Research & Practices:
Dr. Yogesh Malhotra: RESEARCH: Wall Street Quant: Big-3 Finance-IT Leader: Research Impact among Nobel Laureates: Princeton Quant Trading Presentations: Ventures: Honors: [AI, Algorithms & Machine Learning] [Computational Quant Finance & Trading] [CyberSecurity Risk Engineering] [Digital Transformation Pioneer] [FinTech: 'Rethinking Finance']: Research Impact Beyond 'Prediction' Future of Finance Beyond VaR Model Risk Management Future of Risk Cyber Risk SSRN Google Scholar Publications Projects Goldman Sachs JP Morgan Wall Street Hedge Funds Princeton Presentations Model Risk Arbitrage Cyber Finance Cyber Risk Insurance Quantum Crypto Bayesian vs. VaR Markov Chain Monte Carlo Wireless Mobile Trust Models VoIP Pen Testing Frameworks Bitcoin Cryptanalytics NFS Cryptanalytics Algorithms
Dr. Yogesh Malhotra: Future of Risk (FutureOfFinance.org) Venture Spans Wall Street & Hi-Tech Quant Research.
"Almost all risks characterizing today's information-based financial products and services, financial markets, financial exchanges, financial currencies, and financial economies are however first and foremost Information risks and Cyber risks. Such Information risks and Cyber risks may not only escalate traditional risks but may also subsume traditional financial risks as brick-and-mortar institutions such as NYSE 'trading floors' become 'museums of financial history'."
-- Dr. Yogesh Malhotra on the launch of Griffiss Cyberspace (2013-2015), Summer 2013, Rome, NY
"Unlike other risks, Cyber Risk poses a uniquely different set of exposures as it is intertwined with the medium and the message in the increasingly digital world of networked communications... "
- Dr. Yogesh Malhotra, January 19, 2015, in the Risk Futures Report of the The Future of Finance (FutureOfFinance.org) venture:
A Report on the Future of Finance, Future of Risk, and Future of Quant: ‘Knight Reconsidered’: Risk, Uncertainty, and, Profit for the Cyber Era
- Projects: Cybersecurity, Financial Protocols & Networks Protocols Analysis, and, Penetration Testing
- Reports: Quantitative Computational Finance-Risk Modeling & Risk Management Research Papers
- Venture: Griffiss Cyberspace Cybersecurity Venture Aims to Span Wall Street and Hi-Tech Research
To guide the global practices of Cyber Risk and Cyber Risk Assessment, Dr. Yogesh Malhotra's post-doctoral research guided by the advisory committee of Distinguished Computer Scientists, Mathematicians, &, Physicists affiliated with AFRL and NYS-CRI defines the risk as well as the means for measuring progress by combining ways and means to achieve defined ends.
Access here: Model Risk Management of Cyber Insurance Models Using Quantitative Finance and Advanced Analytics: Risk, Uncertainty, and Profit for the Cyber Era
by Dr. Yogesh Malhotra.
CISOs must first define the risk, cybersecurity analyst tells Congress
"To combat continued and growing threats, cybersecurity officials should utilize a two-step process, said a network security firm executive speaking before Congress."
"Step one is to define the risk, and step two is to measure progress by combining ways and means to achieve defined ends," Richard Bejtlich, chief security strategist at FireEye, told the House Energy and Commerce subcommittee on oversight and investigations March 3. "This is exactly the role of strategic thinking, meaning the application of strategies, campaigns, tactics and tools to achieve organizational goals."
-- FierceGovernmentIT, March 5, 2015
"[The] scale and breadth of the attacks — and the lack of clarity about the hackers’ identity or motive — show not only the vulnerability of the most heavily fortified American financial institutions but also the difficulty, despite billions of dollars spent in detection technology, in finding the sources of attack... The data breach at JPMorgan Chase was among “the most troubling breaches ever,” [Illinois Attorney General] said, adding that it proved “there is probably no database that cybercriminals cannot compromise.”"
-- [President] Obama Had Security Fears on JPMorgan Data Breach, New York Times, Wednesday, 8 Oct, 2014 | 2:08 PM.
"In our existing environment and at our company, cybersecurity attacks are becoming increasingly complex and more dangerous," Dimon said. "The threats are coming in not just from computer hackers ... but also from highly coordinated external attacks both directly and via third-party systems."
