Section 1

Empty section. Edit page to add content here.


I have willingly undertaken problems deemed too difficult, and ventured into territory considered too risky by others. I am inclined to explore unconventional areas that expand the boundaries of traditional disciplines, and to apply innovative concepts from other fields. My background in engineering optimization, artificial intelligence, computer science, and information security informs my research. During my masters and doctoral work, I incorporated artificial intelligence and machine learning techniques into engineering design. At General Electric (GE), I overhauled traditional design processes by incorporating formal optimization models of automation.

At the University, I have sought to bring novel ideas into information assurance, abstracting models from biology (i.e. immune systems and gene regulatory pathways) to develop network security models, and following the social behavior of insects for insights into self-organized distributed computing architectures. A common career thread has been the blending of concepts from information technology, computer science, business, and engineering to create new streams of interdisciplinary research. My multi-disciplinary research portfolio spans five areas: information security, innovative education and pedagogy, forensics and cybercrime, critical infrastructure, and cyberwarfare.
Far better to dare mighty things, to win glorious triumphs, even though checkered by failure, than to take rank with those poor spirits who neither enjoy much nor suffer much, because they live in the gray twilight that knows not victory nor defeat. – Theodore Roosevelt

Security and Privacy

Security Behavior: A team of behavioral scientists and security researchers are working on several projects in this area, whose fundamental premise is that information security is not entirely a technology problem; it is inextricably linked to human behavior. Employees are widely recognized as the weakest link in an organization’s cybersecurity practice. Yet current programs to improve employee cybersecurity behaviors often fail because managerial methods are not viewed as personally relevant. One of our research projects (The New Security Calculus: Incentivizing Good User Security Behavior, supported by NSF) will address a significant gap in scientific investigations of user cybersecurity hygiene by providing direct financial incentives to motivate users to comply with organizational cybersecurity policies and procedures. In this work, we describe the insider cybersecurity problem, evaluate current research approaches, identify the gap in the present cybersecurity decision calculus, and test the efficacy of both providing direct financial incentives for positive cybersecurity hygiene, and of psychological manipulations (nudges) in sustaining compliance.

Insider Threats: Insider threats are the focus of another research project (Insider Threat Detection in Organizations and Enterprises, funded by IARPA), which I am working on, in collaboration with General Electric. Most insider threat detection methods rely on forensics data analysis. The fundamental challenge with most of these data analytic systems is that they rely on data analysis post incident. The detection may take weeks or even months, and the damage is often done by the time the incident is discovered and mitigated. Identifying individuals who pose risks a priori, and preventing insider theft from happening is certainly more desirable. Our objective in this study is to get a broad understanding of the insider threat problem by creating various contexts within which such behavior is likely to happen, and then creating probes/triggers, and testing their efficacy.

Priming: This work tests a set of hypotheses on policy compliance and copyright infringement based on a behavioral ethics framework. Self-concept maintenance theory suggests that the ethical standards that govern or influence decision-making are subject to a process of categorization, which is malleable. The study tests the effects of priming on these mechanisms, and the effects of monitoring and performance goals on security behaviors. The practical implications suggest that if priming could be an effective agent of behavioral change, it may be effectively used by organizations to reduce information security threats.

Risk disposition: Security-related decision-making is a complex process that is driven by an individual’s risk perception, self-efficacy, and propensity to accept risks. Moving beyond the simple carrot-and-stick related research based on models of protection motivation and deterrence theories, this work explores the role of one particular dispositional factor, individual risk acceptance vs. risk aversion. It proposes a model that shows the impact of individual dispositional risk propensity and risk perception on employees’ security-related decisions, which will lay a foundation for the design of effective security compliance interventions.

Related Publications:

