Bill Stackpole
Professor
Department of Computing Security
Golisano College of Computing and Information Sciences
585-475-5351
Office Location
Office Mailing Address
152 Lomb Memorial Drive
Rochester, NY 14623
Bill Stackpole
Professor
Department of Computing Security
Golisano College of Computing and Information Sciences
Education
BS, Roberts Wesleyan College; MS, Rochester Institute of Technology
Bio
Professor in the Computing Security department, received his MS in Information Technology from Rochester Institute of Technology. Since joining RIT in 2001, Professor Stackpole has been actively involved in the IT security area, especially in computer forensics, penetration testing and security competitions. His current research interests include system security, computer forensics and incident response, and training for blue and red teams. He has published papers in research conferences and journals and received grants from the DOD, RIT, ETRI, University of Tulsa, and private sector companies. Professor Stackpole teaches a variety of undergraduate and graduate courses in digital forensics and security and created and directed the Collegiate Penetration Testing Competition at RIT. nationalcptc.org
585-475-5351
Areas of Expertise
Defensive and Offensive Security
Medical Device Security
Data Security
Currently Teaching
CSEC-464
Computer System Forensics
3 Credits
An investigation of the tasks of incident response and computer system forensics will be pursued. Students will learn the basic procedure for incident response as well as the tools needed to uncover the activities of computer users (deleted and hidden files, cryptographic steganography, illegal software, etc). Students will also learn to employ the activities needed to gather and preserve this evidence to ensure admissibility in court.
CSEC-465
Network and System Security Audit
3 Credits
This course will provide students with an introduction to the processes and procedures for performing a technical security audit of systems and networks. Students will explore state-of-the-art auditing techniques and apply appropriate tools to audit systems and network infrastructure components. In addition, students will write and present their audit reports on vulnerabilities as well as recommendations to fix any problems discovered.
CSEC-471
Penetration Testing Frameworks & Methodologies
3 Credits
The process and methodologies employed in negotiating a contract, performing a penetration test, and presenting the results will be examined and exercised. Students will be exposed to tools and techniques employed in penetration testing. Assignments will explore the difficulties and challenges in planning for and conducting an assessment exposing potential vulnerabilities. Students will develop a metric used to evaluate the security posture of a given network and will develop a coherent and comprehensive report of their findings to present to their client. Particular attention will be paid to the ramifications of the findings toward the security of the targets.
CSEC-603
Enterprise Security
3 Credits
This course is designed to provide students with the advanced concepts needed to establish network security strategies to ensure adequate protection for the corporate environment and yet provide accessibility for the corporate community.
CSEC-380
Principles of Web Application Security
3 Credits
This course is designed to give students a foundation in the theories and practice relating to web application security. The course will introduce students to the concepts associated with deploying and securing a typical HTTP environment as well as defensive techniques they may employ.
CSEC-599
Independent Study in CSEC
1 - 6 Credits
Students will work with a supervising faculty member on a project of mutual interest. Project design and evaluation will be determined through discussion with the supervising faculty member and documented through completion of an independent study form to be filed with the department of computing security.
CSEC-490
Capstone in Computing Security
3 Credits
This is a capstone course for students in the information security and forensics program. Students will apply knowledge and skills learned and work on real world projects in various areas of computing security. Projects may require performing security analysis of systems, networks, and software, etc., devising and implementing security solutions in real world applications.
Latest News
-
March 25, 2020
![Person looking at multi-colored computer code on a computer monitor.]()
RIT wins Northeast regional collegiate cyber defense competition
A team of RIT cybersecurity students is moving on to the National Collegiate Cyber Defense Competition (NCCDC) after taking first place at the Northeast regional competition March 20–22. The students pulled together a win, despite having to compete from separate locations across the country, in response to the COVID-19 pandemic.
Select Scholarship
Published Conference Proceedings
Kim, Youngho, Bill Stackpole, and Tae Oh. "Analysis of Mobile Malware Based on User Awareness." Proceedings of the 3rd Annual Conference on Research in Information Technology, Atlanta, GA. Ed. Rob Friedman. Atlanta, GA: n.p., 2014. Web.
