Computing Texas Hold ’em

August 29, 2012

A computer scientist goes all in for poker.

By Dale Keiger

Avi Rubin looks at his cards. Looks at his chips. Ponders his options. He has made it to the last table of a poker tournament at Delaware Park Casino, near Wilmington, Delaware, but he is perilously close to elimination. Stacked before him now is $8,000 worth of chips—the chips are merely to keep score; he bought into the tournament for only $65—and his eight remaining adversaries have among them $298,500. To win the event he must win all of their chips, too, and he is tired, worn down by the struggle this tournament has been. The game is Texas Hold ’em, the most popular poker variant, and the two cards in Rubin’s hand are the ace and 4 of spades. Not the strongest hand, but he has $13,000 already invested in this pot. He thinks some more. Then he shoves his remaining chips into the center of the table. He is all in. If he wins the hand, he keeps going. If he loses, he goes home.

Rubin does not play poker for a living. He is a 44-year-old professor of computer science in the Whiting School of Engineering, plus technical director of the Johns Hopkins University Information Security Institute, plus director of the Health and Medical Security Lab at the same institution, plus a well-paid computer security consultant. If his name seems familiar, it is probably because in July 2003, he gave a technical paper he had co-written to a New York Times reporter. The paper proved that a Diebold Election Systems touchscreen voting machine that had been adopted by 38 states in time for the 2004 U.S. presidential election was so insecure a clever teenager could hack it and subvert its vote tally. Much to Diebold’s annoyance, Rubin soon was in major newspapers and on CNN explaining why a supposedly tamper-proof voting machine was anything but.

About five years ago, Rubin’s father mentioned that Avi’s younger brother, Yaacov, had been winning money playing poker online. Soon after, Avi suggested to Yaacov that they play sometime. “He kind of laughed at me and started asking a few questions about hands and situations,” Rubin recalls. “He said, ‘You know so little about poker, you don’t realize that you don’t know anything about poker.’” Rubin thought his little brother was just being arrogant, but when Yaacov recommended a poker book called Harrington on Cash Games: Volume I, Rubin read it at a few sittings, highlighting the text, making notes, utterly engrossed. “It was probably the most fascinating experience I’ve ever had, to read that book and understand the science and the math behind poker and to realize that a game I’d considered fun my whole life actually had more depth than I’d ever considered,” he says. After his family and his work, poker became Rubin’s main interest, displacing pocket billiards, his previous obsession. He is a man of strong enthusiasms, serially all in, you might say, and now he bought every poker book he could find and studied them for hours, rereading the best ones. He started seeking out games with better players, learning by losing until he began to win. And he set a goal—to play his way into the World Series of Poker in Las Vegas, the biggest poker tournament in the world, by the time he was 50.

Rubin is so young in appearance, he once had a Las Vegas casino question the validity of his photo ID, and there is something childlike in his enthusiasm for poker. On the day we went to Delaware Park, when I arrived at his house I found him already in his car, sitting impatiently at the end of the driveway. Once we were at the casino, the closer he got to the poker room the faster he walked. I half expected him to break into a trot.

His plan was to play a cash game in the morning, then enter the casino’s noon tournament. In a tournament, the entrants vie for prizes awarded to the top finishers. Prize money in most daily tournaments is modest and the players risk no more than the entrance fee, so tournaments tend to attract more casual participants and poker tourists. But in a cash game, the players vie for each other’s money, and because there is no limit to how much can be won (or lost), cash games attract professionals for whom a casino is the office. Soon after Rubin sat down at one of the cash games in progress at 9:30 a.m., a pro in a black T-shirt quit, holding more than $4,000 in chips. Rubin was happy to see him go. You don’t win that much money at a small-stakes table unless you really know what you’re doing.

