Project Portfolio

This page highlights some of the key projects have worked on over the years forming who I am as a developer, architect and project leader. I have worked and established globally diverse teams that have solved some very challenging problems.

Slide 3 – National Cyber Leap Year

December, 2002-2003 in USA

Technical Lead for the Financial Sector for a Very Large National Cyber Exercise Focused on Supply Chain Defense

This was the most formative experience I had in my carreer, besides establishing a cyber lab in my basement in the 1990s.
In the early 2000, I was a technical lead for the financial sector one of the largest cyber security exercises our nation has seen. I saw experienced first hand the challenges in security global supply chains within the financial sector. I dove into studying various platforms including clearing and settling platforms, banking, and trading systems. The methods used in data sharing back then, were exhaustive, the needs for establishing open communication between public and private organizations were substantive.
My role lead to the establishment of a virtual distributed network, threat groups, and attack vectors to be played out over the network, which were distilled into a set of injects to slowly notch up the distributed game and the players.
This formative experience allowed me to shift my perspective in researching and developing future defense technologies for the Department of Homeland Security, and under later contracts through DARPA. Based on the exercises outcomes, I focused more on on threat-centric and asset-centric approaches to data sharing, while looking facilitating distributed defense capabilities for global supply chains.

Slide 1 – Ontology Driven Data Fusion

August 2006-2014 at Sonalysts

Occulex: An Ontology-driven Data Fusion and Behavior Analytics

I have been involved with network security since the mid-90s, enjoying opensource tools like Snort, pfsense setting up a lab in my cellar. In 2006, looking into the application of Ontology creating more abstract behavior primitives was disruptive approach in this domain, and it still is!. I started to dive into network flow analysis a little later on, and it occurred to me that flow data can be aggregated to find patterns, after the initial POC was created, and behaviors were isolated and visualized I felt like Darwin exploring and cataloging the Galapagos…

I developed this layered model to showcase how normal and abnormal system behaviors can be derived from raw events and data output from sensors.

Slide 3 -Covid Fusion

March 2020-present at home

COVID Fusion: Bringing Together Disparate Data Sources to Make sense of Infection Rates

COVID fusion is an open source project hosted on github, that is used to bring together multiple disparate sources of data, and initial fuse the data based on geographic extents. The project will initially use a series of Jupyter notebooks written in Python 3, to ETL data, fuse data into counties. I am very interested in how weather, population density, and infection rate/type of SARS-CoV-2 impacts risk, and the development of risk models for infectious diseases. The open-source project has a way to go… lets see where it ends up…

This project will leverage this overall process model, and ETL and fuse COVID related data on the web. The data will then be able to research and develop new models to better understand the disease and the spread of SARS-CoV-2 virus

Slide 1 – Ontology Driven Data Fusion

August 2006-2014 at Sonalysts

Creating Ontology/Taxonomy: Its a Matter of Perspective

Having an Ontology-driven capability can facilitate and understanding of decisions made by a system. Ontology, and taxonomy, can drive a common understanding not only by the customer e.g. MITRE ATT&CK, but, can also drive the explanation of models used by the system, e.g. explainable AI. I have developed Ontology/Taxonomy driving threat sense-making, system behaviors, and detector-centric Ontology. Each semantic ingress point can create value for a platform. There are a number of tools that can be used to design e.g. Protege, and also realize the Ontology e.g. Neo4j.

This depiction of a sensor event taxonomy can drive the fusion of data from multiple sensor types. This pic is taken from https://www.ccdcoe.org/uploads/2018/10/15_d2r2s2_mccusker.pdf.

Slide 2 – Cyber MRI

June 2008 at Sonalysts

Created a Dynamic and Interactive Cyber MRI 3D Visualization of Network Behaviors

Over a period of a year, 2007-2008, our team, of 3 people in Sonalysts, collected millions of asset-centric behavior records. Unfortunately, there was not a tool to dynamically explore the data. So we build a tool, so we could virtually fly through this feature space, and drill down into an asset, and explore the events generated by our behavior sensor.
This project focused taking the behaviors that were captured from a network and visualizing them allowing for drill down into specific attributions of the devices.

https://www.theday.com/article/20131124/biz02/311249961

“Not far away, Owen McCusker, principal analyst for Sonalysts’ cyber security division, showed off a computer screen that he called a “cyber MRI,” referring to the magnetic resonance imaging that hospitals perform to look inside the bodies of patients. In this case, the patented scan is a color-coded depiction that shows the likelihood of a computer-security problem within a network.”

Slide 3 – National Cyber Leap Year

August, 2009 in Arlington, VA

White House Sponsered National Cyber Leap Year – Health-Inspired Network Defense

Back in 2009 the White House Office of Science and Technology Policy (OSTP) and the NITRD Program Senior Steering Group (SSG) for Cybersecurity R&D developed the Leap-Ahead Initiative with the goal of developing a national cybersecurity leap-ahead R&D agenda. Based on my work with behavior analytics I was invited to join Health-Inspired Network Defense group. I had the incredible opportunity to work with Dr. Polly Matzinger and Dr. Dipankar Dasgupta. I talked to great lengths about her “Danger Model”, and immunological concepts of “self and non-self”. This was a game changer for me and how I view defensive solutions for infrastructure….

