 
    Overview
Background
Professor Ryan Ko is Chair Professor of Cyber Security, Centre Director of UQ Cyber Research Centre, Director of Research at the School of Electrical Engineering and Computer Science, and an elected member of the Academic Board at the University of Queensland, Australia. He holds a Bachelor of Engineering (Computer Engineering)(Hons.) (2005), and PhD (2011) from Nanyang Technological University (NTU), Singapore.
Ko has held senior scientific leadership, executive, and directorship roles across industry and academia, and has more than 15 years of board, governance and advisory experience across government, industry and NGOs across Australia, New Zealand, Singapore, and USA.
He currently serves on the Audit and Risk Committee for the board of the global not-for-profit ORCID, and has served on boards and advisory groups for AustCyber, Queensland Government, Meat and Livestock Australia (MLA), and the NZX-listed (NZE:LIC) Livestock Improvement Cooperation (LIC).
He has also served as expert advisor to INTERPOL, the government of Tonga, NZDF, NZ Minister for Communications' Cyber Security Skills Taskforce, and is a Technical Advisor (one of four nationally-appointed) for judges relating to the Harmful Digital Communications Act 2015, Ministry of Justice. He has also served as independent technical expert for Australian law firms in court cases, litigations and class actions.
He is a registered external expert for the Tertiary Education Quality and Standards Agency (TEQSA), and a member of the Australian Computer Society (ACS) Accreditation Committee. He has experience reviewing course proposals and served in governance roles for higher education institutes.
He is Adjunct Professor at the Singapore Institute of Technology, and Affiliate Faculty Member at NIATEC at the Idaho State University, USA.
He has been a co-founder of 4 start-ups, including First Watch Ltd (NZ) – an industrial cybersecurity spin-off based on his patented OT security and provenance research at the University of Waikato.
Since joining UQ in 2019, he has served as:
- Deputy Head of School (External Engagement) (2021-2022)
- Founding Discipline Leader of the Cyber Security and Software Engineering discipline (2020-2021)
- Group Leader - Cyber Security (2019)
Ko has successfully established several university-wide, multi-disciplinary academic research and education programmes, including establishing and leading:
- UQ Cyber Research Centre - interdisciplinary cyber scurity research centre involving 60+ academics and their respective teams from the 6 Schools (EECS, Business, Economics, Law, Social Science, Mathematics & Physics), the Centre for Policy Futures, and 4 Faculties since 2019.
- UQ's interdisciplinary postgraduate programme (MCyber, PGDipCyber, GCertCyber) involving four UQ faculties in 2019,
- NZ's first cyber security graduate research programme and lab (Cybersecurity Researchers of Waikato (CROW)) in 2012,
- NZ's first Master of Cyber Security (encompassing technical and law courses), the NZ Cyber Security Challenge since 2014, and
- NZ Institute for Security and Crime Science – Te Puna Haumaru as its founding director, the Evidence Based Policing Centre (at Wellington with NZ Police and ESR), and Master of Security and Crime Science in 2017 with the University of Waikato, NZ.
Over his academic career, Ko has been awarded A$20+million in competitive grants as lead Chief Investigator, and ~A$40+million as co-investigator. Prior to UQ, he was the highest funded computer scientist in New Zealand, as Principal Investigator and Science Leader of the largest MBIE-awarded cloud security research funding for STRATUS (NZ$12.2 million; 2014-2018). STRATUS' research was awarded 'Gold' by MBIE (i.e. top performing project, 2017), adopted by INTERPOL and featured in NZ's Department of Prime Minister and Cabinet's NZ Cyber Security Strategy 2016 annual report.
Ko has a track record developing international and national cyber security curricula, including:
- Co-creation of the gold-standard (ISC)2 Certified Cloud Security Professional (CCSP) curriculum (2014-2015)
- Authoring the draft of the NZQA's Level 6 Cybersecurity Diploma qualification as part of the NZ Cyber Security Skills Taskforce on behalf of the Department of Prime Minister and Cabinet.
Ko has also experience developing competitions and coaching competitive cyber security teams, including:
- Co-founding the NZ Cyber Security Challenge in 2014, and leading the NZCSC from 2014 to 2018. NZCSC is now the premier national cyber security competition in NZ.
