Root Cause


My technical background involves software engineering in C/C++, vulnerability/exploit research, and exploit mitigation development that spans targets ranging from desktop applications such as web browsers, embedded game consoles, to mobile devices. My professional titles have included director, engineer, consultant, and founder. All technical topics fascinate me, from machine learning to cryptography to memory safety. I have a strong interest in the intersection of cyber security policy, technology, and US national security.

Professional Experience
I am currently a security engineer at a big tech company. I'm also a non-resident research fellow at the Georgetown Center For Security and Emerging Technologies (CSET).

I've been invited to give guest lectures at the US National Security Agency, the US Army, NYU Tandon School of Engineering, and Columbia University. I've published articles in IEEE ‘Security and Privacy’ magazine, and I've sat on the Black Hat content review board since 2012.

Research and Training Slides
Modern Memory Safety in C/C++ - Open Source Training Slides
Effective Memory Safety Mitigations - Qualcomm Mobile Security Summit May 2018
Offense at Scale - BSides NOLA Keynote 2015, Empire Hacking
Google Native Client - Analysis Of A Secure Browser Plugin Sandbox Black Hat USA 2012
Attacking Client Side JIT Compilers Black Hat USA 2011
Ruby For Pentesters Black Hat USA 2009
Reverse Engineering With Leaf (2008 CarolinaCon)
Varioud old research/slides

Old Public Vulnerability Research
Bro IDS Multiple BinPac Out Of Bounds Read CVE-2014-9586
Suricata DCERPC Out Of Bounds Read/Write (2.0.7)
Firefox 3.6/4.0.1 Array.reduceRight Info Leak / Remote Code Execution (mfsa2011-22)
Firefox 3.6.9 Frameset Parsing Heap Overflow (mfsa2010-50)
Internet Explorer 8 HTML Element Memory Corruption (MS10-035)
Internet Explorer 8 Uninitialized Memory Corruption (MS10-035)
Chrome 8, Safari 5 Webkit CSS Font Face Parsing Type Confusion Info Leak (CVE-2010-4577)
Google Native Client Security Contest 2nd Place
Opera 9.5 FTP URI Parsing Heap Overflow (Opera Bug #901)

Council On Foreign Relations with Micah Zenko (link)
BankInfoSecurity with Mathew Schwartz (link)
Risky Business with Patrick Gray (link)