I am a Staff Security Engineer at Block (formerly known as Square) where I develop infrastructure software that makes the business operate more securely. My focus is on providing identity to workloads in the cloud, where I was able to contribute to the SPIRE project.
I have a PhD from Northeastern University where I was working at SecLab. My main area of research was web security, I also worked on fuzzing for algorithmic slowdowns and integrating humans with automated program exploitation. My work was published in venues such as USENIX Security, ACM CCS, NDSS, and others. I’ve presented my work on detecting privacy invasions of browser extensions at the FTC, which has been covered by various news outlets, such as Le Figaro and Heise. My work on augmenting Cyber Reasoning Systems with humans was input to the DARPA CHESS program, a 3.5 year project to develop computer-human systems to rapidly discover vulnerabilities in complex software. I work on the program committee for RAID 2019-2022 and USENIX Security for 2022.
Before Northeastern I was a student at TU Vienna where I hold a Master’s and Bachelor’s degree, I wrote my Master’s thesis on automated JavaScript rewriting to detect postMessage attacks while visiting UCSB SecLab. I participated multiple times in DEFCON CTF with Shellphish and co-organized Boston Key Party. For my Bachelor’s thesis I worked on extending ANUBIS, a dynamic analysis system for Windows binaries. Before all that I worked as senior engineer at the Austrian Ministry of Defence on software security problems, working part-time while at TU Vienna.
For all papers, talks, and community service I have provided see the publications section.