- Co-founding the Oceania Cybersecurity Challenge (OCC) in 2020, and leading the competition from 2022 to present. OCC is now the regional qualifiers for the International Cybersecurity Challenge
- Co-founding the International Cybersecurity Challenge (ICC) as part of the Steering Committee in 2022. ICC has been held in Athens (2022) and San Diego (2023). It is aiming to be the world cup of cyber competitions.
- Head Coach of Team Oceania for the ICC. 2022 Results: Overall 4th; 2023 Results: Overall 2nd in the world.
He contributed to the establishment of the Government of Tonga CERT and CERT NZ, and has been a keynote speaker regularly on cyber and cloud security research across the globe, including the OECD, Republic of Korea National Assembly (2018), INTERPOL (2017), TEDx Ruakura (2017), and the NZ Members of Parliament (2016).
Within the ISO/IEC JTC 1/SC 27, Prof Ko was Head of Delegation for the Singapore national body, served as Editor, ISO/IEC 21878 “Security guidelines for design and implementation of virtualized servers”, and hosted the ISO/IEC JTC 1/SC 27 meetings at Hamilton, NZ, in 2017. He is currently one of the editors of the ISO/IEC PWI 5181 Data Provenance Reference Model. In 2022, Ko co-chaired the development of the Singapore standard TR 106:2022 Tiered cybersecurity standards for enterprises in collaboration with the SPSTC and Singapore Cyber Security Agency.
Ko serves as an assessor for the Australian Research Council (ARC), Irish Research Council, Nederlandse Organisatie voor Wetenschappelijk Onderzoek (NWO), Natural Sciences and Engineering Research Council of Canada (NSERC), and NZ MBIE College of Assessors (since 2015).
Ko has externally examined 11 PhD and 3 Masters theses for universities in Australia, New Zealand, Canada, Hong Kong and Singapore.
For his contributions to the field, he was elected Fellow of the Australian Computer Society, Fellow of the Queensland Academy of Arts and Sciences, and Fellow of Cloud Security Alliance (CSA) (2016). He was awarded the Singapore Government (Enterprise Singapore)’s Young Professional Award (2018) for his leadership at ISO, and awarded the inaugural CSA Ron Knode Service Award 2012 for the establishment of Cloud Data Governance and Cloud Vulnerabilities Research Working Groups. He is also recipient of the 2015 (ISC)2 Information Security Leadership Award.
For his research and teaching excellence, he was awarded the University of Queensland Awards for Excellence - Leadership (Commendation) (2023), EAIT Nominations for Most Effective Teacher (both semesters of 2020, 2021, 2022, 2023), University of Waikato's Early Career Excellence Award (2014), Faculty Teaching Excellence Awards (2014, 2015, 2018), and the Nola Campbell eLearning Excellence Award (2014). During his PhD, he was also awarded A*STAR SIMTech's Best Student Award (2009), and clinched the 1st Prize of the IEEE Services Cup 2009 at IEEE ICWS (CORE A*) in Los Angeles, CA.
Earlier in his career, Ko was a systems engineer, and subsequently founded two start-ups (one was a social enterprise which became an events/conventions management contractor with IMG at mega-events in Singapore, including the inaugural Youth Olympics in 2010).
He is an active science communicator and is regularly interviewed and featured by Australian (ABC News, SBS News, 7 News, 9 News, Courier Mail, Network 10, AFR), Singaporean (Channel NewsAsia, CNA Radio938), NZ (NZ Herald, Dominion Post, Stuff.co.nz, Waikato Times, TVNZ, Central TV) and international media on topics of cyber security, cybercrime and data privacy.
Availability
- Professor Ryan Ko is:
- Available for supervision
- Media expert
Fields of research
Qualifications
- Bachelor (Honours) of Computer Engineering, Nanyang Technological University
- Doctor of Philosophy, Nanyang Technological University
- Certificate of Management, Harvard University
- Fellow, Australian Computer Society, Australian Computer Society
- Fellow, Cloud Security Alliance, Cloud Security Alliance
- Fellow, Queensland Academy of Arts and Sciences, Queensland Academy of Arts and Sciences
Research interests
- 
Provenance and TraceabilityApplications into tracking Cybercrime Payments (e.g. cryptocurrency transactions), and data across AgTech, IoT, Edge, Cloud Computing and OT environments. 
