Welcome!

I am a professor for Software Security in the Faculty of Computer Science at Ruhr-University Bochum (RUB).

Update: I am currently recruiting multiple PhD students and postdoctoral researchers to work with me on software and network security at Ruhr University Bochum in Bochum, Germany. For more information, please check out the open positions on the website of my research group. Candidates without a Master’s degree, but with an excellent Bachelor’s degree will be considered for a US-style PhD student position, which combines Master studies (2 years) and doctoral studies (3-4 years), with employment in the research group starting with the Master’s studies.

My research focuses on software and Internet security, including vulnerability discovery and mitigation, as well as how software is being deployed and used, and how it affects security and privacy on the Internet. That is, I work on improving the security and privacy of networked software systems. I also work on identifying and preventing large-scale Internet abuse, discovering and defending against new attacks (such as on network applications or enabled by network and protocol interactions), and developing techniques to conduct security-relevant measurements (like enabling Internet-wide measurements for IPv6; or, investigating how new security features affect the Internet at large). Sometimes, I dabble in related topics, like understanding security misconfigurations, or governance and policy.

I am a strong advocate for open science, especially open access, open code and open data because I believe it is crucial to improve reproducibility of research. The GitHub organization for my research group at RUB is rub-softsec, some of my earlier research is available through the GitHub repositories of the UCSB SecLab and the UChicago NOISE Lab.

When time permits, which is admittedly quite rare, I enjoy participating in Security Capture the Flag competitions with Shellphish. Previously, I won third place with the Shellphish CGC team in the autonomous DARPA Cyber Grand Challenge.

My full academic CV is available here.

For more details, if you have any questions, please send me an email.

My GPG fingerprint is: D875 7632 D7A4 180B E614 C8DE 37FC DD83 88A9 9ED6

Physical Mailing Address