Experience

Learn in-depth about my professional and academic research experience.

I've had a diverse and interesting range of experience throughout my career so far. Of course, this experience not only includes my professional experience and internships, but also my academic research experience undergone while studying at NC State. Please Contact Me for further discussion on anything you see below.



ChannelAdvisor Logo

Software Engineering Intern

ChannelAdvisor

January 2017 - May 2017, August 2017 - May 2018

I interned at ChannelAdvisor for three semesters while in graduate school. My experience closely aligns to that of the above experience description. As an intern specifically, I worked on a variety of key projects, such as:

  • I overhauled our Amazon order importing process to improve responsiveness for customers by 24-72 hours on average
  • I added new features to a high throughput system that processes over 2 TB of data a day; this was a very intense engineering project as I had to ensure high performance!
  • I was selected as one of two developers to pioneer a key integration with a major partner we had just signed, showing my high level of responsibility even as an intern.

Cisco Logo

Security Software Engineering Intern

Cisco Systems

Summer 2017

In Summer 2017, I worked in Cisco's Security and Trust Organization as a security software engineering intern. Specifically, I was working on the Hardware and Firmware Security team in the Trustworthy Systems group. One of the IP offerings of this team is a Secure Boot system that allows for trustworthy boot of an operating system, hypervisor, etc. on any hardware system.

My project was to design and develop a proof-of-concept for the next generation evolution of Secure Boot. Presentally, Secure Boot implementation requires a large hardware investment and specialized hardware on the product being secured. With Cisco shifting from being a hardware-focused company to a software-focused company, the amount of hardware investment in the company is being decreased. As such, there is a vital need for a low-level security solution that does not require much hardware involvement. The next evolution of Secure Boot, then, is a feature-equivalent solution that changes the existing hardware-based Secure Boot algorithm into a software implementation.

This project was a great experience for me. I enjoyed being involved from the design stages of the new project and sitting in on planning meetings and having real input. I was the lead on the software side so I was able to completely design the software to my own beliefs. Finally, I think the most interesting part of this project was being able to recognize and understand the business use case of the project. I could truly understand why my project needed to be completed and what benefit it would bring to the company.


Cisco Logo

Security Software Engineering Intern

Cisco Systems

Summer 2016

In Summer 2016, I worked in Cisco's Security and Trust Organization as a security software engineering intern. Specifically, I was working on the Hardware and Firmware Security team in the Trustworthy Systems group. One of the IP offerings of this team is a Secure Boot system that allows for trustworthy boot of an operating system, hypervisor, etc. on any hardware system.

My project was to enable X.509 certificate support for this offering. Secure Boot uses a variety of public keys for verifying cryptographic hashes; however, these keys can currently only be stored in a Cisco proprietary format. This causes major issues when the team is attempting to integrate their product with external software, such as BIOS or bootloaders developed by third-parties, as these tend to assume everyone uses X.509 certificates.

Such a task involves creating and integrating a custom, light-weight ASN.1 decoder and X.509 parser into the microloader; using existing solutions is not feasible due to size constraints of the microloader. This development is primarily done in C, with a very minor amount of assembly included. To verify functionality, extensive unit tests and regression tests were produced, plus the software was run on an actual hardware platform and debugged in the lab.

This project was very rewarding for me as I was able to recognize that this was something that my team truly needed. They spend a lot of time working around the issue of using proprietary keys, and there was truly no reason for them not to adopt X.509 certificates.


Cisco Logo

Security Software/Hardware Engineering Intern

Cisco Systems

Summer 2015

I previously worked in Cisco's Security and Trust Organization as a security software/hardware engineering intern. Specifically, I am working on the Hardware and Firmware Security team in the Trustworthy Systems group. One of the IP offerings of this team is a Secure Boot system that allows for trustworthy boot of an operating system, hypervisor, etc. on any hardware system.

My project during this summer was to enable support for microloader obfuscation. The microloader is a small program that performs verification of the system bootloader. This program is stored on an FPGA in block RAM (BRAM). If an attacker were able to reverse engineer the FPGA (very difficult), they would be able to analyze or change this code easily, allowing them to bypass Secure Boot. By obfuscating this code with a simple encryption algorithm, the threat of this attack if heavily mitigated. Full-scale encryption such as AES or RSA cannot be used in this case due to timing constraints; each instruction must be decrypted within a single CPU clock cycle.

