Carol Woody is a senior member of the CERT technical staff. Currently she is the technical lead of the cyber security engineering team, building capabilities in defining, acquiring, developing, measuring, managing, and sustaining secure software for highly complex networked systems as well as systems of systems. Her research is focused on ways to address software design and development that improve the security of the implemented results. She led research projects for the DoD that developed the Survivable Analysis Framework, an approach for analyzing the impact of operational and technology changes on the survivability of mission and business workflows in complex system of systems environments. She participated in the development of the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE®) methodology for applying good security practices through risk management. In addition she developed and piloted a version of OCTAVE for use in K-12 schools and school districts.
Woody has over 25 years of experience in software development and project management covering all aspects of software and systems planning, design, development, and implementation in large, complex organizations. Before coming to the SEI, she consulted for New York City as a strategic planner for the Administration of Children’s Services, addressing the financial technology needs of the $2 billion organization during the formulation of the agency and its transition through Y2K. She also managed the user testing for a timekeeping application purchased by NYC to handle 160,000 employees in over 100 agencies; activities included work force scheduling for police, fire, sanitation, and correction. Woody has a biographical citation in Who’s Who in American Women and Who’s Who in Finance and Industry. She is a member of IEEE, the ACM, and PMI.
Woody holds a BS in Mathematics from The College of William and Mary, an MBA with distinction from Wake Forest University, and a PhD in Information Systems from NOVA Southeastern University, where she was elected to Upsilon Phi Epsilon, the international honor society for computing and information disciplines.
Recent publications include an SEI technical note titled Eliciting and Analyzing Quality Requirements: Management Influences on Software Quality Requirements released in March 2005, “Securely Sustaining Software-Intensive Systems” published in the Cutter IT Journal January 2006, and “Considering Operational Security Risk during System Development” published in IEEE Security & Privacy January/February 2007.
Ellison, Robert & Woody, Carol. Survivability Analysis Framework (CMU/SEI-2010-TN-013). Software Engineering Institute, Carnegie Mellon University, 2010.
Ellison, R.; Goodenough, J.; Weinstock, C.; & Woody, C. Survivability Assurance for Systems of Systems (CMU/SEI-2008-TR-008). Software Engineering Institute, Carnegie Mellon University, 2008.
Ellison, Robert & Woody, Carol. Improving Software Assurance.