Sharma, Kuhu, et al. "Meshed Tree Protocol for Faster Convergence in Switched Networks." Proceedings of the ICNS 2014: The Tenth International Conference on Networking and Services. Chamonix, France: n.p., 2014. Web.
Hartpence, Bruce, et al. "Natural Selection in Virtualization Environments: A Decade of Lessons from Academia." Proceedings of the 11th International Conference on Education and Information Systems, Technologies and Applications: EISTA, Orlando Florida, July 2013. Orlando, Fl: n.p., Print.
Johnson, Daryl, et al. "Designing, Constructing and Implementing a Low-Cost Virtualization Cluster for Education." Proceedings of the 11th International Conference on Education and Information Systems, Technologies and Applications: EISTA, Orlando, FL July 2013. Orlando, FL: n.p., Print.
Markowsky, George, et al. "The 2013 NECCDC - Lessons Learned." Proceedings of the 2013 International Conference on Security and Management. Las Vegas, NV: n.p., Print.
Szost, Colin, et al. "Teaching Android Malware Behaviors for Android Platform using Interactive Labs." Proceedings of the Annual Symposium on Information Assurance, Albany, NY June 2013. Albany, NY: n.p., Print.
Sharma, Kriti, et al. "Malware Analysis for Android Operating System." Proceedings of the Annual Symposium on Information Assurance, Albany, NY June 2013. Albany, NY: n.p., Print.
Andrews, Benjamin, Tom Oh, and Bill Stackpole. "Android Malware Analysis Platform." Proceedings of the Annual Symposium on Information Assurance, Albany, NY June 2013. Albany, NY: n.p., Print.
Mauer, Brandon, William Stackpole, and Daryl Johnson. "Developing Small Team-based Cyber Security Exercises." Proceedings of the 2012 International Conference on Security and Management. Las Vegas, NV: SAM, 2012. Web.
Hirwani, M, et al. "Forensic Acquisition and Analysis of VMware Virtual Hard Disks." Proceedings of the 2012 International Conference on Security and Management. Las Vegas, NV: SAM, 2012. Web.
Pan, Yin, et al. "Game-based Forensics Course For First Year Students." Proceedings of the SIG ITE 2012. Ed. ACM. Calgary, Alberta, Canada: ACM 978-1-4503-1464-0/12/10, 2012. Web.
Gonzalez, Carlos, Bill Stackpole, and Tae Oh. "Anti-Spyware Analysis for iOS: An Evaluation of Current Security Products Available for iOS." Proceedings of the Annual Symposium on Information Assurance & Secure Knowledge Management. Albany, NY: ASIA, 2012. Print.
Cummins, Emily, Bill Stackpole, and Tae Oh. "Blackberry Structure and Anti-Malware Analysis." Proceedings of the Annual Symposium on Information Assurance & Secure Knowledge Management. Albany, NY: SAM, 2012. Print.
Ramachandran, Rahul, Tae Oh, and William Stackple. "Android Anti-Virus Analysis." Proceedings of the Annual Symposium on Information Assurance & Secure Knowledge Management. Albany, NY: ASIA, 2012. Print.
Levinson, Alex, Bill Stackpole, and Daryl Johnson. "Third Party Application Forensics on Apple Mobile Devices." Proceedings of the Hawaii International Conference on System Sciences. Ed. Ralph H. Sprague, Jr. Kauai, HI: HICSS, 2011. Print.
Shows/Exhibits/Installations
Szost, Colin. Teaching Android Malware Behavior for the Android Platform Using Interactive Labs. By Colin Szost, Tom Oh, and Bill Stackpole. May 2013. ImagineRIT, Rochester. Exhibit.
Journal Paper
Alghamdi, Khaled, Tae Oh, and Bill Stackpole. "Bluetooth Security Lock for Android Smart Phone Platform." International Journal of Scientific and Engineering Research 3. 7 (2012): 2. Web.