About
I’m a researcher studying security threats and other interesting Internet phenomena. Previously, I was a security engineer focused on threat hunting, detection, and incident response. And before that, I was a quantitative analyst on a user research team.
I’m especially interested in the intersection of data science and security, and in the past have worked on projects related to anti-abuse, fraud, and malicious web app traffic detection. I also have strong feelings about pie charts.
I enjoy endurance sports and, while I’m primarily a runner, I’ve dabbled in triathlon up to the 70.3 distance. When I’m not staring at a screen, I’m probably lacing up to head outside and log some miles. I’ve completed multiple half marathons, marathons, self-supported 50Ks, and a few duration-based (6/12h) races.
Selected Talks & Research
The Evolution of ESXiArgs Ransomware, Censys Blog, February 2023.
ESXWhy: A Look at ESXiArgs Ransomware, Censys Blog, February 2023.
Back to Basics: Using Descriptive Statistics to Study the Shape of the Internet, BSides Las Vegas, August 2022.
Profiling User Risk: Borrowing from Business Intelligence to Understand the Security of Your Userbase, BSides Las Vegas, August 2019.
The Ultimate Feedback Loop: Using data and pentesting to build a better security program, Wild West Hackin’ Fest, October 2018.
Selected Media Mentions & Interviews
The MOVEit ransomware reckoning has begun, The Cybersecurity 202, The Washington Post, June 2023.
Energy Department among ‘several’ federal agencies hit by MOVEit breach, Federal News Network, June 2023.
8 GoAnywhere MFT Breaches and Counting, The CyberWire’s Research Saturday Podcast, May 2023.