Bill Stackpole

Professor

Department of Computing Security

Golisano College of Computing and Information Sciences

bill.stackpole@rit.edu

585-475-5351

Office Location

GOL-2279

Office Mailing Address

152 Lomb Memorial Drive Rochester, NY 14623

Bill Stackpole

Professor

Department of Computing Security

Golisano College of Computing and Information Sciences

Education

BS, Roberts Wesleyan College; MS, Rochester Institute of Technology

Bio

Professor in the Computing Security department, received his MS in Information Technology from Rochester Institute of Technology. Since joining RIT in 2001, Professor Stackpole has been actively involved in the IT security area, especially in computer forensics, penetration testing and security competitions. His current research interests include system security, computer forensics and incident response, and training for blue and red teams. He has published papers in research conferences and journals and received grants from the DOD, RIT, ETRI, University of Tulsa, and private sector companies. Professor Stackpole teaches a variety of undergraduate and graduate courses in digital forensics and security and created and directed the Collegiate Penetration Testing Competition at RIT. nationalcptc.org

bill.stackpole@rit.edu

585-475-5351

Personal Links

Google Scholar

Areas of Expertise

Defensive and Offensive Security

Medical Device Security

Data Security

Currently Teaching

CSEC-464

Computer System Forensics

3 Credits

An investigation of the tasks of incident response and computer system forensics will be pursued. Students will learn the basic procedure for incident response as well as the tools needed to uncover the activities of computer users (deleted and hidden files, cryptographic steganography, illegal software, etc). Students will also learn to employ the activities needed to gather and preserve this evidence to ensure admissibility in court.

CSEC-603

Enterprise Security

3 Credits

This course is designed to provide students with the advanced concepts needed to establish network security strategies to ensure adequate protection for the corporate environment and yet provide accessibility for the corporate community.

CSEC-465

Network and System Security Audit

3 Credits

This course will provide students with an introduction to the processes and procedures for performing a technical security audit of systems and networks. Students will explore state-of-the-art auditing techniques and apply appropriate tools to audit systems and network infrastructure components. In addition, students will write and present their audit reports on vulnerabilities as well as recommendations to fix any problems discovered.

CSEC-471

Penetration Testing Frameworks & Methodologies

3 Credits

The process and methodologies employed in negotiating a contract, performing a penetration test, and presenting the results will be examined and exercised. Students will be exposed to tools and techniques employed in penetration testing. Assignments will explore the difficulties and challenges in planning for and conducting an assessment exposing potential vulnerabilities. Students will develop a metric used to evaluate the security posture of a given network and will develop a coherent and comprehensive report of their findings to present to their client. Particular attention will be paid to the ramifications of the findings toward the security of the targets.

CSEC-599

Independent Study in CSEC

1 - 6 Credits

Students will work with a supervising faculty member on a project of mutual interest. Project design and evaluation will be determined through discussion with the supervising faculty member and documented through completion of an independent study form to be filed with the department of computing security.

CSEC-490

Capstone in Computing Security

3 Credits

This is a capstone course for students in the information security and forensics program. Students will apply knowledge and skills learned and work on real world projects in various areas of computing security. Projects may require performing security analysis of systems, networks, and software, etc., devising and implementing security solutions in real world applications.

CSEC-380

Principles of Web Application Security

3 Credits

This course is designed to give students a foundation in the theories and practice relating to web application security. The course will introduce students to the concepts associated with deploying and securing a typical HTTP environment as well as defensive techniques they may employ.

In the News

May 21, 2020

RIT team prepares for virtual cyber defense national championship

RIT’s cyber defense team is getting a first-hand look at the challenges of socially distanced business operations, as they prepare for a new format of the National Collegiate Cyber Defense Competition (CCDC). The annual championship is part of the nation’s largest college-level cyber defense competition, an extracurricular event that helps to train the next generation of cybersecurity experts.
March 25, 2020

RIT wins Northeast regional collegiate cyber defense competition

A team of RIT cybersecurity students is moving on to the National Collegiate Cyber Defense Competition (NCCDC) after taking first place at the Northeast regional competition March 20–22. The students pulled together a win, despite having to compete from separate locations across the country, in response to the COVID-19 pandemic.

