Jan 2023 – Present · 3 yrs 3 mos

• Raised $16 million from Mantis VC, Altman Capital, Parameter Ventures, Box Group, Shine Capital, Exponential Founders Capital, Talons Ventures, and Trail of Bits.

Jan 2017 – Jan 2023 · 6 yrs

Sep 2017 – Present · 8 yrs 7 mos

• Current:
• iVerify (mobile security), iverify.io, Aug '23 - Present
• PolySwarm (threat intelligence), polyswarm.io, Nov '17 - Present
• Boston Cybernetics (security training), bostoncybernetics.org, Sep '17 - Present
• Exited:
• Skiff (e2ee document editing), skiff.org, Advised: Apr '21 - Feb '24 (acquired by Notion)
• Kolide (endpoint security), kolide.co, Advised: Feb '18 - Feb '24 (acquired by 1Password)
• NC-Hash (cryptography), @hash_nc, Advised: Jan '20 - May '20 (wound down)

Sep 2017 – Present · 8 yrs 7 mos

• Technology
• AlphaSOC (security analytics), alphasoc.com
• Everykey (password manager), everykey.com
• Fleet Defender (vehicle security), fleetdefender.com
• Fulcra Dynamics (personal analytics), fulcradynamics.com
• Gumroad (e-commerce), gumroad.com
• Meow (business bank), meow.com
• Supplyco (manufacturing), supplyco.ai
• Blockchain
• Asset Reality (asset seizure), assetreality.com
• Bastion Platforms (asset management), bastion.com
• Healthcare
• Journey Clinical (psychedelic therapy), journeyclinical.com
• Rational Vaccines (vaccine development), rationalvaccines.com
• The Lanby (direct primary care), thelanby.com
• Food & beverage
• Citizens, citizens.coffee
• Drink Monday (non-alcoholic spirits), drinkmonday.co
• Rebellyous Foods (plant-based meat), rebellyous.com
• Free Spirits (non-alcoholic spirits), drinkfreespirits.com
• Sustainability
• Bright (solar loans), thinkbright.mx
• Bloom Labs (materials science), bloomlabs.bio

Mar 2012 – Dec 2015 · 3 yrs 9 mos · Greater New York City Area

• I helped kickstart growth in the NYU Tandon cybersecurity program:
• Founded the THREADS security research conference (https://github.com/trailofbits/threads)
• Advised student research projects and matched students with industry contacts
• Represented NYU's cybersecurity program to the media
• Helped the university achieve an NSA certification in Cyber Operations
• Helped organize educational programs and a conference for women in cybersecurity
• Spoke regularly at the NYU Law Seminar, Cyber Security Club, and related events on campus

Sep 2008 – May 2015 · 6 yrs 8 mos · Greater New York City Area

• I taught the capstone course in the cybersecurity program at NYU Tandon for 7 years:
• Prepared 300+ students with the skills to identify, analyze, and exploit software vulnerabilities
• Developed the graduate course material from scratch while still finishing an undergrad degree
• Integrated outside industry experts into the course and helped place students in internships
• Published an early version of the course as the CTF Field Guide (trailofbits.github.io/ctf/)
• Rewrote a companion defensive course and transitioned it to new instructors after 1 year

Jan 2012 – Present · 14 yrs 3 mos · Greater New York City Area

• Since 2012, Trail of Bits has helped secure some of the world’s most targeted organizations and devices. We combine high-end security research with a real-world attacker mentality to reduce risk and fortify code.
• Our clientele - ranging from Facebook to DARPA - lead their industries. Their dedicated security teams come to us for our foundational tools and deep expertise in reverse engineering, cryptography, virtualization, malware behavior and software exploits. We help them assess their products or networks, and determine the modifications necessary for a secure deployment.
• After solving the problem at hand, we continue to refine our work in service to the deeper issues. The knowledge we gain from each engagement and research project further hones our tools and processes, and extends our software engineers' abilities. We believe the most meaningful security gains hide at the intersection of human intellect and computational power.

Jul 2010 – Dec 2011 · 1 yr 5 mos · Greater New York City Area

• I was the first hire in NYC and I helped establish iSEC Partners on the East coast:
• Led client deliveries, research, outreach, recruiting, and new employee training
• Performed in-depth technical testing and code reviews in C++, C#, Java, Python, and PHP
• Led the response to Gnosis at a major web firm and developed training on incident response
• Co-authored one of the industry's earliest trainings on mobile application security
• Organized quarterly meetups with expert speakers on sandboxing, IR, and mobile security
• Published original research on attacker economics and spoke at over a dozen conferences

Feb 2009 – Jun 2010 · 1 yr 4 mos · Greater New York City Area

• I proposed and developed a centralized threat intelligence function within the Federal Reserve System to provide highly-tailored information about observed attacks to clients within the organization. This team used its expert knowledge of attacks in the wild to develop sophisticated, enterprise strategies to mitigate them. Prior to leading the threat intelligence function, I was an incident response analyst and handled over one hundred security incidents.

Nov 2008 – Jan 2011 · 2 yrs 2 mos · Greater New York City Area

• I revitalized chapter meetings with engaging events and high-quality technical content:
• Developed and ran the Capture the Flag contest for OWASP AppSec NYC 2008
• Streamlined the speaker submission process and recruited over a dozen expert speakers
• Designed an original web application security Jeopardy event with prizes for winners
• Evaluated an OWASP-sponsored project at every meeting in an ongoing "OWASP Tool Review" series

Jun 2008 – Aug 2008 · 2 mos · Greater New York City Area

Jun 2007 – Aug 2007 · 2 mos · Fort George G. Meade, Maryland, United States

Sep 2006 – Dec 2006 · 3 mos · Fort George G. Meade, Maryland, United States

Jun 2006 – Aug 2006 · 2 mos · Greater New York City Area