A PhD student and open source enthusiast with an interest in security and usability. My research focusses on supply chain security and my open source work is all over the place.
On this page you can read about my Experience & Education, Projects, and Open Source work. Besides this website, you can find me and my work on: GitHub, GitLab, LinkedIn, and StackOverflow.
Researching Supply Chain Security as part of the CHAINS project.
A research internship focussed on web security.
Worked in the integration teams as a full-stack developer working with React in JavaScript and Spring in Kotlin.
Collaborated with C. Brzuska and K. Kohbrok on a research paper titled Security Analysis of the MLS Key Derivation and presented our work at the 43rd IEEE Symposium on Security and Privacy.
Studied Security and Cloud Computing (SECCLO) learning about information security, web and cloud security, mobile security and development, cryptography, blockchains, as well as data mining and platforms.
Full-time internship where I performed Protocol Analysis using the Burp suite, Mobile Penetration testing, and PCI auditing.
Studied Computer Science learning about software engineering, algorithms and data structures, complexity theory, networking, operating systems, as well as calculus, linear algebra, and statistics. Included a minor at the KTH Royal Institute of Technology focussing on security and human-computer interaction.
Full-time internship where we, in a group of 4 Bachelor students, built a data analytics tool using Python 3 to analyze terabytes of disjoint sets of log data in near real-time.
Freelance remote junior full stack developer using NodeJS, PostgreSQL, and Heroku on the back-end and VueJS, JQuery, and Bootstrap on the front-end.
At The 32nd ACM Conference on Computer and Communications Security in 2025 by E. Cornelissen, and M. Balliu. See the paper and artifact for more details.
At 33rd USENIX Security Symposium in 2024 by E. Cornelissen, M. Shcherbakov, and M. Balliu. See the paper and presentation and artifact for more details.
At IEEE Symposium on Security and Privacy in 2022 by C. Brzuska, E. Cornelissen, and K. Kohbrok. See the paper and presentation for more details.
Check out all my software projects on my projects page or check out my ideas page.
A simple tool to find dangerous uses of GitHub Actions Workflow expressions.
Generate arbitrary JavaScript source code for/with fast-check.
An asdf plugin for diffoci.
An asdf plugin for yamllint.
Manage npm deprecations.
Disallow side effects at the top level of files through ESLint.
Checksums for GitHub Actions.
Go structs for GitHub Actions.
A static analyzer to scan JavaScript code for problematic regular expressions.
Transparent linear-time (non-backtracking) regular expressions for libraries.
Assert the duration of blocking and async functions under test.
The npm audit assistant - the "rgh" is for dramatic effect, capturing that all-too-familiar reaction to running npm audit: "aargh!"
A testing utility library to help write tests related to prototype pollution.
Insight into the reproducibility of GitHub Actions.
Simple shell escape library for JavaScript.
Scrape package source code from Socket.dev
Strip debug assertions from JavaScript code.
Strip comments from JavaScript and TypeScript code.
Strip directives (like eslint-disable-line) from your code to clean a package before it is published.
A GitHub Action to automatically update the tools in your .tool-versions file.
Projects started or run by others that I've (co-)maintained for a some amount of time.
A non-exhaustive list of open source projects I've contributed to in the past.
Security vulnerabilities found by me, acknowledged by maintainers, and fixed by anyone.