|
 |
I am a Co-Founder at Corelight, a startup that’s bringing our open-source network security monitor Zeek (formerly Bro) to enterprise customers. I also used to lead the development team behind Zeek for many years. While back in München now, I remain affiliated with Berkeley’s International Computer Science Institute where I was a Senior Staff Researcher in the Networking and Security Group. I also used to be an affiliated researcher at Berkeley Lab, working with their security team. Before coming out to Berkeley, I was a research assistant at TU München and Saarland University. Before that, I received a diploma in Computer Science from University of Paderborn, Germany.
Much of my work focuses on securing networks, with a particular emphasis on high-performance network monitoring in operational settings. More generally, I’m interested in understanding the capabilities and limitations of network technology, as well as the characteristics of real-world network traffic.
Please see the seperate list of publications.
The Zeek network security monitor, for which I’m leading the development team.
Spicy, a next-generation parser generator.
The Time Machine, a high-performance packet bulk recorder.
The ICSI Notary, a near-realtime database of SSL certificates seen in the wild.
Secure and Resilient Architecture: Effective and Economical Protection for High-Performance Research and Education Networks (National Science Foundation, 2016-2019, with ESnet)
Bro at Scale: a Network Monitoring Solution for Nationally and Globally Distributed Critical Infrastructure (Department of Energy, 2016-2018, at Corelight)
Understanding the State of TLS Using Large-scale Passive Measurements (National Science Foundation, 2015-2018)
Developing Security Science from Measurements (National Security Agency, 2014-2016, with UIUC)
A Bro Center of Expertise for the NSF Community (National Science Foundation, 2013-2016, with NCSA)
Semantic Security Monitoring for Industrial Control Systems (National Science Foundation, 2013-2017, with NCSA and UIUC)
Understanding and Exploiting Parallelism in Deep Packet Inspection on Concurrent Architectures (National Science Foundation, 2012-2017, with University of Wisconsin - Madison)
Understanding and Managing the Impact of Global Inference on Online Privacy (National Science Foundation, 2011-2015)
A Concurrency Model for Deep Stateful Network Security Monitoring (Cisco Research, 2011-2012)
Cybersecurity and Networking: NIDS Front-End for Load Balancing at 100 Gigabits (Department of Energy, 2011-2013, with cPacket Networks and NERSC)
Enhancing Bro for Operational Network Security Monitoring in Scientific Environments (National Science Foundation, 2010-2013, with NCSA)
A Mathematical and Data-Driven Approach to Intrusion Detection for High-Performance Computing (Department of Energy, 2010-2012, with LBNL and UC Davis)
Exploiting Multi-Core CPUs for Parallelizing Network Intrusion Prevention (Intel Research, 2010-2011)
A High-Performance Abstract Machine for Network Intrusion Detection (National Science Foundation, 2009-2013)
Invigorating Empirical Network Research via Mediated Trace Analysis (National Science Foundation, 2009-2012)
Network Monitoring Infrastructure For Research in a Large-Scale Operational Environment (National Science Foundation, 2009-2011)
High Performance Networks - Compilation and Optimization of Protocol Analyzers (Department of Energy, 2009-2011, with Reservoir Labs)
Collaborative Research: Comprehensive Application Analysis and Control (National Science Foundation, 2008-2013)
Establishing a Cross-Institutional Platform for Cooperative Security Monitoring and Forensics (National Science Foundation, 2007-2011)
Exploiting Multi-Core CPUs for Parallelizing Network Intrusion Prevention (National Science Foundation, 2007-2010)
Approaches to Network Defense Proven in Open Scientific Environments (National Science Foundation, 2007-2009)
General Chair IEEE S&P 2013, Vice Chair 2012, Treasurer 2011
Program Chair DIMVA 2007
Advisory Board ECOSSIAN: European Control System Security Incident Analysis Network
Program Committee USENIX Security 2017
Program Committee IEEE S&P 2015, 2013
Program Committee ACSAC 2015, 2014
Program Committee CPS-SPC 2015
Program Committee HotMiddlebox 2015, 2013,
Program Committee AISec 2015, 2014, 2013, 2012, 2011
Program Committee CLHS 2013
Program Committee EuroSec 2012, 2011
Program Committee EC2ND 2011, 2010
Program Committee Networking 2010, 2009
Program Committee SAC 2010 - INFSEC Track
Program Committee CoNGN 2008
Program Committee ICISS 2008
Program Committee IEEE MCN 2008
Program Committee CRITIS 2007