July 30, 2019

School districts on guard against ransomware attacks after recent surge

More News

Select Scholarship

Published Conference Proceedings

Kim, Youngho, Bill Stackpole, and Tae Oh. "Analysis of Mobile Malware Based on User Awareness." Proceedings of the 3rd Annual Conference on Research in Information Technology, Atlanta, GA. Ed. Rob Friedman. Atlanta, GA: n.p., 2014. Web.

Sharma, Kuhu, et al. "Meshed Tree Protocol for Faster Convergence in Switched Networks." Proceedings of the ICNS 2014: The Tenth International Conference on Networking and Services. Chamonix, France: n.p., 2014. Web.

Hartpence, Bruce, et al. "Natural Selection in Virtualization Environments: A Decade of Lessons from Academia." Proceedings of the 11th International Conference on Education and Information Systems, Technologies and Applications: EISTA, Orlando Florida, July 2013. Orlando, Fl: n.p., Print.

Johnson, Daryl, et al. "Designing, Constructing and Implementing a Low-Cost Virtualization Cluster for Education." Proceedings of the 11th International Conference on Education and Information Systems, Technologies and Applications: EISTA, Orlando, FL July 2013. Orlando, FL: n.p., Print.

Markowsky, George, et al. "The 2013 NECCDC - Lessons Learned." Proceedings of the 2013 International Conference on Security and Management. Las Vegas, NV: n.p., Print.

Szost, Colin, et al. "Teaching Android Malware Behaviors for Android Platform using Interactive Labs." Proceedings of the Annual Symposium on Information Assurance, Albany, NY June 2013. Albany, NY: n.p., Print.

Sharma, Kriti, et al. "Malware Analysis for Android Operating System." Proceedings of the Annual Symposium on Information Assurance, Albany, NY June 2013. Albany, NY: n.p., Print.

Andrews, Benjamin, Tom Oh, and Bill Stackpole. "Android Malware Analysis Platform." Proceedings of the Annual Symposium on Information Assurance, Albany, NY June 2013. Albany, NY: n.p., Print.

Mauer, Brandon, William Stackpole, and Daryl Johnson. "Developing Small Team-based Cyber Security Exercises." Proceedings of the 2012 International Conference on Security and Management. Las Vegas, NV: SAM, 2012. Web.

Hirwani, M, et al. "Forensic Acquisition and Analysis of VMware Virtual Hard Disks." Proceedings of the 2012 International Conference on Security and Management. Las Vegas, NV: SAM, 2012. Web.

Pan, Yin, et al. "Game-based Forensics Course For First Year Students." Proceedings of the SIG ITE 2012. Ed. ACM. Calgary, Alberta, Canada: ACM 978-1-4503-1464-0/12/10, 2012. Web.

Gonzalez, Carlos, Bill Stackpole, and Tae Oh. "Anti-Spyware Analysis for iOS: An Evaluation of Current Security Products Available for iOS." Proceedings of the Annual Symposium on Information Assurance & Secure Knowledge Management. Albany, NY: ASIA, 2012. Print.

Cummins, Emily, Bill Stackpole, and Tae Oh. "Blackberry Structure and Anti-Malware Analysis." Proceedings of the Annual Symposium on Information Assurance & Secure Knowledge Management. Albany, NY: SAM, 2012. Print.

Ramachandran, Rahul, Tae Oh, and William Stackple. "Android Anti-Virus Analysis." Proceedings of the Annual Symposium on Information Assurance & Secure Knowledge Management. Albany, NY: ASIA, 2012. Print.

Levinson, Alex, Bill Stackpole, and Daryl Johnson. "Third Party Application Forensics on Apple Mobile Devices." Proceedings of the Hawaii International Conference on System Sciences. Ed. Ralph H. Sprague, Jr. Kauai, HI: HICSS, 2011. Print.

Shows/Exhibits/Installations

Szost, Colin. Teaching Android Malware Behavior for the Android Platform Using Interactive Labs. By Colin Szost, Tom Oh, and Bill Stackpole. May 2013. ImagineRIT, Rochester. Exhibit.

Journal Paper

Alghamdi, Khaled, Tae Oh, and Bill Stackpole. "Bluetooth Security Lock for Android Smart Phone Platform." International Journal of Scientific and Engineering Research 3. 7 (2012): 2. Web.