Jump to navigation

The University of Arizona Wordmark Line Logo White
UA Profiles | Home
  • Phonebook
  • Edit My Profile
  • Feedback

Profiles search form

Dalal N Alharthi

  • Assistant Professor
  • Member of the Graduate Faculty
Contact
  • (520) 626-2422
  • UA Sierra Vista Campus, Rm. 101
  • Tucson, AZ 85721
  • dalharthi@arizona.edu
  • Bio
  • Interests
  • Courses
  • Scholarly Contributions

Biography

Assistant Professor at the University of Arizona with a Ph.D. Degree in Computer Science from the University of Califonia, Irvine. Equipped with work experience in both academia and industry. Strong engineering /architecture skills, skilled in Cloud Computing (AWS, Azure, and GCP); Cloud Security; Container Security; Automation; Network Security; Violent Python; Palo Alto Networks; Active Directory; Web Development/Security; Pentesting/Ethical Hacking; Digital Forensics and Incident Response (DFIR); Cybersecurity Strategy, Standards, Policies, and Controls; Awareness Training Programs, and more.

Prior to joining the University of Arizona, Dr. Alharthi worked as a Cloud Security Engineer at Farmers Insurance, a Resident Engineer at Palo Alto Networks, and Prisma Cloud Consultant at Dell. She was awarded the Division of Teaching Excellence and Innovation (DTEI) Fellowship by the University of California, Irvine, and obtained both CompTIA Security+ and AWS Solutions Architect certifications.

Dr. Alharthi’s research interests are as follows. Cloud Security; Container Security; Penetration Testing; Digital Forensics and Incident Response (DFIR); Human-Computer Interaction (HCI); Privacy; Cybersecurity Education; and Machine Learning. She is also interested in conducting research on the intersection between Cybersecurity and Public Administration; Cybersecurity and Business Administration; and Cybersecurity and Education.

Degrees

  • Ph.D. Computer Science
    • University of California Irvine

Awards

  • Senior Fellow for the Mathematics of Intelligences program
    • The Institute for Pure and Applied Mathematics (IPAM) at UCLA, Fall 2024
  • National-level recognition for Exceptional Contributions to the Cybersecurity Community
    • WiCyS 2024, Spring 2024
  • Cybersecurity Focus Area Distinguished Paper Award
    • ISCAP/EDSIG Conference., Fall 2023
  • Mentoring Future Scholars Award
    • University of Arizona, Fall 2023 (Award Nominee)
  • Capacity Building Award
    • UArizona RII RLI Program, Summer 2023

Licensure & Certification

  • Entelligence Certified IT Professional, Entelligence (2020)
  • Division of Teaching Excellence and Innovation (DTEI) Fellow, University of California Irvine (2020)
  • Cybersecurity Boot Camp (6 months program), University of California Irvine (2019)
  • AWS Certified Solutions Architect, Amazon Web Services (AWS) (2020)
  • CompTIA Security+, CompTIA (2020)

Related Links

Share Profile

Interests

Research

Cybersecurity in general, Cloud Security, Cloud Penetration Testing, Penetration Testing, Transportation Systems Engineering, Network Security, Human-Computer Interaction (HCI), Social Engineering, Usable Security and Security Policies/procedures, Digital Forensics and Incident Response (DFIR), Cryptography, Automation, Intelligent Vehicles, Management Information System (MIS), Leadership

Courses

2024-25 Courses

  • Cloud Security
    CYBV 579 (Spring 2025)
  • Independent Study
    CYBV 599 (Spring 2025)
  • Violent Python
    CYBV 473 (Spring 2025)
  • Cloud Security
    CYBV 579 (Fall 2024)
  • Violent Python
    CYBV 473 (Fall 2024)

2023-24 Courses

  • Intro to Security Scripting
    CYBV 312 (Summer I 2024)
  • Intro Amazon Web Services
    NETV 381 (Spring 2024)
  • Violent Python
    CYBV 473 (Spring 2024)
  • Violent Python
    CYBV 473 (Fall 2023)

2022-23 Courses

  • Intro to Security Scripting
    CYBV 312 (Summer I 2023)
  • Capstone in Cyber Operations
    CYBV 498 (Spring 2023)
  • Capstone in Cyber Operations
    CYBV 498 (Fall 2022)
  • Violent Python
    CYBV 473 (Fall 2022)

2021-22 Courses

  • Cyber Warfare
    CYBV 480 (Summer I 2022)
  • Capstone in Cyber Operations
    CYBV 498 (Spring 2022)
  • Violent Python
    CYBV 473 (Spring 2022)
  • Cyber Warfare
    CYBV 480 (Fall 2021)
  • Violent Python
    CYBV 473 (Fall 2021)

