I’m a researcher studying security threats and other interesting Internet phenomena. Previously, I was a security engineer focused on threat hunting, detection, and incident response. And before that, I was a quantitative analyst on a user research team.

I’m especially interested in the intersection of data science and security, and in the past have worked on projects related to anti-abuse, fraud, and malicious web app traffic detection. I also have strong feelings about pie charts.

I enjoy endurance sports and, while I’m primarily a runner, I’ve dabbled in triathlon up to the 70.3 distance. When I’m not staring at a screen, I’m probably lacing up to head outside and log some miles. I’ve completed multiple half marathons, marathons, self-supported 50Ks, and a few duration-based (6/12h) races.

Selected Talks & Research

The Evolution of ESXiArgs Ransomware, Censys Blog, February 2023.

ESXWhy: A Look at ESXiArgs Ransomware, Censys Blog, February 2023.

Back to Basics: Using Descriptive Statistics to Study the Shape of the Internet, BSides Las Vegas, August 2022.

Profiling User Risk: Borrowing from Business Intelligence to Understand the Security of Your Userbase, BSides Las Vegas, August 2019.

The Ultimate Feedback Loop: Using data and pentesting to build a better security program, Wild West Hackin’ Fest, October 2018.

Selected Media Mentions & Interviews

The Biggest Hack of 2023 Keeps Getting Bigger, Wired, October 2023.

The MOVEit ransomware reckoning has begun, The Cybersecurity 202, The Washington Post, June 2023.

Energy Department among ‘several’ federal agencies hit by MOVEit breach, Federal News Network, June 2023.

8 GoAnywhere MFT Breaches and Counting, The CyberWire’s Research Saturday Podcast, May 2023.