  • Goel, S., Williams, K. W., Dincelli, E. (2016): Got phished? Internet Security and Human Vulnerability, Journal of the Association of Information Systems (Accepted).
  • Goel, S., Williams, K. & Warkentin, M. “Is Implementing Information Security a Fool’s Errand? Understanding the Impact of Human Risk Perceptions on Security Policy Compliance.” Targeted for submission to Information Systems Research Journal. (W)
  • Dincelli, E., Goel, S. & Williams, K. “Impact of Culture on Security and Privacy Behavior of Social Media Users.” Targeted to Communications of the AIS. (W)
  • Goel, S., & Bush, S.F. (2005). Biological Models of Security in Computer Networks Based on Cellular Mechanisms. Accepted for publication 2005 in ;login: (J)
  • Goel, S., & Lessner, L. (2005). Epidemiological Models for Computer Virus Spread. Accepted in the Proceedings of the American Statistical Association Conference. (C)
  • Goel, S., & Bush, S.F. (December 2004). Biological Models of Security for Virus Propagation in Computer Networks. ;login:, 29(6), 49-56. (J)
  • Goel, S., & Bush, S. F., (2003). Kolmogorov Complexity Estimates for Detection of Viruses in Biologically Inspired Security Systems: A Comparison with Traditional Approaches. Complexity Journal 9(2), 54-73. (J)
  • Goel, S., & Bush, S. F., (2003). Kolmogorov Complexity Estimates for Detection of Viruses in Biologically Inspired Security Systems: A Comparison with Traditional Approaches. Complexity Journal 9(2), 54-73. (J)
  • Goel, S. & Chengalur-Smith, I-N. (2010, Dec.). Metrics for Characterizing the Form of Security Policies. Journal of Strategic Information Systems, 19(4), 281-295. (J)
  • Goel, S., Pon, D., & Menzies, J. (2006). Managing Information Security: Demystifying the Audit Process for Security Officers. Journal on Information Systems Security (JISSEC), 2(2), 25-45. (J)

Innovative Education and Pedagogy

PACET: With support from the National Institute of Standards and Technology (NIST), UAlbany will build the Partnership to Advance Cybersecurity Education and Training (PACET). An anchor institution for cybersecurity in New York’s Capital region, UAlbany will work with NIST and regional education and industry partners, to build clarified educational ladders, and workforce capacity regionally for a range of potential careers in cybersecurity, based on industry needs. Through PACET we will: 1) conduct a Regional Cybersecurity Workforce Assessment Survey; 2) map UAlbany’s, and regional educational partner’s cybersecurity educational and training course programs to the National Cybersecurity Workforce Framework; 3) develop CyberExplorers, a weeklong camp program in UAlbany’s Cyber Innovation Laboratory for High School students at Troy High School; 4) develop a regional Cybersecurity Stakeholders website; and 5) expand cybersecurity internship opportunities to qualified high school and college students.

CIRCUIT: With funding from the Economic Development Agency, UAlbany will build the Cybersecurity Innovation and Research Center for University-Industry Technologies (CIRCUIT), working with regional public sector and economic development partners to foster cybersecurity innovation, public-private partnerships, industry and job growth throughout New York’s Capital District. CIRCUIT’s goal is to build cybersecurity workforce capacity that is wide and inclusive, with diverse points of entry and paths to success. CIRCUIT’s targeted beneficiaries are: 1) cybersecurity researchers, with increased industry cohesion, and collaboration opportunities; 2) cybersecurity entrepreneurs and small businesses, with access to UAlbany’s entrepreneurial resources, and cyber innovation lab for product R&D; 3) information technology and cybersecurity students (2-year, 4-year and graduate) with increased regional internship, networking, and employment prospects; 2) high school and community college students, with increased access to cybersecurity curricula, internship opportunities, and an articulated pipeline to a 4-year cybersecurity University program.

Blackstone LaunchPad: In partnership with the Blackstone Charitable Foundation UAlbany is advancing a robust, integrated entrepreneurial ecosystem on campus and the local community to provide the mentoring, facilities, and services needed to turn ideas into new business ventures. Housed in Campus Center, UAlbany’s Launchpad provides the school’s 17,300 students with individualized mentoring, connections, seminars, training sessions and launch services for entrepreneurial ventures. Student teams participate in such LaunchPad events as campus-wide Business Plan Competitions, and the recent virtual “Solve A Campus Challenge.” Within UAlbany’s LaunchPad students gain remarkable personal and professional entrepreneurial support, and through the Blackstone LaunchPad Foundation they are linked, to ideas and best practices from across 21 campuses, with access to an international community of more than 500,000 peers and expert advisers.

Teaching Hospital: Cybersecurity and digital forensics educational research remains an ongoing, primary research stream for Professor Goel and his team. Initial work focused on the development of a “teaching hospital” model for information security education. The model abstracts real information security problems from industry and government into live cases for educating of university students and public-sector employees. The team has built strong partnerships with government and private organizations to ensure that a rich set of security assurance cases is constantly introduced into the hospital.

