McCrary Institute for Cyber & Critical Infrastructure Security
Harnessing America’s cyber experts to safeguard our nation.
Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security seeks practical solutions to real-world problems, underpinned by research and scholarship. Founded in 2015 through a generous donation from the Alabama Power Foundation in honor of its retiring CEO and Auburn alumnus Charles D. McCrary, the Institute fuses theory with practice, and policy with technology, to protect and advance U.S. interests in the areas of cyber and critical infrastructure security.
The McCrary Institute is a nonpartisan think tank located at Auburn University, and is the leading group of public/private sector cyber experts providing unique end-to-end cyber capabilities from R&D, cybersecurity education/training, policy-relevant analysis, to future technology research.
As a top-tier research university, designated a Carnegie R1 institution, over 200 of Auburn’s on-campus faculty members conduct defense, cyber, and homeland security research for the Department of Defense, NASA, and other federal agencies.
Cyber Focus Podcast
In this episode of Cyber Focus, host Frank Cilluffo sits down with Phil Venables, Chief Information Security Officer for Google Cloud. They discuss Venables' work co-leading the President's Council of Advisors on Science and Technology's report on cyber-physical resilience, and its key recommendations including creating a national critical infrastructure observatory. The conversation also covers Google's focus on secure-by-design and secure-by-default, the implications of AI/generative AI for cybersecurity, and the evolving role of the CISO as more of a chief risk officer.
Main Topics Covered
President’s Council of Advisors on Science and Technology Report to the President on Strategy for Cyber-Physical Resilience
Creating a national critical infrastructure observatory
Secure by design and secure by default at Google
Implications of AI/generative AI for cybersecurity defenders
Evolution of the CISO role to be more like a chief risk officer
Current cyber threat landscape and basic defenses still needed
Public-private partnership between tech companies and government
Quotes
"It's not just about security, privacy, or compliance. It's about trust and safety… The bold but responsible use of AI." - Venables on ethical AI concerns
"We have much more heavily engaged with our government partners, not just here in the US, but around the world, because we recognize our position in supporting critical infrastructures." - Venables on Google's public-private partnerships.
"[Executives] also need to make sure that there's the resources in the ranks in their organizations to get security done." - Venables on executive support for security
"...implementing strong phishing resistant multi-factor authentication, keeping systems up to date, segmenting and all the basic hygiene...when you do it, you mitigate a whole bunch of risks." - Venables on basic cyber hygiene defenses
Resources
President’s Council of Advisors on Science and Technology report on cyber-physical systems - Press Release, Executive Summary, Full Report
Google's Secure AI Framework (SAIF)
Bio
Phil Venables is the Chief Information Security Officer for Google Cloud. Prior to Google, he spent 20 years at Goldman Sachs as CISO and Chief Operational Risk Officer, establishing the firm as a cybersecurity leader. Venables co-led the President's Council report on enhancing cyber-physical resilience of critical infrastructure, recommending a national infrastructure observatory. He has co-founded multiple financial sector cybersecurity initiatives and served on boards for NIST, NYU, NSA, and others. Widely recognized for his leadership, Venables has received the RSA Conference Award, FS-ISAC Critical Infrastructure Award, and other top honors. With over 25 years of cross-disciplinary experience across finance, technology and risk management, he brings a unique perspective to Google Cloud's security efforts.
In this episode of Cyber Focus Frank Cilluffo and Matt Hayden discuss the intricate challenges posed by cyber threats and the role of organizations like CISA in coordinating defense efforts. They discuss the influence of emerging technologies such as AI and quantum computing, the impact of emerging technologies on defenses, and the zero trust security model to enhance resilience.
Main Topics Covered
Critical infrastructure threats and vulnerabilities
Living off the land techniques used by attackers
Deterrence strategies and creating playbooks for different threat actors
Role of innovation and emerging technologies like AI, quantum, 5G/6G
Convergence of physical and cyber security
Zero trust security model
Importance of resilience in critical infrastructure
Quotes
"You come after a critical infrastructure within our domestic space, it points back to you. We're going to have a conversation you're not going to like." - Matt Hayden on deterring attacks on critical infrastructure.
"Resilience means you have the ability to re-stand up infrastructure service to really work with your network and your users to where you still have the ability to operate." - Matt Hayden defining resilience.
"We would have the traditional sanctions methods...but it wasn't something that really imposed cost. And so looking at that model now, there is the need for playbooks that are strategic for each bad actor." - Matt Hayden on needing tailored deterrence strategies.
“You're saying I'll let you get away with X? Yeah, but not Y… And as [the bad actors] get worse, the deterrent gets stronger. You have to gradient [deterrence].” - Matt Hayden on deterrence gradient.
“The strength of America is that people want to be here for all the challenges you have. People would rather live here than anywhere else.” - Matt Hayden on American innovation being a strength.
Resources Mentioned
National Security Memorandum 22
Bio
Matt Hayden is a cybersecurity executive with over 20 years of experience spanning both the public and private sectors. He currently serves as VP for Cyber and emerging technology at CyIQ, fostering industry partnerships and driving growth strategies. Previously, Hayden held senior leadership roles at DHS, including serving as the Assistant Secretary for Cyber, Infrastructure, Risk, and Resilience Policy. In this position, he led policy development efforts focused on reducing national risks to critical infrastructure cybersecurity, federal networks, and comparing cybercrime. Hayden also served as a senior advisor with DHS’s Cybersecurity and Infrastructure Security Agency and its Office of Partnership and Engagement. He is a Senior Fellow at the McCrary Institute.
Flashpoint CEO Josh Lefkowitz joins us for a fascinating talk about how 9/11 changed the trajectory of his career, the impact of Telegram worldwide and how A.I. is making human analysts better.
Listen: Episode 18Recent News
Applied Research, Development, & Commercialization
The McCrary Institute’s experts work to safeguard America as an applied research, development, and commercialization partner supporting government, military, national labs and industry clients. We focus our work on critical infrastructure sectors including energy & water, space & defense, transportation, rural industries, and more. By leveraging a world class Southeast Cybersecurity Operations Center and classified labs, we help solve some of America’s greatest threats and challenges.
Research Focus