Dr. Marc Ph. Stoecklin is a Principal RSM and Manager of the Cognitive Cybersecurity Intelligence research group at the IBM T.J. Watson Research Center in Yorktown Heights, NY, and leader of the AI for Cybersecurity research activities at IBM globally, with a particular focus on applying artificial intelligence (AI) and machine learning to cybersecurity, incl. advanced threat detection, security advisors and threat intelligence consolidation, active defense and cyber deception, big data cybersecurity analytics, security visualization, as well as malware and security analysis.
Moreover, Marc and his team are analyzing the impact of emerging technologies on the cyber security posture of organizations, most recently the misuse and weaponization of AI by cyber attackers (briefing at Black Hat USA 2018) to strengthen their attacks.
Marc is leading the research efforts behind IBM's Cognitive Security offerings (Watson for Cyber Security and QRadar Advisor with Watson) and is one of the key creators of the concepts and algorithms that lead to the product. He is working on several client engagements to validate and operationalize advanced cognitive security analytics and threat intelligence research in real-world environment (including methodologies to detect stealthy and sophisticated beaconing behavior patterns of malware in corporate-scale networks).
Marc holds a PhD (Dr. ès sc.) degree in Computer, communication and Information sciences and a MSc degree in Communication Systems with specialization in "Information and Communication Security" both from École Polytechnique Fédérale de Lausanne (EPFL). In his PhD thesis, he developed novel unsupervised methods to detect and diagnose behavior-based anomalies on the network flow level.
In 2006, Marc joined IBM Research as a research scientist on the AURORA project. In this project, he contributed to the design and development of a flow-based network traffic monitoring system, which has been commercialized by IBM Tivoli in 2009. In parallel, he developed several behavior-based anomaly detection components for AURORA traffic monitoring system. In 2011, Marc joined the Global Security Analysis Lab (GSAL) at the IBM T.J. Watson Research Center in Hawthorne, NY where he participated in the development of the IBM Cyber Security Analytics and Intelligence research platform. In 2012, Marc became a Research Staff Member of the Cloud and Security Group in the Industry & Cloud Solutions department at IBM Research – Zurich, where he continued to deepen his focus on Cyber Security Analytics on the network level, both in traditional IT and industrial control systems [ICS] networks.