Mauno Pihelgas

PhD · Senior Security Researcher

Estonia

Senior Security Researcher at Dynatrace, focusing on threat intelligence research, vulnerability analysis, and observability. Previously worked as a Senior Systems Engineer at Podium North and as a Technology Researcher at the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE). Experience includes contributing to the technical development of cybersecurity exercises such as Locked Shields and Crossed Swords, and delivering training sessions on Network Security Monitoring tools including Suricata and Arkime. PhD in Cybersecurity from Tallinn University of Technology, with research focused on automating cyber defenses and advancing autonomous systems in cybersecurity.

Email Google Scholar LinkedIn GitHub ETIS

Experience

2025 – present

Cybersecurity Committee Member

Estonian Academy of Sciences

2024 – present

Senior Security Researcher

Dynatrace

CTI research, collection and analysis, vulnerability and threat detection research, data pipelines.

2022 – 2024

Senior Systems Engineer

Podium North, Estonia

Managing and improving complex cloud-based systems with the focus on cyber security.

2013 – 2022

Technology Researcher

NATO Cooperative Cyber Defence Centre of Excellence

Technology research, cyber security exercises, hands-on trainings — network and host-based security monitoring, defense automation, data collection and analysis.

2021 – 2022

Researcher

Foundation CR14, Estonia

Researcher (participation in EDF calls).

2012 – 2023

Teaching Assistant

Tallinn University of Technology, Estonia

ITX8071: Cyber Defense Monitoring Solutions course.

2010 – 2013

Monitoring Administrator

MicroLink Eesti AS / Elion Ettevõtted AS, Estonia

Comprehensive monitoring with Nagios, OpsView, Cacti and various other monitoring tools.

2008 – 2010

Duty Technician

MicroLink Eesti AS, Estonia

Data Center specialist focusing on DC and server maintenance.

Education

2021

PhD in Computer Science

Tallinn University of Technology

Thesis: Automating Defences against Cyber Operations in Computer Networks

2012

MSc in Cyber Security cum laude

Tallinn University of Technology & University of Tartu

Thesis: A Comparative Analysis of Open-Source Intrusion Detection Systems

2010

Diploma in IT Systems Development cum laude

Estonian Information Technology College

Thesis: Expanding Functionality of the Robot Control Platform of The Estonian IT College

Publications

Full list and citation metrics on Google Scholar. Selected PDFs available for download.

2025

Next Steps in Cyber Blue Team Automation — Leveraging the Power of LLMs

A. Dijk, R. Meier, C. Melella, M. Pihelgas, R. Vaarandi, V. Lenders

17th International Conference on Cyber Conflict: The Next Step (CyCon), 2025
2024

LSPR23: A Novel IDS Dataset from the Largest Live-Fire Cybersecurity Exercise

A. Dijk, E. Halisdemir, C. Melella, A. Schu, M. Pihelgas, R. Meier

Journal of Information Security and Applications, 85, 103847, 2024
2024

Open Source Intrusion Detection Systems' Performance Analysis Under Resource Constraints

G. Visky, B. Adam, R. Vaarandi, M. Pihelgas, O. Maennel

IEEE 22nd Jubilee International Symposium on Intelligent Systems and Informatics (SISY), 2024
2023

Comparative Analysis of Pattern Mining Algorithms for Event Logs

O. Gasimov, R. Vaarandi, M. Pihelgas

IEEE International Conference on Cyber Security and Resilience (CSR), 2023
2023

Request for a Surveillance Tower: Evasive Tactics in Cyber Defense Exercises

Y. Maeng, M. Pihelgas

15th International Conference on Cyber Conflict: Meeting Reality (CyCon), 2023
2022

Data Quality Problem in AI-Based Network Intrusion Detection Systems Studies and a Solution Proposal

E. Halisdemir, H. Karacan, M. Pihelgas, T. Lepik, S. Cho

14th International Conference on Cyber Conflict: Keep Moving! (CyCon), 2022
2021

Frankenstack: Real-time Cyberattack Detection and Feedback System for Technical Cyber Exercises

M. Pihelgas, M. Kont

IEEE International Conference on Cyber Security and Resilience (CSR), 2021
PDF
2021

Automating Defences against Cyber Operations in Computer Networks

M. Pihelgas

PhD Thesis, Tallinn University of Technology
PDF
2020

IDS for Logs: Towards Implementing a Streaming Sigma Rule Engine

M. Kont, M. Pihelgas

NATO CCD COE Publications, 2020
2020

NetFlow Based Framework for Identifying Anomalous End User Nodes

R. Vaarandi, M. Pihelgas

15th International Conference on Cyber Warfare and Security (ICCWS), 2020
2020

Reference Architecture of an Autonomous Agent for Cyber Defense of Complex Military Systems

