Haula Sani Galadima

PhD Researcher in Incident Response

Download CV

About Me

My PhD research focuses on how improved Cyber Incident Response can enhance Organisational Cyber Resilience. The core of the research involves semantic incident response log aggregation and machine readable knowledge base for improved organisational cyber resilience.

Research Gate: Profile

Google Scholar: Profile

Qualifications

🎓 Education

Doctor of Philosophy (PhD), Computer Science [Cybersecurity Incident Response]
University College Dublin
Present
Master of Science (MSc), Cyber Security and Penetration Testing
Middlesex University
Bachelor of Science (BSc), Information Technology and Business Information Systems
Middlesex University
International Advanced Diploma in Network and Computer Security
Informatics Academy
International Diploma in Information Technology and Communication
Informatics Academy

📜 Professional Certifications

EC-Council Certified Incident Handler (ECIH)
EC-Council Certified Ethical Hacker (CEH)
EC-Council Certified Hacking Forensic Investigator (CHFI)
EC-Council Certified Threat Intelligence Analyst (CTIA)
EC-Council Certified SOC Analyst (CSA)
Certified EC-Council Instructor (CEI)
AlienVault Certified Security Engineer (AVSE)
Securonix Certified SNYPR Security Analyst, Content Developer, Data Integrator and Administrator
Maltego Foundations & Advanced

Publications

Safety Science as a Source of Organisational Cyber Resilience in Incident Response (Journal Paper)
HS Galadima, D Morris, C Doherty, R Brennan
IEEE Access, 2026
Semantic Log Aggregation for a Machine-Readable Knowledge Base of Incident Response Activities (Conference Paper
HS Galadima, C Doherty, R Brennan
IEEE Cyber Research Conference Ireland (Cyber-RCI), 2025
Evaluating Incident Response in CSIRTs using Cube Socio-technical Systems Analysis (Journal Paper)
HS Galadima, C Doherty, N McDonald, J Liang, R Brennan
Computer Standards & Interfaces, 93, 103970, 2025
Towards LLM-based Synthetic Dataset Generation of Cyber Incident Response Process Logs (Conference Paper)
HS Galadima, C Doherty, R Brennan
IEEE Cyber Research Conference Ireland (Cyber-RCI), 2024
Enhancing Organisational Cyber Resilience with a Machine-Readable Knowledge Base of Cyber Incident Response Communications and Response Activities (Poster)
HS Galadima, C Doherty, R Brennan
DFRWS EU, Zaragoza, Spain, 2024
Cyber Deception against DDoS Attack using Moving Target Defence Framework in SDN IoT-EDGE Networks (Conference Paper
H Galadima, A Seeam, V Ramsurrun
3rd International Conference on Next Generation Computing Applications, 2022

Conferences

🎤 Spoken At

Speaker - ISACA Ireland Conference - Dublin,Ireland - 2025
Paper - IEEE Cyber Research Conference Ireland (CRCI) Galway,Ireland - 2025
Poster - Women in Cybersecurity (WiCyS) Conference Dallas,United States - 2025
Paper - IEEE Cyber Research Conference Ireland (CRCI) - Carlow,Ireland - 2024
Poster - Digital Forensics Research Conference Europe (DFRWS EU) Zaragoza, Spain- 2024
Poster - UCD School of Computer Science Research Poster Event - Dublin,Ireland - 2024,2025,2026

📍 Attended

Black Hat USA - Las Vegas,United States - 2025
DEFCON 33 - Las Vegas,United States - 2025
BSides Las Vegas - Las Vegas,United States - 2025
Squadcon - Las Vegas,United States - 2025
Virus Bulletin Conference - Dublin,Ireland - 2025
BSides Dublin - Dublin,Ireland - 2025
EU Cyber Summit - Dublin,Ireland - 2025
National Cyber Security Centre (NCSC) IE Conference - Dublin Ireland - 2024,2025
ADAPT Annual Scientific Conference - Dublin Ireland - 2024,2025

PhD Research: Incident Response

Haula Sani Galadima (haula.galadima@ucdconnect.ie), Cormac Doherty (cormac.doherty@ucd.ie), Rob Brennan (rob.brennan@ucd.ie)
UCD School of Computer Science logo UCD Centre for Cybersecurity and Cybercrime Investigation logo ADAPT Centre logo
Incident Response (IR) Study

The IR Lab is a simulated incident response environment used to conduct a study where participants are trained and given IR tasks to respond to the same simulated incident scenario, following their own preferred workflow and decision-making process.

This study aims to create a dataset of cybersecurity IR activities. The tools automatically record logs of responders activities and our log extraction tool collects the logs and converts them into a dataset.

The dataset is loaded into our "Semantic Log Aggregation Tool and Machine Readable Knowledge Base" prototype to convert it into a machine-readable knowledge base for knowledge extraction and analysis. The structured knowledge graph helps analyse how people respond to different types of incidents. The aim is to better understand the process used during IR and explore ways of improving IR.

Tools used: The Hive Cortex MISP Mattermost

All data collected, used, and published from the study is anonymised.

View IR Study Leaderboard

If you would like the security team at your organisation to participate, kindly contact: haula.galadima@ucdconnect.ie

Semantic Log Aggregation Tool and Machine Readable Knowledge Base Prototype Implementation
This is a prototype for Incident Response log synthesis and knowledge base. This tool extract incident response process logs from diverse Incident Response tools into machine readable knowledge base for automated knowledge management and learning to enhance Incident Response organisational cyber resilience.
View GitHub Repository
Architecture Prototype
Cyber Incident Response Process Ontology (CIRPO)
In this work, we extend existing ontologies to create CIRPO to model the concepts and relationships in cybersecurity incident response processes. It provides a structured representation of Incident Response information covering incidents data, responder actions, and responder communication.

This is the ontology loaded into the "Semantic Log Aggregation Tool and Machine Readable Knowledge Base" Prototype

View CIRPO Documentation View GitHub Repository
CIRPO Ontology Diagram
IR Dataset

We explore a novel approach that leverages LLMs to generate a dataset of realistic, synchronised and interlinked IR process activities, incidents, and IR team member communication logs.

View Github Repository
Cyber Defender: Incident Response Lab

The IR Lab exhibition was part of the CyberWise event for school children, where our stand gave students hands-on access to a cybersecurity incident response tool and guided them through tasks as simulated defenders of an organisation under attack.

An interactive website on the tablet allowed them to enter their findings and check their progress, while the laptop and monitor displayed the live tool environment and posters provided step-by-step instructions.

Visit IR Lab Website

Awards

Best Presentation - IEEE Cyber Research Conference Ireland (CRCI) - 2025
Distinguised Demonstrator - UCD School of Computer Science Session 2024/2025 - 2025
Women in Forensic Computing (WINFC) Scholar - [Linkoping, Sweden]2026
Women in Cybersecurity (WiCyS) Scholar - [Dallas, US]2025 & [Washington, US]2026
Women in Security & Privacy (WISP) Scholar - [Las Vegas, US]2025
Black Hat USA Student Scholar - [Las Vegas, US]2025

Contact

Email: haula.galadima@:ucdconnect.ie , haulasaniee@gmail.com;

GitHub: github.com/haulaah

LinkedIn: linkedin.com/in/haula-galadima-27011815a