- 
Trusted Computing ApplicationsApplications into agriculture, regulatory, auditing and media. 
- 
Data Privacy and Privacy Enhancing TechnologiesEnabling secure and private multi-party computation. 
- 
AI Planning/ Automated PlanningAdapting classical AI planning approaches into cyber security. 
- 
Automating Cyber Security for Critical InfrastructureDesigning cyber autonomy to empower all end-users. 
- 
Applying Situation Crime Prevention to Cybercrime PreventionApplying SCP techniques into processes and controls to prevent cybercrime. 
- 
Board and Organisational Structures for Cyber ResilienceUnderstanding how factors and pressures (e.g. board composition and organisational structures, external pressures) affect an organisation's cyber resilience. 
- 
Creating Measurable Indicators of Cyber ResilienceDeveloping a framework to quantify factors allowing senior executives to understand and make decisions about cyber resilience. 
- 
Operational Technology (OT) SecurityFocusing on Industrial Control Systems (ICS) and related protocols. 
Research impacts
Ko's research in cyber security focuses on returning control of data to users. His research reduces users' reliance on trusting third-parties and focusses on (1) provenance logging and reconstruction, traceability and (2) privacy-preserving data processing. His research is adopted internationally (e.g. CERN, INTERPOL, and HP clients such as Apple, Nasa, US Treasury/IRS). His papers have received conference Best Paper Awards (2011, 2015, 2017), and resulted in several technology transfers (e.g. HP), open source contributions (e.g. Kali Linux THC) and spin-offs (e.g. First Watch). He has published in top venues including WWW (The Web), IEEE S&P, NeurIPS, ACM Computing Surveys, IACR CHES, PETS, DCC, ESORICS, IEEE Comms Surveys and Tutorials, IEEE TrustCom, IEEE ICWS, IEEE TDSC, IEEE TSC, Computers & Security, IEEE Trans on Smart Grid, and more than 170 publications including books, refereed conference papers, journal papers, book chapters, encyclopaedia entries, technical reports and international patents (PCT).
Recently, he is researching information integrity and cyber autonomy in critical infrastructure sectors such as energy, manufacturing, regulatory and agriculture sectors. He has served in technical programme committees for more than 30 IEEE conferences/workshops, associate editor for 6 journals, and as series editor for Elsevier's security books.
Works
Search Professor Ryan Ko’s works on UQ eSpace
2025
Journal Article
VIMA: A Privacy-Preserving Integrity Measurement Architecture for Containerized Environments
Jarkas, Omar, Ko, Ryan K L, Dong, Naipeng and Mahmud, Redowan (2025). VIMA: A Privacy-Preserving Integrity Measurement Architecture for Containerized Environments. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2025 (4), 1053-1076. doi: 10.46586/tches.v2025.i4.1053-1076
2025
Journal Article
Adapting to the stream: an instance-attention GNN method for irregular multivariate time series data
Han, Kun, Koay, Abigail M. Y., Ko, Ryan K. L., Chen, Weitong and Xu, Miao (2025). Adapting to the stream: an instance-attention GNN method for irregular multivariate time series data. Frontiers of Computer Science, 19 (8) 198340. doi: 10.1007/s11704-024-40449-z
2025
Other Outputs
Older Australians’ experiences navigating digital identity security
