Lillian Ablon

Photo of Lillian Ablon
Information Scientist; Professor, Pardee RAND Graduate School
Santa Monica Office


M.S. in mathematics, Johns Hopkins University; B.A. in mathematics, University of California, Berkeley

Media Resources

This researcher is available for interviews.

To arrange an interview, contact the RAND Office of Media Relations at (310) 451-6913, or email

More Experts


Lillian Ablon is an information scientist at the RAND Corporation and a professor at the Pardee RAND Graduate School. She conducts technical and policy research on topics spanning cyber security, emerging technologies, privacy and security in the digital age, computer network operations, digital exhaust, and the human element. Recent research topics include consumer attitudes towards data breach notifications; black markets for cybercrime tools and stolen data as well as the white, grey, and black markets for zero-day exploits; social engineering and open source intelligence; methods for zero-day vulnerability detection; tools and technologies for greater cyber situational awareness; and privacy concerns with digital identity. Prior to joining RAND, Ablon worked with some of the most cutting edge technologies in cryptography, network exploitation and vulnerability analysis, and mathematics. She won an “uber” black badge at DEFCON21 and holds a B.A. in mathematics from the University of California, Berkeley, and an M.S. in mathematics from Johns Hopkins University.


  • Concept of leaky software, data pouring out of pipe

    Digital Theft: The New Normal

    Absolute data breach prevention is not possible, so knowing what people want when it happens is important. Consumers and corporations alike should accept this risk as a “when,” not an “if,” and prepare for it.

    Oct 10, 2016 Wired

  • View to an operating room through an office window

    Ransomware Hackers Are Coming for Your Health Records

    Cyber criminals may be preying on hospitals because cyber protection measures likely have not kept pace with electronic data collection and because hospitals typically do not have backup systems and databases in place, even though such attacks can strain health care systems and potentially put patients' lives at risk.

    Apr 11, 2016 Newsweek

  • Bruce Sewell, senior vice president and general counsel for Apple Inc., is sworn in before testifying to the House Judiciary hearing on "The Encryption Tightrope: Balancing Americans' Security and Privacy" March 1, 2016

    How the 'Wonks' of Public Policy and the 'Geeks' of Tech Can Get Together

    Conventional wisdom says that technology innovates and disrupts, while public policy regulates and controls. What might a better integration of the commercial tech sector with the policy community look like?

    Mar 18, 2016 TechCrunch

  • Group of friends holding their smart phones

    How You Can Be Cybersecurity's Strongest Asset

    Technology is thoroughly embedded within the average person's life but security is not emphasized to the general user. Teaching the importance of security early on and continually bringing awareness to the public could help temper technology-based attacks.

    Feb 18, 2016 The Huffington Post

  • Internet of Things graphic

    Keeping Hackers Away from Your Car, Fridge, and Front Door

    In the ever-growing Internet of Things, attackers already outpace the defenders. If developing solutions for software liability doesn't become more of a priority, there may be no winning this technological war.

    Dec 7, 2015 The National Interest

  • Malware phishing data concept

    Social Engineering Explained: The Human Element in Cyberattacks

    The human element is the most unpredictable factor in cybersecurity. A social engineer aims to make people do what they want or give the social engineer information, often without the person considering the negative consequences.

    Oct 20, 2015 The Cipher Brief

  • An illustration of a projection of binary code on a man holding a laptop computer

    Is It Time to Appoint a Data Security Czar?

    Cybersecurity needs to become more of a priority for the government and private corporations. Whatever the solution, public and private officials need to do a better job of weighing the risk-benefit calculation of storing data on Internet-accessible computers and justifying data-handling protocols.

    Sep 3, 2015 Newsweek

  • Lily Ablon holding medal received for winning DEF CON 21 challenge at Def Con Cybersecurity conference

    The Good Hacker: Q&A with Lillian Ablon

    Lillian Ablon talks about hacking, winning the DEF CON black badge, women in STEM, and more.

    Jan 16, 2015

  • People pose in front of a display showing the word 'cyber' in binary code, Zenica, Bosnia and Herzegovina, December 27, 2014

    After a Year of Major Hacks, 2015 Resolutions to Bolster Cyber Security

    With numerous data breaches and emerging software vulnerabilities, 2014 was the year the hack went viral. But realizing a few New Year's resolutions in 2015 could help defenders make strides in protection, tools, and techniques to gain the edge over cyber attackers in years to come.

    Dec 31, 2014 U.S. News & World Report

  • Oscar-winning actress Jennifer Lawrence has contacted authorities to investigate who stole and posted nude images of her online, part of a reported mass hacking of celebrities' intimate photos

    Hackerazzi: How Naked Celebrities Might Make the Cloud Safer

    Despite data breach after data breach that lays bare the personal information of millions of people, leading to only incremental changes by the hacked company, it seems it only takes a handful of celebrity nude selfies to bring issues like cloud security and multi-factor authentication to the fore causing immediate changes.

    Sep 8, 2014 The RAND Blog

  • hands on a computer keyboard in a dark room

    The Hackers' Bazaar

    Today's cyber black markets have evolved into playgrounds of financially driven, highly organized and sophisticated groups, often connected with traditional crime organizations.

    Apr 11, 2014 Politico

  • Man at Security Checkpoint

    Fake Boarding Pass Fears Inflated

    Instead of ratcheting back the PreCheck program because of manufactured fears about security lapses, TSA should be encouraged to expand this program to more airlines, more airports and more infrequent travelers, write Jack Riley and Lily Ablon.

    Dec 12, 2012 USA Today