Texas Hold ’em is the game you see on cable television poker shows. In Hold ’em, each player tries to make the best five-card hand out of two cards dealt facedown and a set of five communal cards faceup in the center of the table. The cards are dealt in four rounds—first each player’s facedown cards, then three communal cards (called “the flop”), followed by a fourth (“the turn”), and finally a fifth (“the river”)—with betting after each round. Texas Hold ’em rewards a good head for odds and a good memory for what everyone else does in the course of the game. Cautious at first, Rubin spent several hands sizing up the other players. He guessed that at least three were professionals. They had substantial chip stacks and cool, appraising faces, and they were not making mistakes. Still, after about 45 minutes he began winning some pots and seemed to be holding his own. He played well for another 45 minutes, until he tried to bluff with a weaker hand, failed to fold when he should have, and lost $240 to one of the pros. On a break soon after, he said of the player who’d just beaten him, “I should have realized he was strong. But every time I bet, the pros on the other side of the table were raising me and I was folding, and I was getting a little fed up. So they got in my head a little.” He checked his iPhone. Years ago, he had made a substantial investment in Apple stock at a great price. Now he noted that the company was up $5 per share in morning trading. He chuckled. “The good news is I’ve made more on Apple this morning than I’ve lost here.”

Between the cash game and the tournament, Rubin wolfs down a sandwich at the casino’s On a Roll Deli. While he eats, he enters the morning’s results on his phone, using an app that lets him record and chart his earnings and losses. He says that over the long haul he is ahead, this morning’s $240 blunder notwithstanding.

When he began studying poker, Rubin frequently thought in terms of how a computer might model the game. Several disciplines were applicable—game theory, expert systems, machine learning, combinatorics. The latter is a branch of mathematics concerned with finite countable structures. The various combinations of cards in a poker hand are finite countable structures. As he trained himself to be a better player, Rubin would make up combinatorics poker problems, then solve them on a computer. He has considered studying the game by creating decision trees, branching diagrams that plot a chain of if-then options and are routine for a computer scientist. For example, he could start with a single hand, then chart all the variables—his position in a round of betting, the texture of the flop (that is, does it have potential to create strong hands like straights or flushes), whether he is playing against three others or heads-up against a single remaining opponent—to see what might happen. “For any given spot in the decision tree,” he says, “I could come up with a probability distribution of different plays. Then I could write a learning program that I could use as a simulator on the computer and play a thousand times with particular settings, then tweak the settings and run it again to see if I do better, and work backward from it to infer why that was a better play in that situation. The thing is, there are so many variables and so many factors you rarely find yourself in a precise situation that you’ve studied. What you have to do is abstract out the reasoning used to get to that decision, then apply that logic and process to whatever situation you’re in.”

In his regular Monday night games with friends—his wife, Ann, got him to agree to limit poker to one night a week—Rubin plays against lawyers and doctors. “The lawyers tend to be better,” he says. “The math in poker is basic arithmetic, it’s not that hard. But you still have people, like a lot of the doctors that I play with, who’d rather not bother with all the math. They feel that they have enough intuition for the game.” Rubin is pleased to point out that they’re frequently wrong. “The fundamental math is much more important. If you’re a solid mathematical player, in the long run you’re going to kill the intuitive player.

“I think what really helps me is being a computer security guy. In security, we think of everything in terms of adversaries and action-and-response. You’re worried about hackers and always trying to stay one step ahead, trying to predict what they will do if you take this defense measure, and in poker, you always have to stay a few steps ahead. It’s almost exactly the same threat model that you have in network security.”

At noon, the Delaware Park tournament begins with 43 entrants dispersed to four tables. Everyone starts with $7,500 in chips. Lose all of your chips and you are out of the tourney, which goes on until there’s one man standing. (And it will be one man. The only women involved on this day are dealers.) The top five finishers will win cash prizes, with $723 for first. (Prizes at the daily casino tournaments are calculated by a formula and tied to the number of entries.)

