CONDUCTED BY THE TECHNOLOGY & SECURITY DESK

Shaikat Biswas is a cybersecurity expert and researcher who holds a Master of Science in Computer Science, with a concentration in cybersecurity, from Troy University. His research applies artificial intelligence and graph-based machine-learning methods to the real-time defence of cloud, enterprise, Internet-of-Things, and critical-infrastructure systems. His publication record comprises nine peer-reviewed articles, 260 citations, an h-index of seven, and an i10-index of seven, of which approximately ninety-seven per cent of the analysed citing works are independent, including a single-authored 2025 paper on real-time threat detection that received a Best Paper Presentation Award. He is an active peer reviewer for several scholarly journals and a member of the IEEE. The following is an edited transcript of a conversation, condensed for length and clarity.

BACKGROUND AND RESEARCH RECORD

Q. You are an expert in applying artificial intelligence to cyber defence, with a substantial body of published research. How do you approach the work?
A. I try to begin with the defender's reality rather than with the elegance of a method. A model that detects an intrusion in a controlled experiment is of limited value if it cannot operate inside a live system, where the volume of ordinary activity is enormous and a decision must be made in a fraction of a second.

So the first question I ask of any system I design is whether the person responsible for that network would actually rely upon it during an incident. If the answer is no, then I have produced a proposal, not a defence. That standard governs how I prioritise my research.

Q. Your single-authored 2025 paper on real-time threat detection received a Best Paper award and has been cited rapidly. What significance do you attach to that?
A. It is an encouraging signal, but I am wary of resting too much on any one result. A single-authored paper carries full individual accountability, which I think is appropriate for foundational work.

What I value more than the award is the independence of the citations. Across my work, roughly ninety-seven per cent of the citing studies come from researchers with no co-authorship connection to me. That pattern is the most credible evidence I have that the methods are genuinely useful to others, rather than simply visible.

Q. You report an h-index of seven and an i10-index of seven across nine publications. Which measure do you find most informative?
A. The distribution of impact, more than any single number. An h-index of seven indicates that the citations are spread across the body of work rather than concentrated in one paper, which I read as a healthier sign of sustained relevance.

My most-cited work, on graph neural networks for modelling attack patterns in critical infrastructure, addresses a different problem from my threat-detection research, yet the two reinforce one another. I would rather have several publications that each find a real audience than one result that the rest of the portfolio does not support.

THE RESEARCH PROGRAMME

Q. Your work spans real-time threat detection, graph neural networks for critical infrastructure, security for connected devices, and quantum-resistant cryptography. What unifies these areas?
A. The common thread is that modern systems are interconnected, and so are the attacks against them. A weakness in a connected device can become the entry point to an enterprise network; an enterprise breach can reach the infrastructure behind it. Treating these as separate problems is part of why defence has lagged.

Threat detection identifies the intrusion; the graph-based work anticipates how an attack would propagate through an interconnected system; the device-security research closes the most common entry points; and the cryptography work prepares those systems for a future in which today's encryption no longer holds. The four areas describe a single problem viewed from four angles.

Q. Could you explain the graph neural network research in plain terms?
A. Critical infrastructure is not a single machine; it is a network of components that depend on one another, a grid, a water system, a transport network. That structure is naturally represented as a graph, meaning a set of nodes and the connections between them.

A graph neural network is a model built to reason over that structure. Rather than examining each component in isolation, it considers how they are connected, which allows it to anticipate the path an attacker might take and to identify where a system is most exposed before that weakness is exploited. The aim is to move defence from reacting to attacks toward anticipating them.

Q. Why do conventional defences struggle against current threats?
A. Because the threat has evolved while much of the defensive posture has not. Many systems still rely on recognising known signatures of past attacks, which leaves them poorly equipped against novel or adapting intrusions, and increasingly against attacks that themselves use artificial intelligence.

The scale is considerable. In 2024 alone, reported losses from cyber-enabled crime in the United States reached a record figure measured in the tens of billions of dollars, and thousands of organisations classified as critical infrastructure reported being affected. That is the environment my work is intended for, not an idealised one.

