I am co-founder and CEO of DScope Security, a startup that specializes in threat intelligence for public cloud control and data planes. I am also an incoming Assistant Professor in the Department of Computer Science at Virginia Tech.
I am currently completing my Ph.D. in the Computer Sciences department at the University of Wisconsin–Madison, where I am advised by Professor Patrick McDaniel and was the lead graduate student in the McDaniel research group. Before coming to UW–Madison, I co-founded and sold an email marketing technology startup, Sendtric.
My research focuses on measuring and securing modern Internet service deployments, particularly in the context of cloud computing. Public clouds upend service deployment assumptions, leading to new risks. At the same time, attackers have adapted to this new reality by targeting cloud systems. However, through rigorous empirical study of these deployment models we can not only improve their security, but also provide practical insights towards securing the software supply chain. I have applied this same security measurement approach to other domains, such as software security (e.g., fuzzing), machine learning security, and Internet of Things.
Outside of work, I enjoy finding new ways to challenge myself. I am an instrument-rated private pilot and spend much of my free time flying/maintaining my aircraft, a Piper Arrow. I also enjoy ☕️ coffee, 🥾 backpacking, 🧗 rock climbing, 🦆 bird watching, 📷 photography, and combinations thereof.
Email (DScope): | [email protected] |
Email (VT): | [email protected] |
Email (Personal): | [email protected] |
It’s no secret that leaving credentials in source code is risky, especially when tools like GitHub make it easy to share code publicly with a single command. The major players have long had tooling to help prevent this like GitHub Secret Scanning, and GitHub also makes it possible (at least in theory) for third-party providers to join the program. Unfortunately, out of the countless platforms that use secrets for authentication, only 100 or so have partnered with GitHub’s program.