Soon it becomes apparent that Rubin’s initial table will be an action table, with people playing a lot of hands instead of cautiously folding. Early on, he gets ace-king, a strong hand that he bets. But he does not get the cards he needs on the flop and loses. Not much later, he’s dealt a pair of jacks. This is also a good hand, so when someone raises him, Rubin raises back. The flop comes up king-7-4. Rubin now has to worry that the one player still in is holding a king. When that player bets, Rubin is forced to fold. No more than 20 minutes into the tournament, he has lost half his chips. He’s not playing badly, but he’s not getting the cards he needs to win.

Some of the casino’s video monitors show data from the tournament: how many players started, how many are still playing, and the average number of chips held by each. Rubin’s chip stack quickly falls below the average and he will spend the day clawing back from the edge of oblivion. At 12:54 p.m., he’s dealt a pair of kings and bets the hand. One of his opponents refuses to fold, and Rubin goes all in. If he loses the hand, he’s out of the tournament in less than an hour. The players turn over their cards and the opponent has only king-jack. Rubin survives.

Read More at Johns Hopkins Magazine


Computing Courses Begin August 1 At New AACC Center

July 24, 2012

Computing Courses Begin Aug. 1 At New AACC Center for Cyber and Professional Training

Take a computer technology class in the new high-tech classrooms at Anne Arundel Community College’s Center for Cyber and Professional Training facility at Arundel Mills.

Classes begin Aug. 1 and end before fall classes begin. A morning and an evening class is available in two introductory computer courses, “Computing and Information Technology” (CSI 112) and “Theories and Applications of Digital Technology” (CSI 113). The morning classes meet Mondays through Thursdays from 9 a.m. to 12:55 p.m. The evening classes are hybrid classes – a mix of online instruction and in-person classes. Those classes meet 5:30-9:25 p.m. Tuesdays and Thursdays.

Either four-credit course meets the college’s computer competency requirement to earn an associate degree. “Computing and Information Technology” teaches skills used in social, personal, business and academic settings, including the Microsoft Office applications and Windows operating system. “Theories and Applications of Digital Technology” is the first computing course for students planning to major in a technology field and also is an excellent choice for students majoring in science, engineering or mathematics. Included are data communications, computer networks, database, operating and information systems, web technologies, software development and security. Check with an academic adviser to see which course is best for your major or academic goals.

The Center for Cyber and Professional Training is at 7556 Teague Road, Hanover, near Arundel Mills. AACC students can register online using New students should call 410-777-2243 or visit and click the Search for Courses bar at right. Select the 2012 summer term, either the CSI 112 or CSI 113 course number and the Teague Road location.

About Anne Arundel Community College

Anne Arundel Community College is an award-winning, fully accredited public two-year institution serving approximately 53,000 students each year through classes offered at more than 100 sites in Anne Arundel County or online. National and regional award-winning studies can lead to a degree, certificate, industry credential, transfer to a four-year institution or career enhancement, personal enrichment and lifelong learning. AACC began celebrating its 50th Anniversary in fall 2011.

Sonatype: Planting Innovative Seeds in the Land of Cybersecurity Defenses

May 18, 2012

By Samantha Lozano, Towson University

For one Maryland company, creating security software is second nature.

Sonatype, a Silver Spring-based company, was selected as a finalist for “Most Innovative Company” at the 2012 RSA Conference in San Francisco.

“We are honored to have been selected….. It’s a reflection of the value that our company is creating for our customers, and the hard work of all our talented employees…,” said Larry Roshfeld, Executive Vice President at Sonatype.

The company was founded by Jason van Zyl in 2008, based on two open-source softwares: the Apache Maven build system and the Central Repository. Apache Maven has a global user community of more than four million. Meanwhile, the Central Repository houses more than 300,000 components and receives over four billion requests annually, making it one of the most widely accessed services on the web.

“Open source components have become the foundation of modern software development because they allow developers to deliver applications more quickly and with higher quality,” said Wayne Jackson, CEO of Sonatype.

During the RSA Conference, Sonatype demonstrated one of its products at the CyberMaryland booth. The company featured Sonatype Insight, a new line of software tools and information services, which allows organizations to build better quality and more secure software applications, cost-efficiently and effectively.

