I am an Associate Professor at Arizona State University, where I pursue passions of cybersecurity research, real-world impact, and education. My research focuses on automated program analysis and vulnerability detection techniques, but broadens to system security in general. Aside from publishing dozens of research papers in top academic venues, I led Shellphish's participation in the DARPA Cyber Grand Challenge, achieving the creation of a fully autonomous hacking system that won third place in the competition.
Underpinning much of my research is angr, the open-source program analysis framework we created with my collaborators. This framework has powered hundreds of research papers, helped find thousands of security bugs, and continues to be used in research labs and companies around the world.
When I am not doing research, I participate in the enthusiast and educational cybersecurity communities. I am a Captain Emeritus of Shellphish, one of the oldest ethical hacking groups in the world, and a founder of the Order of the Overflow, with whom I ran DEF CON CTF, the "world championship" of cybersecurity competitions, from 2018 through 2021. Now, I help demystify the hacking scene as a co-host of the CTF RadiOOO podcast and forge connections between the government and the hacking community through my participation on CISA's Technical Advisory Council. In order to inspire students to pursue cybersecurity (and, ultimately, compete at DEF CON!), I created pwn.college, an open practice-makes-perfect learning platform that is revolutionizing cybersecurity education for aspiring hackers around the world.
I am always looking for promising graduate students and research interns! If you are interested in awesome security research and CTF, email me.