As of September 2017, I am a CDT (PhD) student at Royal Holloway, University of London
in the ISG group under the supervision of
Lorenzo Cavallaro and
In events of Lorenzo moving to Kings College London and Johannes moving to Bundeswehr University Munich,
Dan O'Keeffe and Daniele Sgandurra have been kind enough to supervise me internally from Royal Holloway.
Furthermore, the PhD is kindly sponsored by L3 TRL.
Before starting my PhD at Royal Holloway, I finished a bachelor degree on both Computing Science (cum laude) and Mathematics (bene meritum) at the Radboud University in Nijmegen, Netherlands.
During my undergraduate, I wrote my thesis at Royal Holloway, called Gamut: Sifting through Images to Detect Android Malware.
Although my interests have a large range, my PhD research currently focuses on two related areas. First, I am considering the state-of-the-art in binary attacks and defenses, looking where there's room for improvement against sophisticated attacks such as data-only attacks. I look at this from a fundamental point-of-view, answering (some of) the following: (1) what went wrong in the first place, i.e. what's the vulnerability? (2) How come a certain level of control has been acquired even with mitigations in place? (3) What does the attacker aim to do and how does the attacker achieve this?
Secondly, I look into the more fundamental related questions: What is a vulnerability? How do we distinguish them and how does this tie to the search of vulnerabilities? What is an exploit?
Furthermore, I like to explore unorthodox methods that are allowed to fail. I also see that computers are capable of doing things we humans cannot achieve without them.
Hence, I believe we should use this strength to our advantage, whether it's human assisted or completely autonomous.
In order to do this, we do need a better understanding of the attack space and vectors and current state-of-the-art methods.
Moving towards a computer-centric approach for any task does not automatically mean "machine learning" or "artificial intelligence". Whereas these methods can be extremely effective with certain goals in mind (see my BSc thesis above), I do not limit myself by jumping on the first opportunity to bring out the AI big data smart blockchain for security (unless it actually makes sense to do so).
I like to think out-of-the-box (or "out-of-the-heap", if you will), trying to find new ways or methods people haven't thought of before. That is probably why I always enjoyed CTF-like challenges from e.g. HackThisSite. I now made one myself too, it is found at Think.OutOfTheHeap.com.