Research Toward Automated Security Risk Detection in Large Software Using Call Graph Analysis Published research demonstrating how call graph clustering and heuristic analysis can automate threat modeling for large-scale cloud-native applications, addressing the scalability challenges of manual security assessment. Paper Information Title: Toward Automated Security Risk Detection in Large Software Using Call Graph Analysis Authors: Nicholas Pecka (University of North Texas & Red
Research Presenting at CRiSIS 2025: Automated Security Risk Detection Through Call Graph Analysis I'm excited to share that my latest research on automating threat modeling will be presented at the 20th International Conference on Risks and Security of Internet and Systems (CRiSIS) 2025! Conference Details Conference: 20th International Conference on Risks and Security of Internet and Systems (CRiSIS 2025) Location: Gatineau,
Research Privilege Escalation Attack Scenarios on the DevOps Pipeline Within a Kubernetes Environment Published research demonstrating how DevOps pipelines can be exploited through privilege escalation attacks, challenging the assumption that DevSecOps tool adoption alone ensures security. Paper Information Title: Privilege Escalation Attack Scenarios on the DevOps Pipeline Within a Kubernetes Environment Authors: Nicholas Pecka (Iowa State University), Lotfi ben Othmane (Iowa State University)
Research Presenting at ICSSP 2022: Privilege Escalation Attacks on DevOps Pipelines I'm excited to share that my research on DevOps security will be presented at the International Conference on Software and System Processes (ICSSP) 2022! Conference Details Conference: International Conference on Software and System Processes and International Conference on Global Software Engineering (ICSSP'22) Location: Pittsburgh, PA, USA