-- Jamie Dimon, Chairman & CEO, JP Morgan Chase & Co., JPMorgan cyberattack hits 76M households, CNBC, Friday, 3 Oct 2014 | 1:51 AM ET.
"When it comes to security, the best defense is offense; you need to test the effectiveness of your own security practices before a real intruder does it for you...The best defense against network vulnerabilities is a great proactive offense. You must test your networks and systems before someone else does."
How to Do It:
- Risk Management Framework for Stress Testing Banking Network Protocols
- Markov Chain Monte Carlo Models for High-Dimension Complex Stochastics
- Tools and Techniques for Penetration Testing and Ethical Hacking
"This is going to be a big deal and there will be a lot of battles... We need a lot of help."
-- Jamie Dimon, Chairman & CEO, JP Morgan Chase & Co., Dimon Calls for Help on Cyberattacks, New York Times , Friday, 10 Oct 2014 | 3:22 PM.
Benjamin Lawsky, superintendent of the New York Department of Financial Services, said that cyberterrorism is the most significant issue that DFS will work on in the next year, saying the possibility of an “armageddon-like” cyberattack is one of his primary concerns as a financial regulator. “I worry that we’re going to have some sort of major cyber-event in the financial system that’s going to cause us all to shudder,” Lawsky said... "We like to say that to some extent the failures to detect the 9/11 plot were a failure of imagination and communication," he said. "I'm worried about the same thing here—that an event will happen and we'll look back and say, 'How did we not do more?'
-- NY regulator warns against looming cyber 9/11, CNBC, Sep 22 , 2014 12:47 p.m. ET.
"Treasury Secretary Jacob Lew is calling for financial firms to do more to combat cybersecurity threats..."Far too many hedge funds, asset managers, insurance providers, exchanges, financial market utilities, and banks should and could be doing more,"... attacks on the US financial sector can come from a myriad of sources, including state sponsored groups, cyber criminals, politically motivated hackers and others. No matter the source... a successful attack on the US financial system "would compromise market confidence, jeopardize the integrity of data, and pose a threat to financial stability."
-- Treasury Secretary Calls for Better Cybersecurity at Financial Firms - Jacob Lew Says Successful Attacks 'Would Compromise Market Confidence', The Wall Street Journal, July 15, 2014 6:54 p.m. ET.
"Based on available evidence, it is not improbable that the current officially "recommended" most widely used global standard of encryption (RSA-1024) may have already been compromised."
-- Dr. Yogesh Malhotra in Number Field Sieve Cryptanalysis Algorithms for Most Efficient Prime Factorization on Composites presentation 15 miles from the Air Force Research Lab, May 1, 2013.
Malhotra, Y. Cryptology beyond Shannon’s Information Theory: Preparing for When the ‘Enemy Knows the System’ with Technical Focus on Number Field Sieve Cryptanalysis Algorithms for Most Efficient Prime Factorization on Composites, Published by the Global Risk Management Network, LLC, May 3, 2013.
'Changes to our SSL Certificates', Thursday, May 23, 2013 8:00 AM, Posted by Google Stephen McHenry, Director of Information Security Engineering: "This encryption needs to be updated at times to make it even stronger, so this year our SSL services will undergo a series of certificate upgrades—specifically, all of our SSL certificates will be upgraded [from RSA-1024] to 2048-bit keys by the end of 2013. We will begin switching to the new 2048-bit certificates on August 1st..."
"Google just announced that its HTTPS web pages will be ditching 1024-bit RSA keys in favour of 2048 bits." - Anatomy of a change - Google announces it will double its SSL key sizes, nakedsecurity, May 27, 2013.
"Operational risks stemming from breakdowns attributed to people, process and technology have become increasingly apparent in banking over the years. "
- U.S. Banks’ Model Risk Worse than Ever, Thanks to Basel III, American Banker, July 11, 2013.
"Hackers and other cybercriminals pose as grave a threat to the financial system as the recent financial crisis if banks and government officials don't mount an effective response, a top U.S. official warned Wednesday. The growing sophistication of cyberattacks spawned by criminal organizations, hackers and other foreign governments could pose a systemic risk to the financial system, Comptroller of the Currency Thomas Curry said in a speech in Washington. "The financial-services industry is one of the more attractive targets for cyberattacks, and, unfortunately, the threat is growing," Mr. Curry said. "
- U.S. Official Warns on Threat to Banks From Cyberattacks: Comptroller of Currency Says Systemic Threats are Growing, Wall Street Journal, September 18, 2013.
