Curriculum Vitae

Personal data

• Name: Risto Vaarandi
• Nationality: Estonian
• Date and place of birth: September 18, 1972, Tallinn, Estonia
• Languages: Estonian (native), English (fluent), Russian (passive), Finnish (passive)
• Office address: Akadeemia tee 15A, Tallinn, Estonia
• E-mail: firstname d0t lastname at gmail d0t c0m

Academic degrees

• PhD in Computer Engineering, Tallinn University of Technology, Estonia, 2005
• MSc in Computer Science, University of Tartu, Estonia, 1997

Education

• 2000-2005 PhD student of Computer Engineering, Tallinn University of Technology, Estonia
• 1994-1997 MSc student of Computer Science, University of Tartu, Estonia
• 1990-1994 undergraduate student of Computer Science, University of Tartu, Estonia
• 1979-1990 High School No. 21 of Tallinn, Estonia

Career

• Since October 2024 Tallinn University of Technology, associate professor

  Research on security monitoring, event log analysis, and other aspects of cyber security; supervision of graduate students and teaching activities.

• January 2015 - October 2024 Tallinn University of Technology, senior researcher

  Research on event correlation, event log data mining, and security monitoring; supervision of graduate students and teaching activities.

• May 2006 - December 2014 NATO CCDCOE, researcher

  Research on security monitoring techniques and various teaching activities.

• April 1998 - July 2018 SEB Estonia, IT development engineer

  Development and maintenance of a system and network management framework (based on HP OpenView and a number of open source tools) which included solutions for monitoring applications, servers, network devices, etc.; for event correlation and event log monitoring; for gathering SNMP and NetFlow statistics from servers, routers, and probes; for intrusion detection; etc.

• March 1997 - April 1998 Estpak Data Ltd., network administrator

  Administration of Cisco and Bay Networks routers, development and maintenance of a network management system (based on Tivoli NetView), administration of UNIX servers (Linux and AIX)

• August 1994 - March 1997 Tartu County Government, IT specialist

  Administration of UNIX servers (Linux and AIX), PC-workstation maintenance and user support

Research interests

• Event correlation in monitoring and management systems
• Data mining algorithms for analyzing event logs
• Network management and intrusion detection
• System and application monitoring techniques

Publications

Supervised PhD students

• Mauno Pihelgas. Automating Defences against Cyber Operations in Computer Networks. PhD thesis, Tallinn University of Technology, 2021
• Bernhards Blumbergs. Specialized Cyber Red Team Responsive Computer Network Operations. PhD thesis, Tallinn University of Technology, 2019

Supervised MSc students

• Mark Borissov. Deploying open-source SIEM system for Waldur-based services at the University of Tartu. Master thesis, University of Tartu, 2024
• Giorgi Okroshidze. Comparison of SOC Workflow Automation Options for SMEs and Practical Impact Analysis. Master thesis, Tallinn University of Technology, 2024
• Frank Korving. DACA: Automated Attack Scenarios and Dataset Generation. Master thesis, Tallinn University of Technology, 2022
• Orkhan Gasimov. Compare and Contrast Analysis of Log Parsing Algorithms: Perspective of Efficiency and Pattern Detection Rate. Master thesis, Tallinn University of Technology, 2022
• Ilker Furkan Kahyalar. A Comparative Study of Virtualization Solutions for Cybersecurity Labs. Master thesis, Tallinn University of Technology, 2021
• Tarvo Arikas. Streaming event correlation and complex event processing using open-source solutions. Master thesis, Tallinn University of Technology, 2021
• Ali Ghasempour. HTTP Based Network Intrusion Detection System by Using Machine Learning Based Classifier. Master thesis, Tallinn University of Technology, 2021
• Siim Sarv. Using Event Correlation to Detect Security Incidents from Windows Workstations. Master thesis, Tallinn University of Technology, 2021
• Ivo Pure. An automated methodology for validating web related cyber threat intelligence by implementing a honeyclient. Master thesis, University of Tartu, 2019
• Sander Arnus. Providing Reliable Log Delivery and Integrity of Logs. Master thesis, Tallinn University of Technology, 2017
• Chen Zhuge. C-Based Implementation of LogCluster, a Data Clustering and Pattern Mining Algorithm for Event Logs. Master thesis, Tallinn University of Technology, 2016
• Mina Gerges. Log Monitoring and Event Correlation on Microsoft Windows Using Simple Event Correlator. Master thesis, Tallinn University of Technology, 2016
• Sergei Komarov. Choosing Open-source Flow-based Network Monitoring Solution. Master thesis, Tallinn University of Technology, 2015
• Sven Petai. Detecting Anomalies in System Logs. Master thesis, Tallinn University of Technology, 2014
• Markus Kont. Event management and active defense framework for small companies. Master thesis, Tallinn University of Technology, 2014
• Faris Aloul. A Study of Client Honeypots and Applying Them to Social Networking Sites. Master thesis, Tallinn University of Technology, 2013
• Artyom Churilin. Choosing an Open-Source Log Management System For Small Business. Master thesis, Tallinn University of Technology, 2013
• Mauno Pihelgas. A Comparative Analysis of Open-Source Intrusion Detection Systems. Master thesis, Tallinn University of Technology, 2012

Supervised BSc students

• Reno Špitsmeister. Implementing a SOAR Solution in a Security Operations Center on the Example of Cybers. Bachelor thesis, Tallinn University of Technology, 2023
• Balint Adam. Performance and Applicability Analysis of Open-source Intrusion Detection Systems in Special-purpose Networks. Bachelor thesis, Tallinn University of Technology, 2022

Developed open source tools

• Simple Event Correlator - https://simple-evcorr.github.io
• SLCT - https://ristov.github.io/slct/
• LogHound - https://ristov.github.io/loghound/
• LogPP - https://logpp.sourceforge.net
• Monitord - https://ristov.github.io/monitord/
• LogCluster - https://ristov.github.io/logcluster/
• SCAS - https://ristov.github.io/scas/

Professional skills

• Experience with network and security management applications: Simple Event Correlator (the author), Suricata, Snort, Elastic Stack, rsyslog, syslog-ng, Graphite, NfSen, Fprobe, Flow-tools, RRDtool, Nagios, HP OpenView NNM and Operations, Tivoli NetView, Net-SNMP, MRTG, Ntop, etc.
• Experience with programming languages and database systems: Perl, C/C++, Python, PHP, MySQL, Bourne shell, Prolog, assembler (i86), Pascal, BASIC
• Sysop experience: Linux, HP-UX, AIX, Cisco IOS