Col. Gary
Brown, USAF, Senior Legal Advisor, United States CyberCorps, and Marc Berejka, Senior
Advisor to the Secretary, Dept. of Commerce.
8/11/10 “Methods of Uniting a Diverse and Global Student Population in Online Courses.” Conference on
Concepts and Challenges in Online Learning. Morgan State University, Baltimore, Maryland.
6/18/10 “Cybersecurity Regulation: Using Analogies to Develop Frameworks for Regulation”, 2010
Conference on Cyber Conflict, Cooperative Cyber Defence Center of Excellence, Tallinn, Estonia
9/16/09 “Biological Models in Information Security Risk management” Information Security Compliance
and Risk Management Institute, Seattle, Washington
9/9/09 “Legal Responses to Cyber Incidents” International Cyber Conflict Legal and Policy Conference,
Tallinn, Estonia
9/8/09 “Cyberlaw: The United States Approach” Cooperative Cyber Defense Center of Excellence,
Tallinn, Estonia
6/3/09 “Quantitative Risk management for Information Assurance” 13th Annual Colloquium for
Information Systems Security Education. Seattle, Washington
10/1/08 “IA Governance” SecureWorld 2008 Conference, Washington, DC
5/8/08 “Law and Behavior in Cyberspace” Institute for National Security Education & Research,
University of Washington, Seattle, WA.
2/13/08 “Information Assurance Overview and Historical Lessons Learned” National Academies of
Science, SOCOM Standing Committee), Washington, DC
12/3/07 “New Directions in CyberLaw” Federal Communications Commission, Washington, DC
9/18/07 “Risk Management in Information Assurance” Information Security Compliance and Risk
management Institute, University of Washington, Seattle, WA.
6/19/07 “Risk Management in Information Assurance” Information Assurance Center, West Chester
University of Pennsylvania, West Chester, PA
6/14/07 “Digital Forensics” National Resource Judges Program, University of Washington School of Law,
Seattle, Washington
5/9/07 “Information Assurance: Is the Threat of Terrorism Real?” GOVSEC, Washington, DC (with Dr.
Dorothy Denning, Naval Post-Graduate School)
4/9/07 “Public Policy and Law in Cyberspace” 3d Annual Information Assurance Symposium, Hampton
University, Hampton Roads, VA
3/6/07 “SCADA Systems and the Law” Center for Information Assurance and Cybersecurity, University
of Washington, Seattle, Washington
10/26/06 “Security Certification,” Federal Information Assurance Conference (FIAC) 2006, Adelphi,
Maryland
10/4/06 “CyberLaw: Ethics, Morality and Law in the Information Age” Federal IT Summit, FDIC Training
Center, Arlington, VA
9/5/06 “Daubert and Digital Forensics,” 2006 Alaska Information Assurance Workshop, University of Alaska at Fairbanks, Fairbanks, Alaska
8/15/06 “Institutional and Professional Liability in Information Assurance Education”, Invited Keynote
Speech, Eastern Pennsylvania Security Conference (EPASEC), West Chester University of Pennsylvania, West Chester, PA
8/14/06 “Daubert and Digital Forensics,” Eastern Pennsylvania Security Conference (EPASEC), West Chester University of Pennsylvania, West Chester, PA
6/5/06 “Institutional and Professional Liability in Information Assurance Education”, 10th Colloquium on
Information Systems Security Education, University of Maryland University College, Adelphi, MD
4/27/06 “Protecting Critical Infrastructure: Data Security,” GOVSEC 2006, Washington, DC
3/8/06 “Federal Information Security trends and Directions,” FOSE 2006, Washington, DC
1/12/06 “Daubert and Digital Forensics,” 2006 Cybercrime Conference. Palm Harbor, Florida.
11/25/05 "Homeland Security and Information Warfare" 6th Annual conference on Information Warfare and Information Operations Conference, Deakins University, Geelong, Australia.
11/21/05 “Biological Systems and Models in Information Security”, IEEE, Adelaide, Australia.
11/21/05 "The Ideal Graduate" 1st annual Colloquium for Information Systems Security Education (Asia Pacific), Adelaide, Australia.
11/10/05 “Critical Infrastructure Protection, Information Assurance and Cyberlaw”. West Chester University of PA, Graduate Business Technology Center, West Chester, PA.
11/7/05 “CyberLaw and Information Assurance”, Hampton University, Hampton Roads, VA
10/25/05 “Voodoo INFOSEC”, University of Alaska at Fairbanks, Fairbanks, Alaska
10/13/05 “CyberLaw in Information Assurance”, Invited Lecture, Towson University, Baltimore, Maryland
10/7/05 “Biological Systems and Models in Information Security”, Humanities and Technology Association Conference 2005, Salt Lake City, Utah
6/6/05 “Teaching Information Assurance Policy and Cyberlaw”, Colloquium on Information Systems Security Education, Atlanta, GA.
1/7/05 “CyberLaw in Information Assurance”, Invited Lecture, Naval Post-Graduate School, Monterey, CA.
1/6/05 “Statistical Methods in Information Assurance”, Invited Lecture, Naval Post-Graduate School, Monterey, CA.
