Stages:
Sectors:
Locations:
Min Investment:
Max Investment:
Target Investment:
(1998 - 2001)
2012
2012
Since 2012, Trail of Bits has helped secure some of the world’s most targeted organizations and devices. We combine high-end security research with a real-world attacker mentality to reduce risk and fortify code. Our clientele - ranging from Facebook to DARPA - lead their industries. Their dedicated security teams come to us for our foundational tools and deep expertise in reverse engineering, cryptography, virtualization, malware behavior and software exploits. We help them assess their products or networks, and determine the modifications necessary for a secure deployment. After solving the problem at hand, we continue to refine our work in service to the deeper issues. The knowledge we gain from each engagement and research project further hones our tools and processes, and extends our software engineers' abilities. We believe the most meaningful security gains hide at the intersection of human intellect and computational power.
2023
In this advisory role, I help the CFTC navigate the complexities of cybersecurity risks, particularly in emerging technologies like AI and blockchain. On the Technology Advisory Committee (TAC), I am the co-chair of the cybersecurity committee, a member of the Digital Assets & Blockchain Technology committee, and a member of the Emerging and Evolving Technologies committee.
2017
2017
I'm available for advising and angel-sized investments in startups. Please contact me privately to discuss. Advising: - iVerify (mobile security), iverify.io, Aug '23 - Present - PolySwarm (threat intelligence), polyswarm.io, Nov '17 - Present - Boston Cybernetics (security training), bostoncybernetics.org, Sep '17 - Present Invested: - AlphaSOC (security analytics), alphasoc.com - Meow (fintech), meow.com - The Lanby (healthcare), thelanby.com - Bastion Platforms (blockchain), bastion.com - Fulcra Dynamics (ai), fulcradynamics.com - Banyan (decentralized storage), banyan.computer - Journey Clinical (healthcare), journeyclinical.com Exited: - Skiff (e2ee document editing), skiff.org, Advised: Apr '21 - Feb '24 (acquired by Notion) - Kolide (endpoint security), kolide.co, Advised: Feb '18 - Feb '24 (acquired by 1Password) - NC-Hash (cryptography), @hash_nc, Advised: Jan '20 - May '20 (wound down)
2008 - 2015
2012 - 2015
I helped kickstart growth in the NYU Tandon cybersecurity program: * Founded the THREADS security research conference (https://github.com/trailofbits/threads) * Advised student research projects and matched students with industry contacts * Represented NYU's cybersecurity program to the media * Helped the university achieve an NSA certification in Cyber Operations * Helped organize educational programs and a conference for women in cybersecurity * Spoke regularly at the NYU Law Seminar, Cyber Security Club, and related events on campus
2008 - 2015
I taught the capstone course in the cybersecurity program at NYU Tandon for 7 years: * Prepared 300+ students with the skills to identify, analyze, and exploit software vulnerabilities * Developed the graduate course material from scratch while still finishing an undergrad degree * Integrated outside industry experts into the course and helped place students in internships * Published an early version of the course as the CTF Field Guide (trailofbits.github.io/ctf/) * Rewrote a companion defensive course and transitioned it to new instructors after 1 year
2010 - 2011
2010 - 2011
I was the first hire in NYC and I helped establish iSEC Partners on the East coast: * Led client deliveries, research, outreach, recruiting, and new employee training * Performed in-depth technical testing and code reviews in C++, C#, Java, Python, and PHP * Led the response to Gnosis at a major web firm and developed training on incident response * Co-authored one of the industry's earliest trainings on mobile application security * Organized quarterly meetups with expert speakers on sandboxing, IR, and mobile security * Published original research on attacker economics and spoke at over a dozen conferences
2008 - 2011
2008 - 2011
I revitalized chapter meetings with engaging events and high-quality technical content: * Developed and ran the Capture the Flag contest for OWASP AppSec NYC 2008 * Streamlined the speaker submission process and recruited over a dozen expert speakers * Designed an original web application security Jeopardy event with prizes for winners * Evaluated an OWASP-sponsored project at every meeting in an ongoing "OWASP Tool Review" series
2009 - 2010
2009 - 2010
I proposed and developed a centralized threat intelligence function within the Federal Reserve System to provide highly-tailored information about observed attacks to clients within the organization. This team used its expert knowledge of attacks in the wild to develop sophisticated, enterprise strategies to mitigate them. Prior to leading the threat intelligence function, I was an incident response analyst and handled over one hundred security incidents.
2008 - 2008
2008 - 2008
2007 - 2007
2007 - 2007
2006 - 2006
2006 - 2006