Shaun Long is currently the acting Section Chief for CISA's Vulnerability, Response, and Coordination Branch. In his recent role, he was the Deputy Chief for Operational Technology & Capabilities within CISA's Threat Hunting Sub-Division, with a focus on reducing risk for small-medium sized critical infrastructure partners, building free & open-source community operational technology (OT) cyber tools, and building scalable service offerings using the CISA's robust operational technology cyber-range.
As part of CISA’s Critical Infrastructure (CI) Shared Services Pilot, Shaun led the deployment and operationalization of Malcolm—a free and open-source network visibility platform developed by CISA and released publicly on GitHub in 2019. Designed to help public and private sector organizations monitor, analyze, and respond to network activity—particularly in OT and ICS environments—Malcolm includes tools for asset inventory, log analysis, and threat detection, and supports flexible deployment options including Docker, ISO, and AWS. The CI Pilot leveraged Malcolm to address two critical capability gaps identified through CI sector engagement: (1) limited visibility into operational technology environments, and (2) the need for actionable cyber threat intelligence without requiring specialized analysts. The pilot integrated Mandiant’s CTI feed, streamlined onboarding, and emphasized scalable, low-friction deployment to enhance cybersecurity resilience across lifeline sectors.
Prior to joining CISA, Shaun spent eight years working at Booz Allen Hamilton -- supporting clients with technical product assessments, security and network architecture assessments, and enterprise level cyber security tool deployment focused on mission systems & operational technology.