Flipped Classroom: With funding from the National Science Foundation, we developed a flipped classroom model for cybersecurity curriculum delivery, designed to improve outcomes, and retention of security students through early intervention. A consortium with six community colleges has been built; different options for providing cloud-based student laboratories for security and forensics and curriculum developed and benchmarked; and their effectiveness measured. This project provides accessibility to state-of-the art cybersecurity tools for community college students and programs, thereby increasing the talent pool for cybersecurity professions.

Related Publications

  • Goel, S., & Pon, D. (2005). An Innovative Model for Information Assurance Curriculum: A Teaching Hospital. Accepted for publication September 2005 in the ACM Journal on Educational Resources in Computing, Special Issue on Support for the Computer Security Curriculum. (J)
  • Goel, S., & Pon, D. (2005). Information Security Risk Analysis: A Pedagogic Model Based on a Teaching Hospital. Accepted for publication in N. Sarkar (Ed.), Tools for Teaching Computer Networking and Hardware Concepts. (B)
  • Goel, S., & Pon, D. (2005). An Innovative Model for Information Assurance Curriculum: A Teaching Hospital. Accepted for publication May 2005 in the Proceedings of the Information Resource Management Association (IRMA) International Conference, San Diego, CA. (C)

Forensics and Cyber Crime

Copyright and Media Piracy: Initial work in this research stream included an in-depth investigation of the impact of music sharing on media industry, including strategies and business models that the media industry may consider to respond to media piracy and better cater to changing customer tastes. Our team lead a project with the Nelson A. Rockefeller Institute of Government funded by NBC Universal to examine student behavior and perceptions in the context of unauthorized media downloading, which involves providing students with incentives to adopt legal channels for media downloads.

Network Forensics: This research involves analysis of data collected from different sources that will be weaved together to more accurately detect attacks (reduce false positives and negatives); data sources include file system configuration, network traffic, system calls in memory, and signature databases. Algorithms will be developed and then tested using our attack data repository.

Memory Forensics: Current Intrusion Detection techniques are inadequate since they are unable to detect and stop zero-day attacks or malicious code embedded in encrypted traffic. Currently, the signatures for detection of malicious activity are based on a single data vector (e.g. network data, memory analysis, etc.). Each vector by itself is a weak predictor of malicious behaviors. The proposed project will blend data streams collected at different levels (network, file system, and memory) and extract multiple evidence vectors that can counter-reinforce each other to improve the accuracy of existing IDS. The project will build a quarantined network and simulated usage environment to create a standardized tagged data set across a large number of attack vectors. The sensor fusion techniques developed will impact such other fields as medical fraud, accounting fraud, and money laundering, each of which have the problem of low signal-to-noise data. The datasets provided for researchers will help stimulate further cybersecurity research, particularly in relation to sensor fusion in intrusion detection.

Data Repository Data Repository For use by security researchers in improving detection abilities, and for comprehensive benchmarking results, we are working to develop data sets for malicious by launching simulated attacks in a quarantined environment. The infrastructure for attacks and data collection is being developed in our cyber innovation laboratory, where a team of students and researchers will deploy a comprehensive set of attack vectors and data collection protocols. The collected data will be sanitized and marked for use by other researchers in testing their detection algorithms.

Related Publications

  • Hong, Y., Vaidya, J., Lu, H., Karras, P., and Goel, S., (2014). Collaborative Search Log Sanitization: Toward Differential Privacy and Boosted Utility”, IEEE Transactions on Dependable and Secure Computing (TDSC), IEEE Computer Society.
  • Goel, S., Miesing, P., and Chandra U. (2010). The Impact of Illegal Peer-to-Peer File-Sharing on the Media Industry, California Management Review, 52(3), 6-33. (J)
  • Goel, S., Baykal, A., & Pon, D. (2006). Botnets: The Anatomy of a Case. Journal of Information Systems Security (JISSEC) 1(3), 45-60. (J)
  • Goel, S., & Baykal, A., & Pon, D. (2005). Botnets: The Anatomy of a Case. Accepted for publication in G. Dhillon (Ed.), Principles of IS Security: Text and Cases.
  • Baykal, A., Goel, S., & Pon, D. (2005). Botnets: the Anatomy of a Case. Accepted for publication March 2005 in the Proceedings of the 4th Annual Security Conference, Las Vegas, NV. (C)
  • Goel, S., Azoff, J. Network Forensics: Countering the Surge of the Network Based Attacks. (For submission to the Journal of Information Systems Security) (W)