"On Sept. 18, the Federal Reserve shocked the financial world with its decision not to scale back its level of support to the economy as most market participants expected... By one estimate, as much as $600 million in assets changed hands in the milliseconds before most other traders in Chicago could learn of the Fed's September surprise... The precise timing of the release is crucial because information can only travel as fast as the speed of light... like a Fed decision—released in Washington takes as much as 7 milliseconds to travel to Chicago, where futures and other assets are traded. And because high-speed trading firms are now able to execute trades at the millisecond level, there is a brief window of time in which information can be publicly available in Washington but is still traveling to Chicago, where computers won't receive it until milliseconds later." - Some traders got 'no taper' decision news earlier, CNBC, 24 Sep 2013.
"On Monday afternoon, seven New York State senators gathered at the Griffiss Institute for a cyber security hearing. The hearing, entitled Defending New York from cyber attacks covered various topics within the cyber security spectrum. There are six subcommittees under the cyber security topic: Banking, Veterans, Homeleand Security & Military Affair, Insurance, Commerce, Economic Development & Small Business, Crime VIctims, Crime & Correction, Select Committee on Science, Technology, Incubation & Entrepreneurship."
- Cyber security conference held On Griffiss, Rome Observer, Monday, November 18, 2013.
"There are many definitions of knowledge management. It has been described as "a systematic process for capturing and communicating knowledge people can use." Others have said it is "understanding what your knowledge assets are and how to profit from them." Or the flip side of that: "to obsolete what you know before others obsolete it." (Malhotra) "
- U.S. Department of Defense
Office of the Under Secretary of Defense (Comptroller)
"We are observing diminishing credibility of information technologists. A key reason for this is an urgent need to understand how technologies, people and processes together combine to influence enterprise performance. - Yogesh Malhotra, Journal of Knowledge Management"
- United States Air Force Research Lab CIO Col. Tom Hamilton
in presentation to the Armed Forces Communications Electronics Association titled 'Enterprise IT Solutions Are Tough But They're Tougher If You're Stupid'.
"KM is obsoleting what you know before others obsolete it and profit by creating the challenges and opportunities others haven't even thought about -- Dr. Yogesh Malhotra in Inc. Technology "
- U.S. Defense Information Systems Agency Interoperability Directorate.
Griffiss Cyberspace (GriffissCyberspace.com) Cybersecurity Venture Aims to Span Wall Street and Hi-Tech Research:
World-Leading Thought Leadership of Global Defense Bearing on Global Finance Cybersecurity
Griffiss Cyberspace, our latest Cyber Risk Management venture in the Griffiss Air Force Base area of Rome, New York, advances our global CxO leadership renowned for pioneering U.S. and worldwide risk practices in IT and Cyber Risk Management. It aims to connect the dots between Wall Street quantitative finance and quantitative risk modeling research and practices and latest generation computational and mathematical research and practices in cybersecurity and cyber risk management of critical national information infrastructures (NII). Its socioeconomic objective is to contribute to the regional economic development of Central New York and advancement of cybersecurity and cyber risk management practices related to global banking and financial systems and other critical NII.
Our prior research followed by the nation's top signals intelligence (SIGINT) expert agencies NSA and CIA, such as the computer science journal Expert Systems with Applications top-ranked paper on Cyber risk management human and machine learning expert systems & AI (2001), advanced upon Shannon's Information Theory. Inspired by our communication with the Genetic Algorithms pioneer Dr. John Holland (1995) at the Santa Fe Institute at the time, it anticipated and addressed many questions raised about quantitative computational models in the aftermath of the 2008-2009 Global Financial Crisis more than a decade ahead of time. Our recent Cryptanalysis research focus on Number Field Sieve Cryptanalysis Algorithms for Prime Factorization on Composites proposed next generation robust encryption standards by advancing Non-Deterministic reformulations of both Kerckhoffs's principle and Shannon's maxim underlying modern encryption standards and technologies.
