I’m a researcher studying security threats and other interesting Internet phenomena. Previously, I was a security engineer focused on threat hunting, detection, and incident response. And before that, I was a quantitative analyst on a user research team.

I’m especially interested in the intersection of data science and security, and in the past have worked on projects related to anti-abuse, fraud, and malicious web app traffic detection. I also have strong feelings about pie charts.

I enjoy endurance sports and, while I’m primarily a runner, I’ve dabbled in triathlon up to the 70.3 distance. When I’m not staring at a screen, I’m probably lacing up to head outside and log some miles. I’ve completed multiple half marathons, marathons, self-supported 50Ks, and a few duration-based (6/12h) races.

Selected Talks & Research

Defensive Counting: How to quantify ICS exposure on the Internet when the data is out to get you, BSides Las Vegas, August 2024.

The Evolution of ESXiArgs Ransomware, Censys Blog, February 2023.

Back to Basics: Using Descriptive Statistics to Study the Shape of the Internet, BSides Las Vegas, August 2022.

Profiling User Risk: Borrowing from Business Intelligence to Understand the Security of Your Userbase, BSides Las Vegas, August 2019.

Selected Media Mentions & Interviews

Cyber Researchers Push Water, Oil Utilities to Fix Weak Spots, Bloomberg, August 2024.

The Biggest Hack of 2023 Keeps Getting Bigger, Wired, October 2023.

The MOVEit ransomware reckoning has begun, The Cybersecurity 202, The Washington Post, June 2023.

8 GoAnywhere MFT Breaches and Counting, The CyberWire’s Research Saturday Podcast, May 2023.