The Danger Model can be used in developing Behavior Attribution Analytics used to discern between threats, anomalies and normal system behaviors of components and assets. In the Fall of 2014, I started writing a book focused on this concept. Attribution Analytics can combine multiple modeling and transformation concepts to make sense of raw data.

Slide 4 – SmartWeb

Jan-Dec 1998 at SmartWeb, Ridgefield, CT

SmartWeb – Developing an Automated Link Traversal Tool for Marketing Analytics

This was my first weekend startup, creating a link-click monitoring tools for Marketing Analytics. The project took off right before the dot-com bubble burst later that year. We developed a POC, showcased it, and got the idea appraised in the context of our value proposition. My focus was on the parsing and updating of pages to incorporate monitoring tags. This was a differentiator in its time. This technology was an indirect precursor to Google Analytics.

Slide 5 – Experiments in Ambiance

June 2009-2011 by Bean and Leaf, New London, CT

Experiments in Ambiance (EIA)

I enjoy connecting things, and this experiment gave me the opportunity to bring together musicians, photographers, videographers and rapper/poets to create what we started to call soundscapes. I would go through a community taking pictures, and recording sounds as a backdrop to a improvisational performance we would put together on the stage of the former Bean and Leaf in downtown New London, CT. It was an eclectic improvisation of sight and sound. We would pick a key, then musicians would start to play, softly, with the ambient background, and then poets and rappers had the opportunity to take the mic and free-form. This was such a blast!!! I hope to find a time and place to start this up again soon.

Slide 6 – Trust-based CPS

August, 2013 in Sonalysts, ORNL, MIT

Trust-based Defensive Models as a Disruption from current Cyber-Physical System (CPS) Defense and Open Systems

After establishing behavior analytics as a disruptive defensive posture, I begin adcovating its use in the defense of Cyber Physical Systems.
I wrote a paper to NATO proposing an initial trust model based on host and network behaviors, and then reached out to create joint proposals with ORNL and MIT to start to build out capabilities.

“Combining Trust and Behavioral Analysis to Detect Security Threats in Open Environments”
https://www.semanticscholar.org/paper/Combining-Trust-and-Behavioral-Analysis-to-Detect-McCusker-Glanfield/f33397f6fdb0d874559cf167da7599e07b1f39ca

“Behavioral Trust as a Metric Enabling Continuous Risk Assessment in Heterogenous Environments:Bridging Operational Risk Between the NOC and the Boardroom”

Slide 7 – Intelligent Mail Sorting

September, 1990 by Scancode

An Improbable Intelligent Mail Sorting Capability Driven by Primitive-base Classification of Addresses

I joined a startup company to develop an intelligent, multiprocessing-based, mail sorting capability to handle the most difficult addresses, yup, using COTS components, less a proprietary shared memory capability. This is at is core a cyber physical system (CPS).
Core to this project was the use of a newly create algorithm using omnifont-based optical character recognition. Omnifont, and its use of primitives to find and classify objects, change my way of thinking, period.
We used DESQview OS, most stable multithread OS in that time, to implement a stateless, message based distributed capability (sounds like AWS development) to connect 4 different distributed applications. We also used a fancy RTOS, that used threading, developing embedded code on a PC104 Architecture using Little Giant development platform… not sure I liked this, but, increaed my liking building control systems with state-based executives loops.

Slide 8 – Gerber Garmenet Technology

June 1993 by Gerber Garmnet Technology

Ready. Set. Multi-task! Near Realtime Control, Distributing Processing and Cutting Lots of Fabric

I love developing things that you can see move, Cyber Physical Systems (CPS). In this case machine automation. This project focused on the creation of a near-real-time control system driving clothes cutting and manufacturing. The ask? It must use Windows NT, the newest multi-threaded OS on the market…

Slide 9 – Dictaphone

August 1996 at Dictaphone

Communications Recording Solutions going Digital and Distributed

Moving into the digital realm with audio was a journey. One of the highlights of this work was focused on using and expanding on the RIFF standard for securely storing audio. I had the chance to work with a few teams here, but, focused more on the use of CORBA to provide backend storage for a Communication Recording Solution. I also created some libraries for interfacing to Oracle DB.

Slide 10 – Realizing the Danger Model

January 2020 by East Lyme, CT

Realizing Dr. Matzinger’s “Danger Model” during the SARS-COV-2 Pandemic

These are crazy times, and so much is to be learned about the transmission of SARS-COV-2 and the COVID-19 disease. I spent the later winter in 2020, collecting journal articles to understand the virus and its spread, sharing data science ideas to friends around the globe. My focus, my part in digging in is about risk derived from realizing patterns in larger scale data.
My touchstone is Dr. Polly Matzinger’s “Danger Model”, how to differentiate between self-nonself with abstract views of data sets. Where I once leveraged my basement lab for network security research, I am now re-tooling for healthcare to open share some findings.
I created some opensource project that I will be sharing, that ETLs data, transforms it, fuses data, and begins model and visualize.
This is a continuation of my journey as a data scientist and researcher.