I am a full professor for Software Security in the Faculty of Computer Science at Ruhr University Bochum (RUB) in Bochum, Germany.

I work on improving the security, resilience, and privacy of software-based systems, with an emphasis on real-world networked and distributed software systems. Broadly speaking, this encompasses vulnerability discovery and mitigation, program and protocol analysis, understanding how networked software is being deployed and used, and how this affects security and privacy of systems and their users. Sometimes, I dabble in related topics, like governance and policy.

For example, in prior work, I developed novel techniques and methods to identify and mitigate different types of Internet security threats, like detecting malicious software and compromised websites, to discover and defend against previously unknown attacks on networked systems, such as attacks enabled by new deployment models and through network and protocol interactions, as well as to conduct security-relevant measurements, like enabling large-scale IPv6-wide scanning and understanding the true impact of DNS-over-HTTPS.

I am an advocate for open science and open code/data because I think it is crucial for the reproducibility of research. The GitHub organization for my research group at RUB is rub-softsec. Some of my earlier research is available through the repositories of the UCSB SecLab and the UChicago NOISE Lab, where I spent some time in my academic career.

When time permits, which is now admittedly very rare, I participate in Security Capture the Flag competitions with Shellphish. Previously, I won third place with the Shellphish CGC team in the autonomous DARPA Cyber Grand Challenge.

My full academic CV is available here.

For more details or if you have any questions, please send me an email.

My GPG fingerprint is: D875 7632 D7A4 180B E614 C8DE 37FC DD83 88A9 9ED6