Related Links

UA Course Catalog

Scholarly Contributions

Journals/Publications

  • Wagner, P. E., & Alharthi, D. N. (2024). Comprehensive Cybersecurity Programs: Case-Study Analysis of a Four-Year Cybersecurity Program at a Secondar Education Institutions. Cybersecurity Pedagogy and Practice Journal.
  • Wagner, P. E., & Alharthi, D. N. (2023). Leveraging VR/AR/MR/XR Technologies to Improve Cybersecurity Education, Training, and Operations. the Journal of Cybersecurity Education, Research and Practice (JCERP).
  • Alharthi, D. N., & Regan, A. C. (2021). A Literature Survey and Analysis on Social Engineering Defense Mechanisms and Infosec Policies. International Journal of Network Security & Its Applications, 13(2), 41-61. doi:10.5121/ijnsa.2021.13204
    More info
    Social engineering attacks can be severe and hard to detect. Therefore, to prevent such attacks, organizations should be aware of social engineering defense mechanisms and security policies. To that end, the authors developed a taxonomy of social engineering defense mechanisms, designed a survey to measure employee awareness of these mechanisms, proposed a model of Social Engineering InfoSec Policies (SE-IPs), and designed a survey to measure the incorporation level of these SE-IPs. After analyzing the data from the first survey, the authors found that more than half of employees are not aware of social engineering attacks. The paper also analyzed a second set of survey data, which found that on average, organizations incorporated just over fifty percent of the identified formal SE-IPs. Such worrisome results show that organizations are vulnerable to social engineering attacks, and serious steps need to be taken to elevate awareness against these emerging security threats.

Proceedings Publications

  • Alharthi, D. N. (2024). Cloud Incident Response Framework. In IEEE 15th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON24).
  • Alharthi, D. N., & Abbas, M. (2024). A Zero-Trust Reinforcement Learning Policy for Mitigating Cyberattacks on Emergency Vehicle Preemption Systems. In IEEE 15th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON24).
  • Alharthi, D. N. (2023). Secure Cloud Migration Strategy (SCMS): A Safe Journey to the Cloud. In the 18th International Conference on Cyber Warfare and Security.
    More info
    The paper proposed a comprehensive Secure Cloud Migration Strategy (SCMS) that organizations can adopt to secure their cloud environment. The proposed SCMS consists of three main repeatable phases/processes, which are preparation; readiness and adoption; and testing. Among these phases, the author addresses tasks/projects from the different perspectives of the three cybersecurity teams, which are the blue team (defenders), the red team (attackers), and the yellow team (developers). This can be used by the Cloud Center of Excellence (CCoE) as a checklist that covers defending the cloud; attacking and abusing the cloud; and applying the security shift left concepts. In addition to that, the paper addresses the necessary cloud security documents/runbooks that should be developed and automated such as incident response runbook, disaster recovery planning, risk assessment methodology, and cloud security controls. The ultimate goal is to support the development of a proper security system to an efficient cloud computing system to help harden organizations’ cloud infrastructures and increase the cloud security awareness level, which is significant to national security. Furthermore, practitioners and researchers can use the proposed solutions to replicate and/or extend the proposed work.
  • Collier, H., MORTON, C., Alharthi, D. N., & Kleiner, J. (2023). Cultural Influences and Information Security. In ECCWS 22nd European Conference on Cyber Warfare and Security.
    More info
    The end goal of this research is to use culture, along with behaviour and social media usage as new metrics in measuring a person’s susceptibility to cybercrime. This information can then be used by information security teams to better prepare individuals to defend themselves from cyber threats! This paper is the start of the research process into how culture impacts a person’s susceptibility to cybercrime.
  • O'Mara, A., Alsamadi, I., Aleroud, A., & Alharthi, D. N. (2023). Phishing Detection Based on Webpage Content: Static and Dynamic Analysis. In the IEEE Third Intelligent Cybersecurity Conference (ICSC2023).
  • Straight, R. M., Alharthi, D. N., & Honomichl, R. J. (2023). Bridging Complexity and Distance: Designing an Online MS Program in Cyber and Information Operations. In the International Conference of Education, Research and Innovation (ICERI).
  • Wagner, P. E., & Alharthi, D. N. (2023). Comprehensive Cybersecurity Programs: Case-Study Analysis of a Four-Year Cybersecurity Program at a Secondary Education Institution. In The Computing Education and Information Systems Applied Research (ISCAP) Conference.
  • Alharthi, D. N., & Regan, A. C. (2021). Social Engineering Infosec Policies (SE-IPS). In Computer Science & Information Technology (CS & IT).
    More info
    The sudden increase in employees working primarily or even exclusively at home has generated unique societal and economic circumstances which makes the protection of information assets a major problem for organizations. The application of security policies is essential for mitigating the risk of social engineering attacks. However, incorporating and enforcing successful security policies in an organization is not a straightforward task. To that end, this paper develops a model of Social Engineering InfoSec Policies (SE-IPs) and investigates the incorporation of those SE-IPs in organizations. This paper proposes a customizable model of SE-IPs that can be adopted by a wide variety of organizations. The authors designed and distributed a survey to measure the incorporation level of formal SE-IPs in organizations. After collecting and analyzing the data which included over fifteen hundred responses, the authors found that on average, organizations incorporated just over fifty percent of the identified formal Social Engineering InfoSec Policies.
  • Alharthi, D., & Regan, A. (2020). Social Engineering Defense Mechanisms: A Taxonomy and a Survey of Employees’ Awareness Level. In Intelligent Computing: Proceedings of the 2020 Computing Conference.
    More info
    In the information security chain, humans have become the weakest point, and social engineers take advantage of that fact by psychologically manipulating people to persuade them to disclose sensitive information or execute malicious acts. Social engineering security attacks can be severe and hard to detect. Therefore, to prevent such attacks, organizations and their employees should be aware of the defense mechanisms that can mitigate the risk of these attacks. To that end, the authors (1) developed a taxonomy of social engineering defense mechanisms and also (2) designed and distributed a survey to measure employees’ level of awareness of these mechanisms. To develop the taxonomy, the authors reviewed the related literature and extracted the main defense mechanisms. To measure employees’ level of awareness of social engineering defense mechanisms, the authors designed and distributed a survey in which 791 employees participated. Finally, after collecting and analyzing the data, the authors found that more than half of the surveyed employees are not aware of social engineering attacks and their defense mechanisms. Such a worrisome result shows that employees and organizations are extremely vulnerable to such attacks, and serious steps need to be taken to elevate the employees’ awareness level against these emerging security threats.
  • Alharthi, D., Hammad, M., & Regan, A. (2020). A Taxonomy of Social Engineering Defense Mechanisms. In Future of Information and Communication Conference.
    More info
    Humans have become the weakest point in the information security chain, and social engineers take advantage of that fact. Social engineers manipulate people psychologically to convince them to divulge sensitive information or to perform malicious acts. Social engineering security attacks can be severe and difficult to detect. Therefore, to prevent these attacks, employees and their organizations should be aware of relevant defense mechanisms. This research develops a taxonomy of social engineering defense mechanisms that can be used to develop educational materials for use in various kinds of organizations. To develop the taxonomy, the authors conducted a systematic literature review of related research efforts and extracted the main target points of social engineers and the defense mechanisms regarding each target point.

