Carol Woody is a senior member of the CERT technical staff. Her research is focused on ways to address software design and development that improve the security of the implemented results. She is leading two research projects for the DoDo that are developing and validating the Survivable Analysis Framework.

Woody is a member of the Survivable Enterprise Management team in the CERT Program. She participated in the development of the Operationally Critical Threat, Asset, Vulnerability Evaluation (OCTAVE®) methodology for applying good security practices through risk management. In addition she developed and piloted a version of OCTAVE for use in K-12 schools and school districts.

Woody has over 25 years of experience in software development and project management covering all aspects of software and systems planning, design, development, and implementation in large complex organizations. Before coming to the SEI, she consulted for New York City as a strategic planner for the Administration of Children’s Services addressing the financial technology needs of the $2 billion organization during the formulation of the agency and its transition through Y2K. She also managed the user testing for a timekeeping application purchased by NYC to handle 160,000 employees in over 100 agencies; activities included work force scheduling for police, fire, sanitation, and correction. Woody has a biographical citation in Who’s Who in American Women and Who’s Who in Finance and Industry. She is a member of IEEE, the ACM, and PMI.

Woody holds a BS in Mathematics from The College of William and Mary, an MBA with distinction from Wake Forest University, and a PhD in Information Systems from NOVA Southeastern University where she was elected to Upsilon Phi Epsilon, the international honor society for computing and information disciplines.

links

• CERT/CC research