I’m an assistant professor at Purdue’s ECE department, where I do research on Secure Systems, Applied Cryptography and Software Supply Chain security.
My current research focuses on securing the software development life-cycle. Before that, my research focused on secure password storage mechanisms and update systems. Because of this, I’m the team lead of in-toto, a framework to secure the software development life-cycle, as well as PolyPasswordHasher, a password storage mechanism that’s incredibly resilient to offline password cracking. Also, I’m a contributor for The Update Framework (TUF), which is the software update system being integrated on a variety of projects like Docker, CPAN, and others.
In my free time, I like developing open source software, including mobile applications for education and a custom desktop-background daemon that crawls Reddit/Imgur. I tend towards writing small, yet usable applications on my own and publishing them (usually as proofs of concept) on GitHub. I’m also a member of the Arch Linux Security Team, and have contributed small patches to other medium to big-sized F/OSS projects. You can read more about the projects I contributed to in my project-list page.
When I’m not coding, I enjoy playing Guitar (I like playing Progressive rock, Jazz and Math-rock) and reading pretty much about anything.