Welcome to my personal publications repository. This project serves as an archive of papers, articles, slide decks, and open-source tools I have authored, co-authored, or contributed to since 1998.
My work spans several areas of information security, with a strong focus on Industrial Control Systems (ICS/SCADA) Security, Vulnerability Discovery, Protocol Security, and Agentic Security Operations.
Also see my blogs over the years: at blog.mdfranz.com medium.com/@mdfranz and substack and seclectech.wordpress.com
- Agentic Security Operations (2026): Currently researching the intersection of Generative AI, LLMs, and autonomous agents in modern cyber defense and incident response.
- SCADA & ICS Protocol Security (2003–2006): Pioneered early research on industrial protocols (Modbus, ICCP), threat modeling via attack trees, and co-developed the initial Nessus SCADA assessment plugins in partnership with Tenable.
- Trinux (1998): Developed and launched the first security-oriented Linux distribution, pioneering the concept of ramdisk-based live security environments (precursor to modern toolsets like Kali Linux).
- Leveraging AI for Advanced Cyber Defense — Panel presentation at Tech in Motion. Watch the video.
- Agentic Security Operations: Machine Speed Response and the Fog of Cyberwar — Comprehensive references on autonomous security operations. Download Slides (PDF).
- Beyond the Burner: Practical Digital Security & Privacy for Organizers — Maryland Indivisible Convening presentation on personal/organizational security.
- Cloud Native Infrastructure with Azure: Building and Managing Cloud Native Applications — Co-authored chapter and developer exercises on cloud messaging systems.
- Hiring on Pragmatic Ops Weekly Podcast — Interview on recruiting and hiring practices for operations teams.
- Bringing DevSecOps to ICS — Video presentation on applying DevSecOps paradigms to Industrial Control Systems and the 2017 S4
- Digital Bond Podcast on DoD Smart Grid Deployments — Discussion with Gerry Gallagher on smart grid security in military installations.
- Advanced Metering Implementations: Addressing Security in DoD Applications — Co-authored paper with Pete Virag.
- A Maze of Tiny Fuzzers All Alike — Presentation on vulnerability discovery at the CERT Vulnerability Disclosure Workshop. View SEI Library Link.
- RSA Panel Session on Smart Meter Security — Panel on smart grid vulnerabilities covered by Wired Magazine.
- Final Exam for CIS170 (Security Fundamentals) — Prepared for Frederick Community College.
- Cisco OSI Stack Vulnerability — Vulnerability discovery and disclosure (VU#145825).
- OPC Security Whitepaper — Sponsored research deliverable on OPC protocol security (available via Digital Bond subscriber portal).
- ICCP Exposed — Conference paper and presentation on ICCP and OSI protocol security at the inaugural S4 Conference.
- Tenable SCADA Plugins — Co-developed early SCADA vulnerability detection plugins for Nessus in partnership with Tenable.
- LiveData ICCP Heap Overflow — Vulnerability discovery and disclosure (VU#190617).
- A Rough Start of a Toolset for Assessing J2EE Apps — Presented at the Austin OWASP Chapter Meeting.
- The Challenge of an Open Source Testing Framework for Control Systems — Presented at the Process Control Security Requirements Forum (PCSF).
- SCADA Vulnerability Discovery and Disclosure — Presentation at PCSF Spring 2006. Also covered by The Register and SecurityFocus.
- The Use of Attack Trees in Assessing SCADA Protocols — Early research on SCADA threat modeling (co-authored with Eric Byres and Darrin Miller).
- Uncovering Cyber Flaws — Article on vulnerability assessment methodology.
- ModbusFW: Deep Packet Inspection for Industrial Ethernet — Whitepaper presented at the National Infrastructure Security Co-ordination Centre (NISCC).
- Protocol Implementation Testing: Challenges & Opportunities — Whitepaper presented at the NISCC.
- ISA SP99 Panel — Industry panel discussing manufacturing control systems security standards.
- Separating Fact from FUD: BGP Vulnerability Testing — Presented at BlackHat USA and NANOG. Watch the recording on YouTube (note: low-quality audio/video).
- Vulnerability Testing of Industrial Network Devices — Early work on testing control system protocols.
- Integrating IT and Control System Security: A Vendor-Researcher Perspective — Whitepaper exploring convergence challenges in IT and OT.
- Industrial Ethernet Security: Threats and Countermeasures — Research paper co-authored with Darrin Miller (Cisco Systems).
- Secure IT with Linux (InfoWorld) — Trinux was profiled as a leading open-source security tool.
- How Secure is Secure: Threat-Oriented Product Testing — Presented at CanSecWest '01.
- SANS Institute Trinux Whitepaper — Independent review of Trinux published by the SANS Reading Room.
- Trinux: The Original Security-Oriented Linux Distribution — Launched Trinux, the first diskette-based, ramdisk-only Linux distribution designed specifically for network security monitoring and vulnerability scanning.
