Professor · Cybersecurity Expert · Public Scholar

Cybersecurity research, education, consulting, and public engagement.

About

Biography

Dr. Richard Forno is a teaching professor in the UMBC Department of Computer Science and Electrical Engineering, where he directs the UMBC Graduate Cybersecurity Program and serves as the Associate Director of UMBC’s Cybersecurity Institute. Prior to academia, his career in operational cybersecurity spanned both technical and management roles, including helping build a formal cybersecurity program for the US House of Representatives, serving as the first Chief Security Officer for Network Solutions (then, the global center of the internet DNS system), and other assorted roles with the government, military/defense entities, and Fortune 500 companies. Dr. Forno holds degrees in international relations from American University and Salve Regina University, and is a graduate of Valley Forge Military College and the United States Naval War College. His doctoral research at Curtin University of Technology explored the complex nature of vulnerability disclosure and security informatics and risk communication.

A more detailed biography is here, and full CV is available by request.

Current Roles & affiliations, and activities

Research and Professional Expertise

Cybersecurity

Analysis of technical risks, cybersecurity threats, national/international cyber strategy, information-sharing, and operational challenges for the public and private sectors.

Information Operations

Information-age conflict, influence campaigns, cognitive threats, and the intersection of propaganda and technology in the digital age.

Resilience & Civil Liberties

Privacy, surveillance, data sovereignty, and the impact of technology (including DRM, AI, mobile, and cloud) on individual/corporate autonomy and democratic society.

Cybersecurity education

National and international cybersecurity curriculum development, student competitions, and workforce pipeline initiatives.

Risk Communication

Improving how technical risks are presented to policymakers, journalists, executives, and the general public, especially during incidents — bridging expertise and public understanding.

Consulting & Advising

Available for advisory engagements on these arease (and more) for national and international organizations and institutions.

Contact directly for details.

Selected talks & testimony

Selected Keynotes
  • 2024 "Cybersecurity Across Borders: Preparing The Next Generation." CYBERHACKDAYS '24, West University of Timișoara, Romania.
  • 2023 "Future Cybersecurity: Hybrid Threats Require Balanced Preparation", Universidad Autónoma del Estado de Hidalgo, Mexico.
  • 2018 "Thinking Differently — And Beyond – Cyber." 13th International Conference on Cyber Warfare and Cybersecurity (ICCWS), Washington, DC.
  • 2016 "The Chaos of Context: Presentation, Perception, and Agency." ACM SIGDOC 2016, Washington, DC.
  • 2015 Closing Panelist, “Get Off My Lawn: Examining Change through the Eyes of The Old Guard” at Schmoocon 2015, Washington, DC.
  • 2006 "Cybersecurity Trends & Tribulations." AUSCERT '06, Brisbane, Australia.
  • 2006 "Cybersecurity: The Emperor Has No Clothes and I Feel A Draft!” Northern Ohio Technological Advancement Conference (NOTACON) Cleveland, OH.
  • 2004 Information Security World, Sydney, Australia.
Selected Government Testimony and Presentations
  • 2025 Presentation: "Salt Typhoon's Impact" to the Federal CIO Council’s Federal Mobility Group.
  • 2022 Plenary Panelist, US-Romania Cybersecurity Partnership, Washington, DC.
  • 2021 Written testimony to the Maryland Senate Economic Matters Committee on the Right to Repair legislation (co-signed with Dr. Avi Rubin, JHU).
  • 2019 Written and oral testimony before Maryland's Joint Committee on Cybersecurity, Information Technology, and Biotechnology on state cybersecurity preparedness.
  • 2017 Presentation: “Growing and Sustaining Talent to Cultivate the Future Workforce” at the 2017 Intelligence Community (IC) STEM Recruitment Summit.
  • 2011 Panelist, "Hacktivism, Vigilantism, & Collective Action in a Digital Age." Brookings Institution, Washington, DC.
  • 2008 “Quantifying Cybersecurity Disclosure” at Sandia National Labs Counterterrorism & Security Conference, Albuquerque, NM.
  • 2004 “Cybersecurity Challenges in a Post-9/11 World” at the DOD Defense Technical Information Center Annual Conference, Alexandria, VA.
Selected academic presentations
  • 2025 "DOGE's Impact on Federal Cybersecurity." UMBC CyberDefense Lab, Baltimore, MD.
  • 2020 "Cyberwarfare: Then and Now." University of Delaware.
  • 2019 "Communicating Risk Across Audiences." SIGDOC '19, ACM International Conference on Design of Communication, Portland, OR.
  • 2015 "Realistically Imaging the Internet." AOIR Digital Imaginaries, Phoenix, AZ.
  • 2015 Panelist, "Is There A Meaningful Solution for Security Disclosure?" Computers, Freedom, and Privacy, Alexandria, VA.
Selected Other Presentations
  • 2023 "Incident Response Beyond the Bits." TalTech University, Tallinn, Estonia.
  • 2019 "Cybersecurity Challenges for Corporate Boards", American Association of Corporate Directors Conference, Washington, DC.
  • 2016 "Crypto, Security, and Policy: Grey Areas, Meta-Issues and More." InternetNZ, Wellington, New Zealand.
  • 2003 "Cybersecurity and Commercial Aviation in a Post-9/11 World” at the IATA AVSEC ’03 Conference, Athens, Greece
  • 2003 "Cybersecurity, Cryptography and Cyberwarfare." Agência Brasileira de Inteligência, Brasilia (US State Dept.-sponsored).