Bingley, William, Bialkowski, Alina, Gillespie, Nicole, Haslam, Alex, Ko, Ryan, Liddle, Jacki, Worthy, Peter and Wiles, Janet (2025). Older Australians’ experiences navigating digital identity security. St Lucia, QLD, Australia: The University of Queensland. doi: 10.14264/1c5a3bb
2025
Journal Article
A container security survey: exploits, attacks, and defenses
Jarkas, Omar, Ko, Ryan, Dong, Naipeng and Mahmud, Redowan (2025). A container security survey: exploits, attacks, and defenses. ACM Computing Surveys, 57 (7) 170, 1-36. doi: 10.1145/3715001
2025
Journal Article
Contrasting the optimal resource allocation to cybersecurity controls and cyber insurance using prospect theory versus expected utility theory
Joshi, Chaitanya, Slapničar, Sergeja, Yang, Jinming and Ko, Ryan (2025). Contrasting the optimal resource allocation to cybersecurity controls and cyber insurance using prospect theory versus expected utility theory. Computers and Security, 154 104450, 1-14. doi: 10.1016/j.cose.2025.104450
2025
Conference Publication
Intelligent data refinement and analysis of real-world cyber attacks on SCADA systems
Zhang, Wenlu, Dong, Naipeng, Choi, Taejun, Bai, Guangdong and Ko, Ryan K. L. (2025). Intelligent data refinement and analysis of real-world cyber attacks on SCADA systems. E-Energy '25: The 16th ACM International Conference on Future and Sustainable Energy Systems, Rotterdam, Netherlands, 17-20 June 2025. New York, NY USA: Association for Computing Machinery. doi: 10.1145/3679240.3734654
2025
Conference Publication
Practical poisoning attacks with limited Byzantine clients in clustered federated learning
Vo, Viet, Ma, Mengyao, Bai, Guangdong, Ko, Ryan and Neplal, Surya (2025). Practical poisoning attacks with limited Byzantine clients in clustered federated learning. 2025 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, United States, 12-15 May 2025. Piscataway, NJ, United States: Institute of Electrical and Electronics Engineers. doi: 10.1109/sp61157.2025.00163
2025
Conference Publication
Auditing the auditor: heuristics for testing password auditing system security
Choi, Taejun, van Niekerk, Daniel, Opaschi, Octav, Enache, Costin and Ko, Ryan K. L. (2025). Auditing the auditor: heuristics for testing password auditing system security. 4th International Conference on Ubiquitous Security (UbiSec 2024), Changsha, China, 29-31 December 2024. Singapore: Springer Nature Singapore. doi: 10.1007/978-981-96-4836-8_7
2024
Conference Publication
Mining irregular time series data with noisy labels: A risk estimation approach
Han, Kun, Koay, Abigail, Ko, Ryan K. L., Chen, Weitong and Xu, Miao (2024). Mining irregular time series data with noisy labels: A risk estimation approach. 35th Australasian Database Conference, ADC 2024, Gold Coast, QLD Australia, 16–18 December 2024. Singapore: Springer. doi: 10.1007/978-981-96-1242-0_22
2024
Journal Article
Using Situational Crime Prevention (SCP)-C3 cycle and common inventory of cybersecurity controls from ISO/IEC 27002:2022 to prevent cybercrimes
Ho, Heemeng, Ko, Ryan, Mazerolle, Lorraine, Gilmour, John and Miao, Cheng (2024). Using Situational Crime Prevention (SCP)-C3 cycle and common inventory of cybersecurity controls from ISO/IEC 27002:2022 to prevent cybercrimes. Journal of Cybersecurity, 10 (1) tyae020, 1-33. doi: 10.1093/cybsec/tyae020
2024
Other Outputs
The Australia-Korea cyber cooperation in the context of the Australian Cyber Security Strategy 2023-2030
Ko, Ryan (2024). The Australia-Korea cyber cooperation in the context of the Australian Cyber Security Strategy 2023-2030. Seoul, Republic of Korea: Korea on Point.
