Lillian Ablon

Photo of Lillian Ablon
Adjunct Information Scientist
Off Site Office


M.S. in mathematics, Johns Hopkins University; B.A. in mathematics, University of California, Berkeley

Media Resources

This researcher is available for interviews.

To arrange an interview, contact the RAND Office of Media Relations at (310) 451-6913, or email

More Experts


Lillian Ablon is an adjunct information scientist at the RAND Corporation. Her research has focused on the intersection of cybersecurity, computer networks, information systems, privacy, commercial technology and public policy in support of the U.S. Department of Defense, U.S. Intelligence Community, and the private sector. Half of her research tackles issues facing the U.S. Military, Department of Defense, and Intelligence Community: modeling cyberspace operations, managing risk to the supply chain for weapons systems, describing the 2020-2040 operating environment, exploring tools and technologies for cyber situational awareness, and managing digital exhaust. The other half of her research centers on the data breach ecosystem: describing the black markets for cybercrime tools and stolen data, gathering consumer attitudes towards data breach notifications, understanding coverages and risks of cyber insurance, examining markets for zero-day software vulnerabilities, and creating baseline metrics on the longevity and collision rates of zero-day exploits. Prior to joining RAND, Ablon worked at the Department of Defense, creating some of the most cutting edge technologies in cryptography, network exploitation and vulnerability analysis, and mathematics. She won a coveted &ldqou;uber&rdqou; black badge at DEFCON and holds a B.A. in pure mathematics from the University of California, Berkeley, and an M.S. in applied and computational mathematics from Johns Hopkins University.

Selected Publications

Ablon, Lillian, and Andy Bogart, Zero Days, Thousands of Nights: The Life and Times of Zero-Day Vulnerabilities and their Exploits, RAND Corporation (RR-1751), 2017

Libicki, Martin, and Lillian Ablon, Markets for Cybercrime Tools and Stolen Data: Hackers' Bazaar, RAND Corporation (RR-610), 2014

Honors & Awards

  • Silver Medal Award, RAND

Recent Media Appearances

Interviews: Asia News Weekly; CBS; CKNW News Talk 980; CNN, The Situation Room; Hoover Digest Online; Investor's Business Daily online; Voice of America


  • Processor pins of a microchip

    Examining the Weak Spots in Tech's Supply Chain Armor

    When an attack on the supply chain occurs, manufacturers and purchasers should be better positioned to respond and recover. Even the simplest devices can rely on parts from multiple suppliers, which may have their own suppliers and so on. But every supplier, no matter how small, represents a potential weak link in the chain.

    Oct 16, 2018 WorldPost (The Washington Post)

  • Credit cards, a chain, an open padlock, and a computer keyboard are visible next to the Equifax logo

    Equifax and the Data-Breach Era

    The personal and financial data of almost 146 million U.S. consumers has been compromised by the Equifax breach, the latest in a long line of high-profile hacks. Do consumers worry enough about such breaches? And what options are available to Congress?

    Oct 18, 2017 The Hill

  • Concept of leaky software, data pouring out of pipe

    Digital Theft: The New Normal

    Absolute data breach prevention is not possible, so knowing what people want when it happens is important. Consumers and corporations alike should accept this risk as a “when,” not an “if,” and prepare for it.

    Oct 10, 2016 Wired

  • View to an operating room through an office window

    Ransomware Hackers Are Coming for Your Health Records

    Cyber criminals may be preying on hospitals because cyber protection measures likely have not kept pace with electronic data collection and because hospitals typically do not have backup systems and databases in place, even though such attacks can strain health care systems and potentially put patients' lives at risk.

    Apr 11, 2016 Newsweek

  • Bruce Sewell, senior vice president and general counsel for Apple Inc., is sworn in before testifying to the House Judiciary hearing on "The Encryption Tightrope: Balancing Americans' Security and Privacy" March 1, 2016

    How the 'Wonks' of Public Policy and the 'Geeks' of Tech Can Get Together

    Conventional wisdom says that technology innovates and disrupts, while public policy regulates and controls. What might a better integration of the commercial tech sector with the policy community look like?

    Mar 18, 2016 TechCrunch

  • Group of friends holding their smart phones

    How You Can Be Cybersecurity's Strongest Asset

    Technology is thoroughly embedded within the average person's life but security is not emphasized to the general user. Teaching the importance of security early on and continually bringing awareness to the public could help temper technology-based attacks.

    Feb 18, 2016 The Huffington Post

  • Internet of Things graphic

    Keeping Hackers Away from Your Car, Fridge, and Front Door

    In the ever-growing Internet of Things, attackers already outpace the defenders. If developing solutions for software liability doesn't become more of a priority, there may be no winning this technological war.

    Dec 7, 2015 The National Interest

  • Malware phishing data concept

    Social Engineering Explained: The Human Element in Cyberattacks

    The human element is the most unpredictable factor in cybersecurity. A social engineer aims to make people do what they want or give the social engineer information, often without the person considering the negative consequences.

    Oct 20, 2015 The Cipher Brief

  • An illustration of a projection of binary code on a man holding a laptop computer

    Is It Time to Appoint a Data Security Czar?

    Cybersecurity needs to become more of a priority for the government and private corporations. Whatever the solution, public and private officials need to do a better job of weighing the risk-benefit calculation of storing data on Internet-accessible computers and justifying data-handling protocols.

    Sep 3, 2015 Newsweek

  • Lily Ablon holding medal received for winning DEF CON 21 challenge at Def Con Cybersecurity conference

    The Good Hacker: Q&A with Lillian Ablon

    Lillian Ablon talks about hacking, winning the DEF CON black badge, women in STEM, and more.

    Jan 16, 2015

  • People pose in front of a display showing the word 'cyber' in binary code, Zenica, Bosnia and Herzegovina, December 27, 2014

    After a Year of Major Hacks, 2015 Resolutions to Bolster Cyber Security

    With numerous data breaches and emerging software vulnerabilities, 2014 was the year the hack went viral. But realizing a few New Year's resolutions in 2015 could help defenders make strides in protection, tools, and techniques to gain the edge over cyber attackers in years to come.

    Dec 31, 2014 U.S. News & World Report

  • Oscar-winning actress Jennifer Lawrence has contacted authorities to investigate who stole and posted nude images of her online, part of a reported mass hacking of celebrities' intimate photos

    Hackerazzi: How Naked Celebrities Might Make the Cloud Safer

    Despite data breach after data breach that lays bare the personal information of millions of people, leading to only incremental changes by the hacked company, it seems it only takes a handful of celebrity nude selfies to bring issues like cloud security and multi-factor authentication to the fore causing immediate changes.

    Sep 8, 2014 The RAND Blog

  • hands on a computer keyboard in a dark room

    The Hackers' Bazaar

    Today's cyber black markets have evolved into playgrounds of financially driven, highly organized and sophisticated groups, often connected with traditional crime organizations.

    Apr 11, 2014 Politico

  • Fake Boarding Pass Fears Inflated

    Instead of ratcheting back the PreCheck program because of manufactured fears about security lapses, TSA should be encouraged to expand this program to more airlines, more airports and more infrequent travelers, write Jack Riley and Lily Ablon.

    Dec 12, 2012 USA Today