Critical Infrastructure

Smart Grid/Microgrids: Microgrids have begun to develop cooperative models in integrating with the existing power grid or Smart Grid, to further improve the performance of global and local load management. However, such cooperation requires that they share sensitive local grid operational information, causing privacy risks and compromises; concerns that could hamper ongoing and increased participation. This project, Privacy Preserving Cooperation among Microgrids for Efficient Load Management, funded by the National Science Foundation, tackles the privacy concerns in such cooperation, and enables microgrids to efficiently manage their local loads while facilitating the main grid’s manipulation of the global load with limited disclosure. This project proposes a suite of novel privacy-preserving cooperative models or techniques, ensuring privacy protection with rigorous standards that will allow data to be collected and used in ways that were prohibitive earlier due to privacy issues, improving both operational efficiency and user acceptance.

Smart Grid Adoption and Conservation Behavioral Analysis: With funding from NYSERDA, we are studying the energy conserving behavior of consumers in the context of the Smart Grid. Conventional economic wisdom suggests that consumers will adjust their behavior when opportunities to save money are presented to them, however, a number of pilot studies testing demand-side responses to dynamic pricing have shown that the savings available to many consumers is not sufficient to induce significant changes in their consumption habits. Our research in this area focuses on examining other factors, which may play a role in shaping the way utility customers use electricity. We are investigating the influence of such factors as concern for the environment, concerns about national security, social learning, and competitive behavior over how much, when, and where consumers are using electricity. The aim is to use this information to develop usage feedback techniques that, in conjunction with smart metering technologies, would leverage these forces and influence consumers to embrace dynamic pricing and other emerging Smart Grid innovations.

Smart Grid and Privacy: To explore the evaluation paradigm of shared benefits vs. the forfeiture of personal information, we chose the adoption of smart metering technologies (SMT) by utility consumers. In this context, utility companies are able to monitor electricity usage and directly control consumers’ appliances to disable them during peak load conditions. Such information could reveal consumers’ habits and lifestyles, stimulating concerns about their privacy and the loss of control over their appliances. Our findings suggest that, although the shared benefit of avoiding disruptions in electricity supply (brownouts) is a significant factor in electricity consumers’ decisions to adopt SMT, concerns about information privacy are also factors. Our findings could provide utility companies with insights into the best ways to present SMT to alleviate consumers’ concerns and maximize its adoption.

Impact of Security and Terrorism on Financial Markets: This stream of research studies the financial impacts of security breaches incidents. The fundamental premise is that financial markets are efficient, and that any change to them reflects a fundamental impact to the economy. We investigated the impact of security breaches on the market valuation of the firms in the United States. Currently, we are extending the link between terrorist incidents and market valuations. This study transcends international boundaries, and future work is planned to examine how terrorism in one country can impact financial markets in another country.

Resilient Transportation: The traffic project implements principles of self-organization in traffic control. Instead of controlling traffic flow through a centralized system, the goal is to promote optimal behavior at the local level that, in turn, will cascade into system-wide optimization. Work in this area has been funded by the University Transportation Research Center Region II, NYSERDA, and the James S. McDonnell Foundation. We worked with the City of Albany’s Traffic Engineering Services to implement our self-organizing system onto several corridors in the City of Albany. The project is now in the implementation phase in Schenectady, New York, where we are experimenting with the use of surveillance cameras, in collaboration with Sensity Systems, for more accurate traffic counts in real-time.