2024
Conference Publication
Privacy-preserving and fairness-aware federated learning for critical infrastructure protection and resilience
Zhang, Yanjun, Sun, Ruoxi, Shen, Liyue, Bai, Guangdong, Xue, Minhui, Meng, Mark Huasong, Li, Xue, Ko, Ryan and Nepal, Surya (2024). Privacy-preserving and fairness-aware federated learning for critical infrastructure protection and resilience. WWW '24: ACM Web Conference 2024, Singapore, Singapore, 13-17 May 2024. New York, NY, United States: ACM. doi: 10.1145/3589334.3645545
2024
Journal Article
Utilizing cyberplace managers to prevent and control cybercrimes: a vignette experimental study
Ho, Heemeng, Gilmour, John, Mazerolle, Lorraine and Ko, Ryan (2024). Utilizing cyberplace managers to prevent and control cybercrimes: a vignette experimental study. Security Journal, 37 (1), 129-152. doi: 10.1057/s41284-023-00371-8
2024
Other Outputs
PRISMA Results for Using Situational Crime Prevention (SCP)-C3 Cycle and Common Inventory of Cybersecurity Controls from ISO/IEC 27002:2022 to Prevent Cybercrimes
Ho, Hee Meng, Ko, Ryan, Mazerolle, Lorraine and Miao, Cheng (2024). PRISMA Results for Using Situational Crime Prevention (SCP)-C3 Cycle and Common Inventory of Cybersecurity Controls from ISO/IEC 27002:2022 to Prevent Cybercrimes. The University of Queensland. (Dataset) doi: 10.48610/71aa67b
2024
Book Chapter
AI for designing responsible and resilient food systems
Ko, Ryan, Gain, Alexandria, Bongiovanni, Ivano, Browne, Will, Jarkas, Omar, Uhlmann, Kora and Viller, Stephen (2024). AI for designing responsible and resilient food systems. Food AI: A game changer for Australia’s food and beverage sector. (pp. 69-78) edited by Janet R. McColl-Kennedy and Damian Hine. Brisbane, QLD, Australia: The University of Queensland, Australia's Food and Beverage Accelerator (FaBA). doi: 10.14264/f5f35d0
2024
Conference Publication
Scp-bp framework: situational crime prevention for managing data breaches in business processes
Miao, Cheng, Ho, Heemeng, Tsen, Elinor, Gilmour, John and Ko, Ryan K. L. (2024). Scp-bp framework: situational crime prevention for managing data breaches in business processes. Business Process Management 22nd International Conference, BPM 2024, Krakow, Poland, 1-6 September 2024. Cham, Switzerland: Springer Nature Switzerland. doi: 10.1007/978-3-031-70396-6_26
2023
Journal Article
Evasion attack and defense on machine learning models in cyber-physical systems: a survey
Wang, Shunyao, Ko, Ryan K. L., Bai, Guangdong, Dong, Naipeng, Choi, Taejun and Zhang, Yanjun (2023). Evasion attack and defense on machine learning models in cyber-physical systems: a survey. IEEE Communications Surveys and Tutorials, 26 (2), 930-966. doi: 10.1109/comst.2023.3344808
2023
Journal Article
ResNet and Yolov5-enabled non-invasive meat identification for high-accuracy box label verification
Jarkas, Omar, Hall, Josh, Smith, Stuart, Mahmud, Redowan, Khojasteh, Parham, Scarsbrook, Joshua and Ko, Ryan K.L. (2023). ResNet and Yolov5-enabled non-invasive meat identification for high-accuracy box label verification. Engineering Applications of Artificial Intelligence, 125 106679, 106679. doi: 10.1016/j.engappai.2023.106679
2023
Journal Article
Enlarging the model of the human at the heart of human-centered AI: a social self-determination model of AI system impact
Bingley, William J., Haslam, S. Alexander, Steffens, Niklas K., Gillespie, Nicole, Worthy, Peter, Curtis, Caitlin, Lockey, Steven, Bialkowski, Alina, Ko, Ryan K.L. and Wiles, Janet (2023). Enlarging the model of the human at the heart of human-centered AI: a social self-determination model of AI system impact. New Ideas in Psychology, 70 101025, 1-12. doi: 10.1016/j.newideapsych.2023.101025
2023
Conference Publication
A framework for user-centric visualisation of blockchain transactions in critical infrastructure
Jeyakumar, Samantha Tharani, Ko, Ryan and Muthukkumarasamy, Vallipuram (2023). A framework for user-centric visualisation of blockchain transactions in critical infrastructure. BSCI '23: Proceedings of the 5th ACM International Symposium on Blockchain and Secure Critical Infrastructure, Melbourne, VIC, Australia, 10 - 14 July 2023. New York, NY, United States: Association for Computing Machinery. doi: 10.1145/3594556.3594624
Funding
Current funding
Past funding
Supervision
Availability
- Professor Ryan Ko is:
- Available for supervision
Before you email them, read our advice on how to contact a supervisor.