“As more and more software is built by reusing existing components, there is an increasing need for greater visibility into those components,” said Roshfeld.

With seven million people using its technology everyday, Sonatype plans to continue its track of innovation in Maryland and around the world.

The company’s upcoming goals include adding new features to its products, increasing its scope of information feeds, and delivering tighter integration with existing products and processes within development organizations.

“Maryland has always been known as the home of top caliber technology companies, particularly in the security space, and we are pleased to be a part of that community,” said Roshfeld.

Anne Arundel Community College – Hiring

May 15, 2012

Position: Instructional Specialist, CyberSecurity

Anne Arundel Community College


Position Summary: The Instructional Specialist for the CyberCenter is responsible for providing high quality instruction in all credit and non-credit programs associated with Computer Technologies at Anne Arundel Community College.  Instruction may be in a variety of formats, including but not limited to classroom, computer lab, tutorial center, distance, on-line, etc.  In addition to instructional responsibilities, the Instructional Specialist will have a major role in curriculum development, assessment strategies, outcomes measurement, partnerships, publications, research, and mentoring for Cyber Center.  This full time position is a twelve-month professional level position.


Required Qualifications:

  • Bachelor’s degree or higher in Computer Information Systems, Management Information Systems, Computer Science, Information Security, Digital Forensics or related discipline required.


  • Excellent oral, written, and interpersonal communication skills, including the ability to make presentations.


  • Strong human relations skills, including the ability to function effectively and tactfully with diverse populations such as students, administrators, faculty, staff and the public.


  • Ability to work a flexible 40 hour weekly schedule, including evenings and weekends, to accommodate the needs of the department programs required


Preferred Qualifications:


  • Industry experience in cybersecurity, information systems security and/or information assurance, preferred.


  • Experience in teaching computer technologies preferred.


  • Industry technology certifications related to cybersecurity, information assurance and/or computer networking preferred.


  • Experience in assessment, curriculum development, and/or curriculum design preferred.


  • Experience in delivering instruction in non-traditional setting using various delivery modes preferred.


AACC is an Equal Opportunity Employer and does not discriminate against any employee or applicant on the basis of race, color, religion, ethnicity, gender, sexual orientation, age, veteran status or disability. We are committed to the power of diversity and the strength it brings to the workplace.


To apply and for more information, please visit

Mike Locatis Named Assistant Secretary for Cybersecurity and Communications

April 19, 2012

By Mark Weatherford, Deputy Under Secretary for Cybersecurity

DHS today announced the appointment of Michael W. Locatis III as the new Assistant Secretary for Cybersecurity and Communications (CS&C) at the National Protection and Programs Directorate. Mike brings a wealth of experience in information management, cybersecurity and public safety communications at all levels of government. In his new role, Mike will work collaboratively with public, private and international partners to ensure a safe and secure cyberspace with a focus on protecting federal and critical infrastructure networks. Mike and his team will also coordinate and provide support for a resilient communications system for federal, state, local, tribal and territorial governments and critical infrastructure personnel.

Mike comes to DHS from the Department of Energy (DOE), where he served as Chief Information Officer and led the development of the DOE Joint Cybersecurity Coordination Center (JC3), which applies a proactive approach to risk management and improves situational awareness, incident management and cross-agency collaboration. He also brings the unique experience of having served in leadership positions at the federal, state and local levels of government as well as the private sector.

Mike replaces Greg Schaffer as Assistant Secretary for CS&C. Bobbie Stempfley, who has served admirably in the interim as Acting Assistant Secretary, will return to her role as Deputy Assistant Secretary.

Cybersecurity Federal Legislation Expected to Move Following Senate and House Spring Recess

April 4, 2012

U.S. Senate Cybersecurity Legislation

Two major bills are before the Senate.