10/19/04 “Cyber Security and Academia”, (ISC)2 Institute, McLean, VA
9/15/04 “New Directions in Cyberlaw”, Harford Information Technology Network, Harford Community College, Aberdeen, MD
6/22/04 “Cyberlaw Update: Ethics, Morality and Law in the Information Age, Veterans’ Administration INFOSEC Conference, Atlanta, GA
6/7/04 “Institutional and Professional Liability in Information Assurance Education”,
Colloquium on Information Systems Security Education, United States Military Academy, West Point, NY
4/30/04 “Recent Developments in CyberLaw”, Cybersecurity ’04, Norwalk Community College, Norwalk, CT
3/31/04 “Cryptology and the Law”, University of Maryland University College, College Park, MD
12/16/03 “Cyberlaw Update: Ethics, Morality and Law in the Information Age”, IEEE, Historical Electronics Museum, Baltimore, MD
6/26/03 “Cyberlaw Update: Ethics, Morality and Law in the Information Age, Veterans’ Administration INFOSEC Conference, San Francisco, CA
6/4/03 “New Directions in Cyberlaw”, Colloquium on Information Systems Security Education, Washington, D. C.
6/3/03 “A Research Agenda for Information Security”, Colloquium on Information Systems Security Education, Washington, D. C.
6/2/03 “Teaching Information Assurance Policy and Cyberlaw”, Colloquium on Information Systems Security Education, Washington, D. C.
5/14/03 “Teaching Information Security”, Maryland Association of Community Colleges, Columbia, Maryland
3/18/03 “National Perspectives on Cybersecurity”, National Security Institute, Eastern Michigan University
10/12/02 “Cyberlaw Tuneup”, 3d Annual George Washington University, Information Security Conference, Washington, D. C.
10/5/02 “Preserving Individual Liberty in an Age of Cybercrime and Terrorism”, International Association
of Administrative Professionals, Philadelphia, Pennsylvania
9/24/02 “Legal Issues in Digital Forensics”, Forensics Workshop, University of Idaho, Moscow, Idaho
9/19/02 “Creating a Comprehensive Program for Information Security”, 5th Science in Savannah Symposium, Armstrong Atlantic State University, Savannah, Georgia
7/19/02 “Detecting and Deterring Fraud”, National Association of Federal Credit Unions, Seattle, Washington
6/19/02 "The Right to Know: Sharing Exploits, Personal Data, and Other Information", Panel Discussion, United States Military Academy
6/12/02 “Security in an Era of Globalization”, Eastern Michigan University, Ypsilanti, Michigan
6/3/02 “Liability in Information Assurance Education”, National Colloquium for Information Systems
Security Education, Seattle, Washington
5/21/02 “Information Security Education”, Information Systems Security Association, Ashburn, VA
5/14/02 “New Directions in CyberLaw”, VA Security Conference, New Orleans, LA
3/1/02 “New Directions in CyberLaw”, FAA/TRW, Washington, D. C.
2/22/02 “The Internet: Advantages and Security Risks”, NAFCU, Orlando, FL
11/14/01 “New Directions in CyberLaw”, HTCIA, Washington, D. C.
10/2/01 “Litigation Risk”, Department of Commerce, Washington, D. C.
5/11/01 “Privacy and Security”, IFC Technical Conference, Washington, D. C.
5/1/01 “Jurisdiction in Cybercrime”, National Institute for Government Innovation, Washington, D. C.
4/25/01 “New Directions in CyberLaw”, FBI Infraguard, Buffalo, NY
4/12/01 “New Directions in CyberLaw”, National Security Agency, Ft. Meade, Maryland
1/18/01 “New Directions in CyberLaw”, Association of Old Crows, Ft. Meade, Maryland
12/7/00 “Defending Your Digital Assets”, George Washington University Technology Program for Industry, Ashburn, VA
12/5/00 “Risk Management”, Privacy and Security Summit, Washington, DC
11/10/00 “Information Security and the Law”, TIPS Seminar, Stewart Technologies, Tampa, FL
11/6/00 “New Directions in CyberLaw”, International Finance Corporation, Washington, DC
10/18/00 “Combating Cyber Crime: Investigation & Prosecution”, National Institute for Government Innovation, Las Vegas, NV
10/6/00 “Engineering Management and Cyberspace”, American Society for Engineering Management, Washington, DC
8/10/00 “Electronic Commerce and CyberLaw”, Fannie Mae, Washington, DC
8/7/00 “Information Security and the Law”, Housing Roundtable, e-Original,Tampa, FL
7/12/00 “Legal Implications of Information Operations and Assurance”, e-Government Conference, Washington, DC
6/19/00 “Expert Testimony in Cybercrime Cases”, National Institute for Government Innovation, Washington, DC
6/14/00 “E-Commerce, E-Government and Public Key Infrastructures”, Mortgage Bankers Association, Washington, DC
4/27/00 “E-Commerce, E-Government and Public Key Infrastructures”, Armed Forces Electronics and Communications Association, Ft. Meade, Maryland
4/26/00 “Computer and Network Security”, George Washington University Technology Conference, Ashburn, VA
2/4/00 “Issues regarding a successful partnership of Government, Industry, and Academia for Information
Security”, Federal Computer Week Conference, Washington, DC
1/24/00 “Determining the Applicable Jurisdiction in Cybercrimes”, National Summit on Cybercrime, Washington, DC
9/16/99 “Encryption and e-Government”, IRMCO, Williamsburg, VA
6/25/99 “Protecting the National Information Infrastructure”, Joint DoD-DCI Security Commission, Washington, DC
2/18/99 “Information Security: Challenges and Strategies”, Oceana Conference, Miami, FL
2/2/99 “Trade Secrets, Information Security and Industrial Espionage”, American Bar Association, New York City
1/26/99 “Information Security: Challenges and Strategies”, International Security Management Association, West Palm Beach, FL

NIATEC National Science Foundation Information Assurance Directorate Department of Homeland Security CISSE Scholarship For Service