Presentations

  • Alharthi, D. N. (2024).

    A Collective Intelligence Framework for Cloud Security

    . UCLA IPAM Mathematics of Intelligences.
    More info
    The rapid transition from on-premises infrastructure to cloud environments has revolutionized how organizations manage data and operations. However, this shift introduces unique security challenges, such as real-time vulnerability assessment, incident response, and digital forensics in a highly dynamic and distributed ecosystem. This talk will present a novel framework that leverages collective intelligence to address these challenges in cloud security. By utilizing a multi-agent system, we propose an approach where agents collaborate, share insights, and make decentralized decisions to improve threat detection and response.
  • Alharthi, D. N. (2024). Navigating the Future of Cybersecurity in the Age of Cloud, Containers, and AI. Women in Data Science (WiDS) Conference.
  • Alharthi, D. N. (2024). Optimizing DFIR in Public Cloud: AWS, Azure, and GCP.. Women in Cybersecurity (WiCyS) 2024.
  • Alharthi, D. N. (2024). Towards Secure Cloud Environments: Hands-on with AWS, Azure, and GCP. UArizona Women’s Hackathon.
  • Alharthi, D. N. (2023). Attacking and Defending Public Cloud Environments. Women in Cybersecurity (WiCyS) 2023. Denver, CO..
  • Galde, M. R., Wagner, P. E., & Alharthi, D. N. (2023). Who's Watching Who: Hacking IP Cameras. CactusCon11 2023. Mesa, AZ.

Profiles With Related Publications

  • Paul E Wagner
  • Rozhin Yasaei
  • Michael R Galde
  • Ryan M Straight
  • Robert J Honomichl

 Edit my profile

UA Profiles | Home

University Information Security and Privacy

© 2025 The Arizona Board of Regents on behalf of The University of Arizona.