About

I am a leader in software security engineering with 15+ years experience, operating at an intersection of software engineering and information security. As a Tech Lead and Staff Security Engineer at Block (formerly Square), I developed infrastructure software that makes the business operate more securely and scale with growth. A key example of my work is architecting PKI for service mesh enabling cloud+DC interoperation, which I presented at Black Hat USA. I have also led efforts for implementing infrastructure for secure and scalable backend integrations to support acquisitions (Afterpay, Weebly, and others), integrating AWS Lamba as first class participant in our service mesh, and secrets distribution across a hybrid DC-multicloud environment. Throughout my projects, balancing availability and security to meet business goals is my guiding principle. I see secure infrastructure as something that should never be in the way of developers, it should fade into the background and make the secure thing easy.

I hold a PhD from Northeastern University where I was working at SecLab. My main area of research was web security, I also worked on fuzzing for algorithmic slowdowns and integrating humans with automated program exploitation. My work was published in venues such as USENIX Security, ACM CCS, NDSS, and others. I’ve presented my work on detecting privacy invasions of browser extensions at the FTC, which has been covered by various news outlets, such as Le Figaro and Heise. My work on augmenting Cyber Reasoning Systems with humans was input to the DARPA CHESS program, a 3.5 year project to develop computer-human systems to rapidly discover vulnerabilities in complex software. I worked on the program committee for RAID 2019-2022 and USENIX Security for 2022.

Before my PhD, I was a student at TU Vienna, where I hold a Master’s and Bachelor’s degree. I wrote my Master’s thesis on automated JavaScript rewriting to detect postMessage attacks while visiting UCSB SecLab. I participated multiple times in DEFCON CTF with Shellphish and co-organized Boston Key Party. For my Bachelor’s thesis, I worked on extending ANUBIS, a dynamic analysis system for Windows binaries. While at TU Vienna, I worked part-time as a senior engineer at the Austrian Ministry of Defense focusing on software security problems.

For all papers, talks, and community service I have provided see the publications section.

Fun Facts

• Newsweek and a couple of others quoted a Tweet that I made (archived). This was unexpected.
• A blog post from 2011 ended up in a book on memory forensics and multiple slide sets.
• I once made a joke that was funny enough to be covered in Business Insider. If you're hitting a paywall, it was this Tweet (archived).
• I had the idea for the HaCRS project after reading Enders Game.
• My coffee drinking habits were mentioned (anonymously) in an IBM Research blog post.
• My Erdős number is 4.
• My Bacon number is ∞ - for better or worse, I am nowhere to be found on IMDB.