Senator Joseph I. Lieberman (D-CT), Chairman of the Senate Committee on Homeland Security and Governmental Affairs and Senator Susan Collins (R-ME), Ranking Member of the Senate Committee on Homeland Security and Governmental Affairs are sponsoring S. 2105, A Bill to Enhance the Security and Resiliency of the Cyber and Communications Infrastructure of the United States, also known as the Cybersecurity Act of 2012. This bipartisan cybersecurity legislation, which is favored by the Administration, would give regulatory authority to the Homeland Security Department to write security standards in conjunction with industry.  The bill would also put the Department at the center of efforts to improve the sharing of threat information between businesses and the Federal government.

Senator John McCain (R-AZ), Ranking Member of the Senate Armed Services Committee and Member of the Senate Homeland Security and Governmental Affairs Committee, is sponsoring S. 2151, the Strengthening Enhancing Cybersecurity by Using Research, Education, Information and Technology Act of 2012 or SECURE IT. Senator McCain’s bill, which would set no such standards, is favored by Republicans. The bill would rely on the National Security Agency and the U.S. Cyber Command as the centers for improved information sharing between businesses and the Federal government. S. 2151 also authorizes private entities to employ counter measures on its own networks and allows nonfederal government agencies to voluntarily disclose cyber threat information.

In summary, Senator Lieberman’s bill favors security standards, performance requirements and the protection of the critical infrastructure networks and Senator McCain’s bill supports no such standards and improved information sharing.

Although Senators Lieberman and McCain have made efforts to discuss a compromise between the two bills, no agreement has been reached to date.

U.S. House of Representatives Cybersecurity Legislation

Two major cybersecurity bills are before the House.

Congressman Daniel E. Lungren (R-CA), Chairman of the House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies, has sponsored H.R. 3674, the  “Precise Act of 2011” or the “Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness Act of 2011.” This bill supports developing and conducting risk assessments for Federal systems and critical infrastructure information systems.

Congressman Mike J. Rogers (R-MI), Chair of the House Permanent Select Intelligence Committee and Congressman  C.A. Dutch Ruppersberger (D-MD), Ranking Member of the House Permanent Select Intelligence Committee have sponsored H.R. 3523, the “Cyber Intelligence Sharing and Protection Act of 2011” with 106 co-sponsors. This bill amends the National Security Act of 1947 to add provisions concerning cyber threat intelligence and information sharing. H.R. 3523 also requires the Director of National Intelligence to establish procedures to allow intelligence community elements to share cyber threat intelligence with private-sector entities and encourage the sharing of such intelligence.

In summary, Congressman Lungren’s bill supports developing and conducting risk assessments for the protection of critical infrastructure networks. The bill co-sponsored by Congressmen Rogers and Ruppersberger favors sharing of intelligence.

Looking Forward

Both the Senate and House are expected to consider cyber measures this spring. Capitol Hill anticipates that Senate Republicans will most likely strike out Senator Lieberman’s critical infrastructure language and House leadership may take up Senator McCain’s bill, which again, does not support standards. The House Homeland Security Committee expects to have a “cyber week” this spring, during which much legislative activity could occur. Senator Reid is confident that cyber legislation will be considered in May.

Sally Kenyon Grant
Federal Affairs Coordinator
Maryland Department of Business & Economic Development

New Partnership Brings Fresh Ideas to Cybersecurity

March 21, 2012

By Samantha Lozano, Towson University

As cybersecurity challenges evolve, a new force expands the avenues of cybersecurity research.

Maryland Cybersecurity Center (MC2) and CyberPoint established a collaborative partnership to foster educational opportunities and develop solutions in computer security though extensive research.

The University of Maryland formally launched MC2 in December 2010 and has since led research in the areas of software security, digital forensics, cryptography, and wireless network security. As one of the top public universities in the country, the University of Maryland is one of 13 institutions in the State that are designated by the Department of Homeland Security and the National Security Agency as Centers of Academic Excellence in Information Assurance.