Media & public outreach

Media presence

Since 1996, Dr. Forno has been a guest of and/or regularly quoted in nearly every form of media, including television, radio, print, and online outlets. He is a go-to source for journalists covering cybersecurity, privacy, technology risks, and policy.

His public outreach is guided by a commitment to understandability across audiences and experience levels to deliver common sense analysis, actionable guidance, and outside-the-box perspectives.

Topics for media comment include
  • Cybersecurity
  • Cyberwarfare and information operations
  • Privacy, digital rights, and online civil liberties
  • Hybrid threats and national security
  • Analysis of current/breaking cyber-related events and trends
Media inquiries

Journalists and producers may contact Dr. Forno directly via email or Signal. He is available for rapid-response analysis on breaking news in cybersecurity and technology policy.

Analysis Often Appears Here...

Selected grants

  • 2025 CoPI, “Jump Over that Mole – Reverse Engineering for Malware Analysis” (Army Research Lab) $25K
  • 2021-2035 Sr Personnel, "EAGER SaTC-EDU: Artificial Intelligence and Cybersecurity: From Research to the Classroom Grant" (NSF) Approx $220K
  • 2012-2025 CoPI, UMBC SFS CyberCorps and related research (NSF) Approx $10M
  • 2012-2015 PI, Maryland Cyber Challenge (National Security Agency) Approx $400K
Grant focus areas

Much of my grant activity has focused on cybersecurity education, student competition programs, cyber workforce development, advancing interscholastic cyber challenges in the Maryland region, and exploring the intersection of AI+cybersecurity.

Funding sources include the NSF, ARL, NSA, and private companies.

Selected Publications

Books and Contributions
  • Cybersecurity and Local Government (Wiley, 2022) with Donald Norris and Laura Mateczun
  • “Political Realism and the Internet: New Networks of Power” (pp 528-539) in The Edinburgh Companion to Political Realism (2018), Robert Schuett and Miles Hollingworth (eds.) Edinburgh University Press.
  • “The persuasion of perception: Internet narratives in the public consciousness.” (2017) Proceedings of the 35th ACM International Conference on the Design of Communication.
  • Incident Response (O'Reilly, 2021) with Ken van Wyk
Other Interesting Works
  • “Hack, Play, Win: Lessons Learned Running The Maryland Cyber Challenge” (2015) USENIX ;login; Journal of the Advanced Computing Systems Association (Vol. 40 (6))
  • Contributor, CERT/CC Advisory 2000-01 (“Denial of Service Developments”) Software Engineering Institute.
  • Contributor, CERT/CC Advisory 1999-17 (“Denial of Service Tools”) Software Engineering Institute CERT/CC.
  • Contributor, CERT/CC “Results of the Distributed Systems Intruder Tools Workshop.” Software Engineering Institute CERT/CC. (This was the first significant analysis of DDOS attack techniques.)

Contact

Get in touch

For consulting, speaking invitations, media requests, or research collaboration, please send an email with a brief description of your project, need, or question. For academic matters, students must contact me at my UMBC email found in the UMBC Directory

Current GPG Key

For students

Important information for students can be found here.

For academic matters, students *must* contact me at my UMBC email found in the UMBC Directory. Student emails sent through this site will be ignored.