David Thaw is a professor at the University of Pittsburgh and holds appointments in the School of Law and the School of Computing and Information. He is also an Affiliated Fellow of the Information Society Project at Yale Law School.
David is an internationally-recognized expert in law and technology. His research and scholarship span several areas of law, policy, and computing and information sciences. His central focus is on cybersecurity and related issues, particularly in the contexts of private-sector compliance and regulation, civilian criminal law, and cyberwarfare. David’s research and professional work also span issues of information privacy, blockchain and related distributed verification technologies, and the intersection of security and artificial intelligence.
His legal scholarship has appeared in venues including the Washington Law Review, Connecticut Law Review, the Journal of Criminal Law and Criminology and the Yale Law Journal Online. He primarily studies law and technology through the lenses of administrative and criminal law, supplemented by his scientific and empirical work. His cybersecurity instructional text, Cybersecurity: An Interdisciplinary Problem (with Gus Hurwitz and Derek Bambauer) is under contract with West Academic Publishing.
Dr. Thaw is also the founder and faculty director of the CyREN Laboratory, which uses advanced simulation technology and empirical methods to model and analyze how adversaries compromise information systems. As he described in previous work, a lack of empirical basis for the development of cybersecurity policy has been a fundamental weakness which has led not only to ineffective policies, but in some cases actually has weakened overall system security. David’s body of scientific work, which traces back to his doctoral dissertation, attempts to close this gap by designing methods for collecting empirically valid evidence regarding the efficacy of tactics, techniques, and procedures (TTPs) for cyberattack. This work collects and analyzes real-world cyber data, informing his evidence-based legal and policy scholarship.
Professor Thaw has presented his research to legislatures and policymaking bodies in the United States and allied nations, including the U.S. House of Representatives. He has personally-briefed senior Senate-confirmed officials from the U.S. Department of Defense on his work in cybersecurity and cyber warfare, and regularly presents at cyberlaw events with government agencies worldwide. David also performs pro bono service as a lawyer, including amicus work on privacy and cybercrime issues before the U.S. Supreme Court.
In addition to his public service work, David maintains an active connection between his research and industry. He has served on the Advisory Boards of several multinational tech corporations, and is a co-founder of and member of the Advisory Board of ELPIS, a non-profit facilitating industry collaboration regarding risk and resilience issues for Internet-of-Things cybersecurity. Recently, David co-founded the startup Obnostic as part of his work on a multi-year sponsored research project. Dr. Thaw also has been working for over 20 years in various full- and part-time roles in the technology industry.
Prior to joining the Pitt faculty, David taught at the University of Connecticut and the University of Maryland. He also practiced cybersecurity and privacy regulatory law at Hogan Lovells (formerly Hogan & Hartson) and was previously a Postdoctoral Fellow at Yale Law School.
David holds a Ph.D. from UC Berkeley's School of Information, a J.D. from Berkeley Law, a M.A. in Political Science from UC Berkeley and a B.S. in Computer Science and a B.A. in Government & Politics from the University of Maryland.