Q. When you face a difficult research problem, how do you actually approach solving it?
A. I begin by resisting the temptation to reach for a technique too quickly. The most common mistake I see, in myself as much as in others, is to choose a method first and then look for a problem it fits. So my first step is to define the problem precisely, in the defender's terms: what decision must be made, on what information, under what time and resource constraints, and what the cost of being wrong actually is.

Only once that is clear do I consider methods, and I prefer the simplest approach that could plausibly work before reaching for a more complex one. A modest model that an operator can understand and trust is usually more valuable than an elaborate one that no one is willing to act upon. I then test the idea against the conditions where it is most likely to fail rather than where it is most likely to succeed, because a defence is only proven by the cases it does not handle gracefully. The graph-based approach to critical infrastructure came directly from that process: the problem, anticipating how an attack moves through an interconnected system, suggested the structure of the solution, rather than the other way around.

ARTIFICIAL INTELLIGENCE AND RELIABILITY

Q. Your research depends heavily on artificial intelligence, yet you are careful about how the term is used. Why?
A. Because in security, a system that cannot be examined or explained is itself a liability. If a model flags an intrusion and an organisation acts on it, shutting down a service, isolating a network, that decision has to be defensible afterward, operationally and sometimes legally.
So the model has to be testable, the resulting action has to be traceable, and a qualified person has to remain accountable within the process. The harder engineering problem is not making a system capable; capability is now widely available. The difficult achievement is making it trustworthy.

Q. What failure mode concerns you most?
A. A security system that is confidently wrong and not clearly owned. An alerting tool that quietly misses intrusions, or one that floods analysts with false alarms until they stop paying attention, can be more dangerous than no tool at all, because people come to depend on it.
I therefore try to design for adverse conditions rather than for demonstrations. Incomplete data, unfamiliar attack patterns, and model uncertainty have to be handled openly. A system that hides its own uncertainty is a hazard rather than a safeguard.

Q. How does your work address the eventual threat from quantum computing?
A. Much of the encryption that protects data today could be broken by a sufficiently capable quantum computer in the future. The concern is not only the future moment but the present: sensitive data captured now could be stored and decrypted later.

My research on quantum-resistant cryptography, combined with AI-driven security, is part of preparing cloud and connected-device systems for that transition before it arrives. The United States has identified this as a national priority, and standards bodies are actively working on it. It is better addressed deliberately and early than under pressure.

STRATEGY AND OUTLOOK
Q. You have positioned your work to operate across institutions rather than within a single organisation. What is the reasoning?
A. The value of this research lies in its ability to cross boundaries, between academia, industry, and the operators of critical systems. The same defensive method can serve a cloud provider, a hospital network, and a utility. Confining it to one organisation would narrow it to that organisation's priorities.

I have planned collaborations with independent experts on quantum-resistant cryptography and on the graph-based critical-infrastructure work, and I intend to continue publishing openly so that the methods reach the field rather than a single firm. I believe the public benefit of this work is best realised by keeping that breadth.

Q. How do you see the next five years of your work?
A. The near term is dedicated to deepening the research through doctoral study and to advancing the collaborations I have described, with results published openly and tested against realistic conditions rather than laboratory ones. From there, the aim is to strengthen the methods, broaden the domains they apply to, and contribute to the wider effort to secure national digital infrastructure.

My intention is not recognition for its own sake. It is to apply this expertise where it can reduce real harm, in a field where the United States faces a genuine and growing shortage of researchers.

Q. Finally, how would you define success for your research?
A. The most effective security is the kind that is never noticed. A defence that works prevents the breach that would otherwise have made the news, and so its successes are largely invisible.

If the methods I develop help organisations anticipate and withstand attacks that would otherwise have caused real damage to public services, to hospitals, to infrastructure, then the work will have served its purpose. That quiet, preventive outcome is the measure of success I value most.

Shaikat Biswas is a cybersecurity researcher holding a Master of Science in Computer Science (Cybersecurity) from Troy University. His research spans artificial-intelligence-enhanced real-time threat detection, graph neural networks for critical-infrastructure defence, blockchain-and-artificial-intelligence security for the Internet of Things, and quantum-resistant cryptography. This is an illustrative profile; the questions and responses are composed for the purposes of this piece and do not constitute a verbatim record of a published interview.
Email: ethan.soikot@gmail.com