I’m a researcher studying security threats and other interesting Internet phenomena. Previously, I was a security engineer focused on threat hunting, detection, and incident response. And before that, I was a quantitative analyst on a user research team.

I’m especially interested in the intersection of data science and security, and in the past have worked on projects related to anti-abuse, fraud, and malicious web app traffic detection. I also have strong feelings about pie charts.

I enjoy endurance sports and, while I’m primarily a runner, I’ve dabbled in triathlon up to the 70.3 distance. When I’m not staring at a screen, I’m probably lacing up to head outside and log some miles. I’ve completed multiple half marathons, marathons, self-supported 50Ks, and a few duration-based (6/12h) races.

Selected Talks & Research

The Evolution of ESXiArgs Ransomware, Censys Blog, February 2023.

ESXWhy: A Look at ESXiArgs Ransomware, Censys Blog, February 2023.

Back to Basics: Using Descriptive Statistics to Study the Shape of the Internet, BSides Las Vegas, August 2022.

Profiling User Risk: Borrowing from Business Intelligence to Understand the Security of Your Userbase, BSides Las Vegas, August 2019.

The Ultimate Feedback Loop: Using data and pentesting to build a better security program, Wild West Hackin’ Fest, October 2018.

Selected Media Mentions & Interviews

The MOVEit ransomware reckoning has begun, The Cybersecurity 202, The Washington Post, June 2023.

Energy Department among ‘several’ federal agencies hit by MOVEit breach, Federal News Network, June 2023.

8 GoAnywhere MFT Breaches and Counting, The CyberWire’s Research Saturday Podcast, May 2023.