P. Théron, A. Kott, M. Drašar, K. Rzadca, B. LeBlanc, M. Pihelgas, L. Mancini, F. de Gaspari

In: Adaptive Autonomous Secure Cyber Systems, Springer, 2020
2020

An Introductory Preview of Autonomous Intelligent Cyber-defense Agent Reference Architecture, Release 2.0

A. Kott, P. Théron, L. Mancini, E. Dushku, A. Panico, M. Drašar, B. LeBlanc, P. Losiewicz, A. Guarino, M. Pihelgas et al.

The Journal of Defense Modeling and Simulation, 17(1), 2020
2019

Autonomous Intelligent Cyber-Defense Agent (AICA) Reference Architecture, Release 2.0

A. Kott, P. Théron, M. Drasar, E. Dushku, B. LeBlanc, P. Losiewicz, A. Guarino, L. Mancini, A. Panico, M. Pihelgas et al.

Technical Report, CCDC Army Research Laboratory, 2019
2019

Design and Implementation of an Availability Scoring System for Cyber Defence Exercises

M. Pihelgas

International Conference on Cyber Warfare and Security (ICCWS), 2019
2018

Initial Reference Architecture of an Intelligent Autonomous Agent for Cyber Defense

A. Kott, L. Mancini, P. Théron, M. Drašar, E. Dushku, H. Günther, M. Kont, B. LeBlanc, A. Panico, M. Pihelgas et al.

arXiv preprint arXiv:1803.10664, 2018
2018

Towards an Active, Autonomous and Intelligent Cyber Defense of Military Systems: The NATO AICA Reference Architecture

P. Theron, A. Kott, M. Drašar, K. Rzadca, B. LeBlanc, M. Pihelgas, L. Mancini, A. Panico

International Conference on Military Communications and Information Systems (ICMCIS), 2018
2018

EVE and ADAM: Situation Awareness Tools for NATO CCDCOE Cyber Exercises

F. Melón, T. Väisänen, M. Pihelgas

SCI-300 Specialists' Meeting on Cyber Physical Security of Defense Systems, 2018
2017

Frankenstack: Toward Real-time Red Team Feedback

M. Kont, M. Pihelgas, K. Maennel, B. Blumbergs, T. Lepik

IEEE Military Communications Conference (MILCOM), 2017
2016

Event Log Analysis with the LogCluster Tool

R. Vaarandi, M. Kont, M. Pihelgas

IEEE Military Communications Conference (MILCOM), 2016
2016

Hedgehog in the Fog: Creating and Detecting IPv6 Transition Mechanism-Based Information Exfiltration Covert Channels

B. Blumbergs, M. Pihelgas, M. Kont, O. Maennel, R. Vaarandi

NATO CCD COE Publications, 2016
2016

Service Measurement Map for Large-Scale Cyber Defense Exercises

M. Pihelgas, F. Melón, J. Priisalu

IST-148: Cyber Defence Situation Awareness, NATO STO, 2016
PDF
2016

Creating and Detecting IPv6 Transition Mechanism-Based Information Exfiltration Covert Channels

B. Blumbergs, M. Pihelgas, M. Kont, O. Maennel, R. Vaarandi

Nordic Conference on Secure IT Systems (NordSec), 2016
2015

LogCluster — A Data Clustering and Pattern Mining Algorithm for Event Logs

R. Vaarandi, M. Pihelgas

11th International Conference on Network and Service Management (CNSM), 2015
2015

Insider Threat Detection Study

M. Kont, M. Pihelgas, J. Wojtkowiak, L. Trinberg, A. Osula

NATO CCD COE Publications, 2015
2015

Mitigating Risks Arising from False-Flag and No-Flag Cyber Attacks

M. Pihelgas

NATO CCD COE Publications, 2015
2014

Using Security Logs for Collecting and Reporting Technical Security Metrics

R. Vaarandi, M. Pihelgas

IEEE Military Communications Conference (MILCOM), 2014
2013

Back-Tracing and Anonymity in Cyberspace

M. Pihelgas

In: Peacetime Regime for State Activities in Cyberspace, NATO CCD COE Publications, 2013
PDF
2012

A Comparative Analysis of Open-Source Intrusion Detection Systems

M. Pihelgas

MSc Thesis, Tallinn University of Technology & University of Tartu
PDF