I am an Associate Professor of Computer Science at Portland State University, currently on sabbatical for the 2020-21 academic year.
While on sabbatical, I am working on launching my new company, Kombucha Digital Privacy Systems. We make end-to-end encrypted apps for regular people to protect their privacy and that of their family and friends online.
From 2008 - 2012, I was Technical Staff at MIT Lincoln Laboratory. I ran technical test and evaluation of various government-sponsored R&D projects, and I helped to advise various offices in the DoD on how cybersecurity could impact their missions.
From 2002 - 2008, I was a PhD student at Johns Hopkins University, working for Prof. Gerry Masson and Prof. Fabian Monrose. My thesis was on using statistical analysis and crude machine learning on encrypted network traffic to infer hidden information, like the language being spoken inside an encrypted voice-over-IP call.
Over the years, I have presented at many of the top conferences in security and privacy, including: USENIX Security (2007), IEEE Security & Privacy (2008), NDSS (2009), RAID (2010), Real World Crypto (2016), Enigma (2018), IEEE EuroS&P (2018), and FOCI (2018).
I sometimes work on systems security projects where encryption and cryptography play an important role, but I am not a formally trained cryptographer. Mostly I’m good at thinking like an adversary and figuring out how systems could be broken. But I also enjoy building things whenever I get the chance.
I spent a lot of time in the 2010’s thinking about trade-offs between security and performance or functionality, etc.
- It’s easy to build something functional and performant but totally insecure.
- It’s a little harder to build something that we know is secure, if you’re willing to make big sacrifices in performance or functionality or both.
- What intrigued me, and what we still don’t understand very well is, what does the middle ground look like? Are there intermediate points in the design space that could be useful? This is usually a very hard question to answer.
I have worked primarily in Python since 2005, and it has been amazing for quickly iterating on crazy new ideas. After all, a lot of CS security research is a lot like rapid prototyping. Plus, with matplotlib, Python is also great for making high quality graphs of experimental data.
Lately, I have been working with Swift on my iPhone app, and I have to say it’s quickly become one of my favorite languages. It seems to have just the right mix of power, expressiveness, and readability for an old fogey C programmer like me.
I am also using Matrix on my new project, and I love it too. Matrix is the future of secure, distributed communcation systems. Most people just don’t know it yet.
“The future is already here – it’s just not evenly distributed.” William Gibson
I grew up in rural west Texas, first in a tiny little town outside of Wichita Falls, then in Amarillo.1
I lived for 10 years on the East Coast, first 6 years in Baltimore, then 4 years in the Cambridge/Somerville/Boston area. I spent 8 years living on the West Coast in beautiful Portland, Oregon.
Now, due to the coronavirus pandemic, we are back in Texas to be closer to family during my sabbatical. It’s good to be home.
I am married, with one child and a large goofy dog.
I am a Christian, currently attending a church in the Anglican tradition.