Related Publications

  • Warkentin, M., Goel, S., Menard, P., (Fourth Round Review). I’ll Meter If You Do:
    Consumer Privacy Concerns Regarding Smart Metering Technology and Its Communal Benefits, Journal of the AIS.
  • Goel, S., Dinceli, E., Parker, A., Sprissler, E., Leveraging Advances in Sensors and Communication for Enabling Intelligent Algorithms in Legacy Signaling Hardware, Intelligent Transportation Magazine (First Round Review)
  • Goel, S., Bush, S.F., Ravindranathan, K., Signal Coordination among Neighboring Traffic Signals for Real-time Signal Synchronization and Minimizing Vehicle Delay Intelligent Transportation Magazine (First Round Review)
  • Goel, S. and Bush, S. F., Gershenson, C., “Survey of Self-Organizing Traffic Signal Control Techniques, Complexity Journal.
  • Warkentin, M., Goel, S. & Menard, P. “Consumer Acceptance of Smart Metering Technology.” Submitted to the Journal of the AIS. (W)
  • Goel, Sanjay (2015): Anonymity vs. Security: The Right Balance for the Smart Grid,” Communications of the Association for Information Systems, 36(2), Available online at
  • Hong, Y., Sanjay Goel and Wen Ming Liu, “An Efficient and Privacy Preserving Scheme for Energy Exchange among Smart Microgrids”, International Journal of Energy Research, Wiley, 2015.
  • Goel, S., Bush, S. F. & Bakken, D. (Eds.). (2013). IEEE Vision for Smart Grid Communications: 2030 and Beyond. IEEE Press, pp. 1-390. (B)
  • Goel, S., Talya, S., & Sobolewski, M. (2005). Service-Based P2P Overlay Network for Collaborative Problem Solving. Decision Support Systems. 45 (2), pp.
  • Goel, S., & Pon, D. (2005). Distribution of Patches within Vulnerable Systems: A Distributed Model. In the Proceedings of the 6th IEEE Information Assurance Workshop, USMA, West Point, NY. (C)
  • Goel, S. & Shawky, H. (2009). Estimating the Impact of Security Breaches on Stock Valuations of Firms, Information & Management, 46(7), 404–410.
  • Goel, S., Talya, S.S., & Sobolewski, M. (2005). Preliminary Design Using Distributed Service-Based Computing. Accepted for publication May 2005 in the Proceedings of the 12th ISPE International Conference on Concurrent Engineering: Research and Applications, Fort Worth/Dallas, TX. (C)
  • Goel, S., & Sobolewski, M. (December 2003). Trust and Security in Enterprise Grid Computing Environment, Proceedings of the IASTED Conference, New York City. (C)
  • Goel, S., & Gangolly, J. (August 2003). Model for Trust Among Peers in Electronic Multiparty Transactions, Proceedings of the AMCIS Conference. (C)
  • Rosenkrantz, D., Goel, S., Ravi, S.S., & Gangolly, J. (2005). Structure-Based Resilience Metrics for Service-Oriented Networks. Accepted for publication April 20-22 2005 in the Proceedings of the 5th European Dependable Computing Conference, Budapest, Hungary. (C)
  • Goel, S., Belardo, S., & Iwan, L. (2004). A Resilient Network that Can Operate Under Duress: To Support Communication between Government Agencies during Crisis Situations, Hawaii International Conference on System Sciences, HW. (C)
  • Sanjay Goel & Shobha Chengalur-Smith, An Innovative Approach to Security Policy Metric Development: A Foundation for Research in Security Policy Management, Soft-Wars December 11, 2005, Imperial Palace, Las Vegas, NV. (C)

Cyber Warfare

This research examines the emerging field of cyber warfare, the actors and motivations, as well as how to bridge the trust gap among nations. Nation states are increasingly building arsenals of hacking tools that are ostensibly meant for deterrence, but could also be used for offense. A key stumbling block in international cyber conflicts negotiations is the difficulty in attribution of cyber attacks. This research articulates the problem of the attribution of cyber attacks, and discusses its impact on verification of treaty compliance in cyberspace. Advanced digital forensics may help collect circumstantial evidence of attacks and provide reasonable attribution of the source of the attack and, thereby, further confidence building measures and verification of international agreements. We are working on a research agenda that can leverage techniques from information forensics and security to assist in the efforts of cyber warfare mitigation.

Related Publications:

  • Goel, S., (2011, Aug.). Cyber Warfare: Connecting the dots in cyber intelligence. Communications of the ACM, 54(8), 132-140.
  • Goel S., and Koslowski, R. (Cyber Warfare, the Problem of Attribution and Confidence Building Measures: Removing the Cloak of Anonymity through Digital Forensics, Planned for Journal of Digital Investigation.
  • Goel, S. (November 11-13, 2010). Privacy versus National Security: The Fight against Encrypted Communication. Proceedings of the 6th International Conference “Scientific Issues in Security and Combating Terrorism.” Lomonosov University, Moscow, Russia.