Our two-decade-long Cyber Risk Management applied research and global practice ventures also produced and published one of the most influential seminal research papers on the US National Information Infrastructure (NII) in 1995 used as a most recommended resource by worldwide and UN Economists, Statisticians, and Policymakers and top programs such as the University of California Berkeley.
US Office of the Comptroller of the Currency recently underscored Cybersecurity as ‘Fastest-Growing Risk to Banks’ that must be accounted for like other Financial Risks such as Credit Risk or Market Risk (see, for example: "OCC Sees Cybersecurity as Fastest-Growing Risk to Banks", American Banker, June 18, 2013). The growing sophistication of cyberattacks could pose a systemic risk to the financial system, Comptroller of the Currency Thomas Curry noted in his subsequent speech, observing that the "financial-services industry is one of the more attractive targets for cyberattacks, and, unfortunately, the threat is growing." (see, for example 'U.S. Official Warns on Threat to Banks From Cyberattacks: Comptroller of Currency Says Systemic Threats are Growing', Wall Street Journal, September 18, 2013.)
Reflecting on OCC's remark that the specific cyberattack and cybersecurity related risks represent 'operational risks', it seems important to update our perspectives characterizing financial risks in traditional terms such as Credit Risks, Market Risks, Operational Risks, etc. Such definitions might have reflected the true nature of financial risks in the past. Almost all risks characterizing today's information-based financial products and services, financial markets, financial exchanges, financial currencies, and financial economies are however first and foremost Information risks and Cyber risks. Such Information risks and Cyber risks may not only escalate traditional risks but may also subsume traditional financial risks as brick-and-mortar institutions such as NYSE 'trading floors' become 'museums of financial history'.
- Dr. Yogesh Malhotra, Summer, 2013
2015-2017: 41 SSRN Top-10 Research Rankings: Top-10% SSRN Authors:
Computational Quant Analytics; AI & Decision Modeling; Algorithms & Machine Learning:
SSRN Top-10 Research Ranking Categories:
• Capital Markets,
• Cognition in Mathematics, Science, & Technology,
• Computational Biology,
• Computational Techniques,
• Computing Technologies,
• Corporate Governance: Disclosure, Internal Control, & Risk-Management,
• Decision-Making under Risk & Uncertainty,
• Econometric & Statistical Methods,
• Econometric Modeling,
• Hedging & Derivatives,
• Information Systems & Economics,
• Interorganizational Networks & Organizational Behavior,
• Mathematical Methods & Programming,
• Operations Research,
• Risk Management,
• Risk Management Controls,
• Risk Modeling,
• Social Network Analysis,
• Stochastic Models,
• Systemic Risk,
• Telecommunications & Network Models,
• Uncertainty & Risk Modeling,
• VaR Value-at-Risk.
• Banking & Insurance
• Cultural Anthropology,
• Economics of Networks,
• Innovation Law & Policy,
• Mutual Funds, Hedge Funds, & Investment Industry,
• Sociology of Innovation
Recent Research Presentations and Research Reports
Invited Princeton Quant Trading Presentations: 'Rethinking Finance' for the Era of Global Networked Digital Finance.
2016 Princeton Quant Trading Conference Presentation: Beyond Stochastic Models to Non-Deterministic Methods.
2015 Princeton Quant Trading Conference Presentation: Beyond Risk Modeling to Knightian Uncertainty Management.
Beyond 'Bayesian vs. VaR' Dilemma: How to Manage Risk (After Risk Management Has Failed) for Hedge Funds.
Markov Chain Monte Carlo Models for High-Dimensionality Complex Stochastic Problems in Network Security.
Risk, Uncertainty, & Profit for the Cyber Era: 'Knight Reconsidered': Model Risk Management in Cyber Risk Insurance.
Cyber-Finance Risk Management: Strategies, Tactics, Operations, &, Intelligence: ERM to Model Risk Management.
Number Field Sieve Cryptanalytic Algorithms for Most Efficient Prime Factorization on Composites: Beyond RSA 1024.
Bitcoin Protocol & Bitcoin Block Chain: Model of 'Cryptographic Proof' based Global Crypto-Currency Payment Systems.
2015-2016 41 SSRN Top-10 Rankings: Computational Quantitative & Risk Analytics Algorithms Machine Learning Research.