“CyberPoint is one of only a few agile companies that can….perform the cutting edge research to attack the growing problems of tomorrow,” said Michael Hicks, director of MC2. “We look forward to partnering together to forge innovative, game-changing solutions.”

Established in October 2009, Cyberpoint is a Baltimore-based company and recognized as one of the “Best Places to Work in Baltimore 2012” by Baltimore Magazine. The company is a global provider of cyber security products, solutions, and services. Last December, CyberPoint CEO and co-founder Karl Gumtow accompanied Governor Mayor O’Malley on a trade mission to India to strengthen ties between Maryland and India.

MC2 has also formed partnerships with distinguished companies such as Lockheed Martin, Suprtek, LunarLine and Tenable Network Security.

If your company is interested in collaborating with the Maryland Cybersecurity Center, contact Eric Chapman or visit

April 17 | Small Business Contracting Event with Air Force District Washington

March 16, 2012

Air Force District Washington (AFDW) headquartered at Joint Base Andrews (JBA) will be hosting a matchmaking event to provide information on Small Business contracting opportunities on April 17, 2012.  Full information on the event can be found here. Please notice that the deadline to register is March 23, 2012.

Attending businesses will have the opportunity to meet with procurement officers from Air Force District Washington and 11th Contracting Squadron.

If you would like to attend please visit the AFDW website and RSVP to Ms. Cathy Hamilton at The deadline to register is March 23, 2012.

Mock Cyber Attack on New York Used by Obama to Pitch Senate Bill

March 9, 2012

By Eric Engleman and Chris Strohm
March 8, 2012

The Obama administration simulated a cyber attack on New York City’s power supply in a Senate demonstration aimed at winning support for legislation to boost the nation’s computer defenses.

Senators from both parties gathered behind closed doors in the U.S. Capitol yesterday for the classified briefing attended by Homeland Security Secretary Janet Napolitano, FBI Director Robert Mueller and other administration officials.

The mock attack on the city during a summer heat wave was “very compelling,” said Senator Susan Collins, a Maine Republican who is co-sponsoring a cybersecurity bill supported by President Barack Obama. “It illustrated the problem and why legislation is desperately needed,” she said as she left the briefing.

Read More…

KEYW and Sensage Join Forces to Create Mission-Grade Cyber Intelligence Service

March 2, 2012

HANOVER, Md., Feb 27, 2012 (GlobeNewswire via COMTEX) — KEYW and Sensage, two leaders in security intelligence, today announced a strategic technology alliance to deliver “mission-grade” cyber intelligence services to commercial enterprises and government agencies intent on understanding and minimizing cyber risks. At the core of this service are cyber analytics derived from the fusion of operational, security, and behavioral information about the cyber domain.

The KEYW-Sensage alliance will combine the extensive cyber analytics and security operations expertise of KEYW with the advanced event data warehousing and security intelligence solutions offered by Sensage. KEYW’s new Cyber Intelligence Service will offer a platform of tools, capabilities, and offerings developed for the national defense and intelligence community to deliver cyber awareness and operational surety. This service is designed for organizations anxious to leverage advanced cyber analytics to improve the effectiveness and trustworthiness of their cyber domain operations. It incorporates proven elements of cyber analytics assessment, planning, product implementation and operational support.

The Sensage Event Data Warehouse and Security Analytics Library serve as the enabling technologies for the KEYW Cyber Intelligence Service. Sensage has over ten years of proven success collecting, storing and analyzing vast quantities of events produced by complex, distributed IT landscapes in the largest government agencies and enterprises. Purpose-built for the task, Sensage’s patented columnar database makes it possible for security practitioners to access any event in any context, from a real-time correlation alert to a simple compliance report to a statistical filtering and trend analysis algorithm. Because the database is open to any third-party tool via ODBC/JDBC, security auditors, investigators and analysts are able to customize their security analytics within the context of their roles and their interdependent workflows, which in turn accelerates visibility, improves decision making and leads to a better understanding of how to improve security configurations, policies and practices.

Read More…