He is a Senior Security Engineer at Square where he develops infrastructure software that makes the business operate more securely. His focus is on providing identity to workloads in the cloud, where he was able to contribute to the SPIRE project.
He holds a PhD from Northeastern University where he was working at SecLab. His main area of research was web security, he also worked on fuzzing for algorithmic slowdowns and integrating humans with automated program exploitation. His work was published in venues such as USENIX Security, ACM CCS, NDSS, and others. he has presented his work on detecting privacy invasions of browser extensions at the FTC, which has been covered by various news outlets, such as Le Figaro and Heise. His work on augmenting Cyber Reasoning Systems with humans was input to the DARPA CHESS program, a 3.5 year project to develop computer-human systems to rapidly discover vulnerabilities in complex software. He works on the program committee for RAID in 2019 and 2020.
Before Northeastern he was a student at TU Vienna where he holds a Master’s and Bachelor’s degree, he wrote his Master’s thesis on automated JavaScript rewriting to detect postMessage attacks while visiting UCSB SecLab. He participated multiple times in DEFCON CTF with Shellphish and co-organized Boston Key Party. For his Bachelor’s thesis he worked on extending ANUBIS, a dynamic analysis system for Windows binaries. Before all that he worked as senior engineer at the Austrian Ministry of Defence on software security problems, working part-time while at TU Vienna.