2008 AACSB International Impact of Research Report: Among Black-Scholes, Markowitz, Sharpe, Modigliani & Miller.
Top Wall Street Investment Banks Quantitative Finance Projects & FinTech Ventures
• Princeton: Future of Finance: 'Rethinking Finance' for Era of Global Networked Digital Finance
• 2016 Princeton Quant Trading Conference: Invited Research Presentation: Model Risk Arbitrage
• 2015 Princeton Quant Trading Conference: Invited Research Presentations: Future of Finance
• Quantitative Finance Risk Analytics Modeling Wall Street Investment Banks & VC Projects
• Model Risk Management: Risk Management Analytics from 'Prediction' to 'Anticipation of Risk'
• Quantitative Finance Risk Analytics, Econometric Analytics, Numerical Programming Models
• Quantitative Finance Model Risk Management for Systemic-Tail Risks in Cyber Risk Insurance
• JP Morgan Portfolio Optimization, VaR & Stress Testing: 17-Asset Class Portfolio
• JP Morgan Portfolio Liquidity Risk Modeling Framework for $500-600Bn Portfolio
• Bayesian VaR Beyond Value-At-Risk (VaR) Model Risks Exposed by Global Financial Crisis
• Goldman Sachs Alumnus Asset Manager Large-Scale Data High Freq Econometric Models
• Quantitative Finance, Risk Modeling, Econometric Modeling, Numerical Programming
• Technologies of Computational Quantitative Finance & Risk Analytics and Risk Management
• Algorithms & Computational Finance: C++, SAS, Java, Machine Learning, Signal Processing
• Cybersecurity, Financial Protocols & Networks Protocols Analysis, and, Penetration Testing
• Quantitative Finance, Quantitative Risk Analytics & Risk Management Projects Impact
• Digital Social Enterprise Ventures Creating Trillion $ Practices for Hundreds of Millions
Named among FinTech Finance & IT Nobel laureates for Real World Impact of Research
• FinTech Innovations: Model Risk Arbitrage, Open Systems Finance, Cyber Finance, Cyber Insurance
• AACSB International Reports Impact of Research among Black-Scholes, Markowitz, Sharpe
• Research Impact Recognized among Finance & Information Technology Nobel laureates
• 41 SSRN Top-10 Rankings: Computational Quant Analytics: Algorithms, Methods & Models
• FinTech Innovations: Model Risk Arbitrage, Cyber Finance, Cyber Risk Insurance Modeling
• Computational Quantitative Finance Modeling & Risk Management Research Publications
• Model Risk Management of Cyber Risk Insurance Models & Quantitative Finance Analytics
• Thesis on Ongoing Convergence of Financial Risk Management & Cyber Risk Management
• U.S. Federal Reserve & Office of the Comptroller of the Currency Model Risk Guidance
• Bayesian VaR Beyond Value-At-Risk (VaR) Model Risks Exposed by Global Financial Crisis
• Markov Chain Monte Carlo Models & Algorithms to Enable Bayesian Inference Modeling
• OCC Notes Cybersecurity Risk & Cyber Attacks as Key Contributor to Banks' Financial Risk
• Future of Bitcoin & Statistical Probabilistic Quantitative Methods: Global Financial Regulation
• Models Validation Expert Panels: IT, Operations Research, Economics, Computer Science
Global, National, & Enterprise CxO Level FinTech-Cyber-Risk Analytics Ventures
• CxO Think Tank that pioneered 'Digital' Management of Risk, Uncertainty, & Complexity
• CxO Consulting: Global, National & Corporate Risk Management Practices Leadership
• CxO Guidance: Cyber Defense & Finance-IT-Risk Management: Uncertainty & Risk
• CxO Keynotes: Conference Board, Silicon Valley, UN, World Economy: Uncertainty & Risk
• The Future of Finance Project Leading Quantitative Finance Practices at Elite Conferences
• The Griffiss Cyberspace Cybersecurity Venture Spans Wall Street and Hi-Tech Research
• UN Quantitative Economics Expert Paper & Keynote on Global Economists Expert Panel
• National Science Foundation Cybersecurity & Cybercomputing National Expert Panels
• Digital Social Enterprise Innovation Ventures Pioneering the Future of Risk and Quant
• Global Footprint of Worldwide World-Leading CxO Risk Management Ventures & Practices