Supervision history
Current supervision
-               
Doctor Philosophy Efficient Methods for Automating Reconstruction of Provenance and Cryptocurrency Networks for Crime AttributionPrincipal Advisor Other advisors: Dr Miao Xu 
-               
Doctor Philosophy Evaluating and Improving Type Inference Models for Web Application Reverse EngineeringPrincipal Advisor Other advisors: Associate Professor Mark Utting, Professor Michael Bruenig 
-               
Doctor Philosophy Measuring and Enhancing Honeypot Interactivity to Derive Attack Strategy Insights for Industry Control Systems SecurityPrincipal Advisor Other advisors: Dr Naipeng Dong 
-               
Doctor Philosophy Applying Situational Crime Prevention to Business Processes to Prevent CybercrimePrincipal Advisor Other advisors: Dr John Gilmour, Dr Elinor Tsen 
-               
Doctor Philosophy A Provenance System Architecture for Distributed File SystemsPrincipal Advisor 
-               
Doctor Philosophy Adaptive, secure and resilient programmable logic controllers (PLCs) and data transfer protocolsPrincipal Advisor Other advisors: Professor Tapan Saha 
-               
Doctor Philosophy Virtualized Root of Trust in Cloud ComputingPrincipal Advisor Other advisors: Dr Naipeng Dong 
-               
Doctor Philosophy AI planner for autonomous cyber defence for operational technologies (OT)Principal Advisor Other advisors: Dr Priyanka Singh 
-               
Doctor Philosophy Advancing cyberworthiness via integration of AI and Model-Based Systems Engineering (MBSE)Associate Advisor Other advisors: Dr Priyanka Singh 
-               
Doctor Philosophy The nexus between data breaches, cyber safety and employee productivity in the hybrid work contextAssociate Advisor Other advisors: Associate Professor Remi Ayoko 
-               
-               
Doctor Philosophy Justice for sexual assault and rape: Digital media and Australian legal reformsAssociate Advisor Other advisors: Associate Professor Allison Fish, Dr Jonah Rimer 
Completed supervision
-               
2025 Doctor Philosophy Evaluating and Enhancing the Resilience of Regression-Based Anomaly Detectors Against Gradient-Free Evasion Attacks in Industrial Control SystemsPrincipal Advisor Other advisors: Dr Naipeng Dong 
-               
2024 Doctor Philosophy Using Situational Crime Prevention (SCP) to Prevent CybercrimesPrincipal Advisor Other advisors: Professor Lorraine Mazerolle, Dr John Gilmour 
-               
2025 Doctor Philosophy A corpus-based analysis of conspiracy theory discourse on Reddit: Understanding conspiracy-fuelled anomie and moral panics during COVID-19Associate Advisor Other advisors: Dr Martin Schweinberger 
-               
2023 Doctor Philosophy Security and Performance Evaluation of Software Defined Networking adopting Moving Target DefensesAssociate Advisor Other advisors: Associate Professor Dan Kim 
-               
2023 Doctor Philosophy Investigating the components of a contextual cyber resilience for organisationsAssociate Advisor Other advisors: Associate Professor Sergeja Slapnicar 
-               
2021 Doctor Philosophy Privacy-preserving Sharing for Genome-wide AnalysisAssociate Advisor Other advisors: Dr Caitlin Curtis, Professor Xue Li 
Media
Enquiries
Contact Professor Ryan Ko directly for media enquiries about:
- AI for Cyber Security
- Cloud Computing Security
- Critical infrastructure security
- Cyber Attack Attribution
- Cyber Crime
- Cyber Security
- Cybersecurity
- Data Accountability
- Data Control
- Data Privacy
- Data Provenance
- Data Tracking
- ICS Security
- Industrial control systems security
- Information Security
- Privacy enhancing technologies
Need help?
For help with finding experts, story ideas and media enquiries, contact our Media team: