Ron Thompson

Ph.D Candidate, Tufts Security & Privacy Lab

rthomp06 [at] cs [dot] tufts [dot] edu | JCC 364A

Want to send an encrypted message? My public key can be found here.

My research focuses on the intersection of security, critical infastructure IT/OT networks, and human factors. I am particularly interested in how we, as the security community, can provide a secure environment to operators so that they can focus on the work that they need to do. When I worked on Wall St, I was investing in healthcare companies that underwent security incidents. As I observed this, the cogs in my head started to turn. Why is securing these types of systems difficult? What are the underpinning questions that impede this?

My goal is to develop technology and data-driven processes & tools that protect critical systems, and to ease the security burdens faced by IT/InfoSec and OT teams, to focus on what they are experts on rather than worry about security.


In a prior life

Before Tufts, I wore several different hats in a variety of industries. I've spent the past decade working in various positions related to behavioral science. I have experience in capital markets, defense, and politics. Some highlights include: co-founding a startup that developed technology augmenting situational awareness for Army Special Forces, studying portfolio manager behavior at a prominent hedge fund (before joining a portfolio team), helping political campaigns with digital analytics, and coordinating the cybersecurity for a presidential campaign. I went to university with the impression that politics was like the West Wing and I wanted to be Josh Lyman . The reality was more like Veep, and I ended up as a junior Kent Davison. My undergraduate degree was in Government from Georgetown, where I focused on financial securitization regulation such as Dodd-Frank and the EU Capital Requirements Directives. If you want to learn more about my professional life, feel free to check out my LinkedIn.


What I'm currently working on

Investigating Cybersecurity and Privacy Challenges in Healthcare . I'm the primary author working with Ben Altshuler (Tufts), and Dan Votipka (Advisor).

Threat Modeling in Open-Source Software Security . I'm the second author working with Carson Powers (Tufts), Harjot Kaur (CISPA), Sascha Fahl (CISPA), and Dan Votipka (Advisor).

Vulnerability Assessment for CVEs affecting Industrial Control Systems. I'm the primary author working with Luke Boshar (Tufts), Eugene Vasserman (KSU), Pranshu Bansal (Northeastern), and Dan Votipka (Advisor).

Publications

Ronald Thompson, Madeline McLaughlin, Carson Powers, and Dan Votipka. 2024. "There are rabbit holes I want to go down that I'm not allowed to go down": An Investigation of Security Expert Threat Modeling Practices for Medical Devices. USENIX Security. (19% Acceptance Rate). Paper


Posters

Ronald Thompson, Santana Koring'ura, Marshini Chetty, and Daniel Votipka. 2022. A Comparison of Account-Focused and Content-Focused Warnings on User Trust of Twitter Content. SOUPS. Poster.


Fellowships

Fellowship for Medical Device Usable Security Research. MedCrypt. Awarded May 2023.


INVITED TALKS

This Must Be Secure: Barriers to Cyber-Secure in Critical infastructure. Emerging Scholars Program, Tufts University. April 2024, December 2023, April 2023, December 2022.

Threat Modeling Workshop. CyberMed Summit. November 2022. Event Website.

Ransomware & Hospitals: What cybersecurity incidents mean for patient care. Health Care Ethics, Georgetown University. July 2022.

Medical Device Threat Modeling. Healthcare Sector Coordinating Council. January 2022. Recording.


GUEST LECTURES

Medical Device (in)Security. CS 151: Privacy, Security, and Data. Tufts University. Fall 2022.

This Must Be Secure: Barriers to Cyber-Secure and Cyber-Safe in Healthcare. EE 193: Embedded Medical Devices. Tufts University. Fall 2023.

Introduction to Threat Modeling. CS 151: Privacy, Security, and Data. Tufts University. Fall 2022.


NOTE: I've given presentations and trainings at several medical device manufacturers previously and always love to speak with practioners. If you're interested in chatting please reach out!


Collaborations

MedCrypt [Ongoing]


Industry Publications

59 Percent Likely Hostile. Daniel Eichler and Ronald Thompson. War on the Rocks 2020. Link.


Press Mentions

Medical device companies now need to prove to FDA they're protected against cyberattacks. STAT. March 2023.


Industry Experience

Intern, External Consultant. MedCrypt. 2021 - 2023.

Founder and CEO. Groundwatch. 2020 - 2021.

Independent Consulting, mainly Data Engineering and DevOps. 2019 - 2021.

External Consultant, Data Strategy, Healthcare Portfolio Research Analyst. Point72 Asset Management. 2016 - 2019.

Digital Analytics Director, Cybersecurity Lead, Data Director for South Carolina (served in all three positions simultaneously). Jeb! 2016. 2015 - 2016.

Rapid Prototype Application Developer. Booz Allen Hamilton. 2015.

Data Engineer and SysAdmin. 0ptimus Consulting. 2014 - 2015.


Teaching Assistant

CS 114: Network Security. Tufts University. Spring 2024. Lectured on Wireless Security - Slides.

CS 151: Privacy, Security, and Data. Tufts University. Fall 2022. Lectured on SQL - Slides.