This project involved a lot of digital hardware engineering with an FPGA using Verilog HDL, plus a significant amount of software engineering to develop build tools in C and Python to perform the initial encryption of memory and load it into the FPGA image.


Cisco Logo

Software Engineering Intern

Mi-Corporation

Summer 2014

Mi-Corporation is the market-leader for enterprise mobile information software solutions. While I worked at Mi-Co, their major product was Mi-Forms Mobile Forms, which is a paper-like mobile form software used to digitize paper forms and enhance productivity. During this summer, I worked as a software engineering intern, primarily doing development on the Mi-Forms platform and providing services via form development and programming.

Much of my time was spent on the development team. As this consisted only of the two senior engineers plus myself, I was given a large amount of responsibility to design, develop, test, and release new software features. Development was done in .NET (C# and VB.NET) or JavaScript.

I also spent a significant amount of time on the services team. Here, I collaborated directly with customers to develop custom enterprise mobile data capture solutions. Mi-Co mobile forms can be extremely powerful due their ability to be programmed with VB.NET or JavaScript, which is with what I spent most of my time. I developed with Windows, iOS, and Android tablet devices.

My work at Mi-Co was highly recognized. I went on multiple trips to meet with customers on-site to present my developed products. In addition, I was deployed as an local resource and company representative for a major customer in London, England for a month. The customer, Transport for London, who runs the entire London public transportation system, gave me great praise for my work while on assignment. More information on this engagement can be found on the Mi-Co website as a press release.

NC State Logo

Personal Graduate Research

NC State University

Fall 2017 - Spring 2018

In my final year of graduate school, I undertook some research in my personal time stemming out of some classes. I took CSC 574 (Computer and Network Security) in the fall, which included a research project element where we had to come up with and execute on our own research idea and create a paper worth of publication by the end. I worked with another student to come up with an idea in the fall, and this idea interested our professor so much that we continued working on it in the spring in order to publish it at a major security conference.

Our research focused on the measurement and analysis of secret leakage in public GitHub repositories. In the software development world, the use of public APIs is extremely prevalent. To integrate to an API, a developer usually requires some sort of private credentials for authentication and authorization, similar to a password. While this is a standard and well-established step, problems can arise with this practice in the open-source community. Open-source code, such as that published on the popular site GitHub, is intended to be shared with the wider internet; clearly, this is not a conducive environment for keeping credentials, which are required for proper functionality of the code in question, private. In many cases, these private credentials, which we called secrets, can end up being published on the open internet and are vulnerable to being stolen and abused. In our paper, we worked to perform the first comprehensive, rigorous, and longitundial study on GitHub to determine the extent of secret leakage. After demonstrating a high-efficiency attack to retrieve hundreds of thousands of credentials, we analyzed our unique dataset to provide valuable insights into the state of open-source credential (mis)management.

After much work, our paper, How Bad Can It Git? Characterizing Secret Leakage in Public GitHub Repositories, was accepted to NDSS 2019! NDSS, The Network and Distributed System Security Symposium, is considered to be one of the top tier of academic security conferences in the world. I'm excited to see our paper presented to this gathering of distinguished researchers in Feburary 2019.


NC State Logo

Graduate Research Assistant

NC State University - Network Performance Research Group

Fall 2016 - Spring 2017

The indoor localization project is a project funded by IBM and supervised by Dr. Michael Devetsikiotis. The goal is to be able to come up with a low-cost and scalable way to track people inside. Our solution is to use Bluetooth Low-Energy (BLE) iBeacons with Raspberry Pi nodes. The Pis, running Node.js software, are able to detect these beacons and report their sightings to a server via MQTT. A multi-threaded Python client runs on the server that retrieves this data from the MQTT broker and then stores it into a MariaDB SQL database.

In the fall (September 2016), we began month-long study on campus where ~50 students were given iBeacons and will go about their life as normal. We installed ~30 Raspberry Pis running our software throughout the building and collected data over the course of this study. By the end of the month, we amassed over 18 million data points, turning this into a big data problem! Our first paper describing this trial and examining preliminary results was presented at the IEEE Infocom Workshop on Smart Cities in April 2017.

The applications of this project are truly endless. For example, indoor localization can be vital in the creation of smart buildings; consider turning on lights automatically depending on where you are walking. Another potential application would be in museums, where our solution can enable the production of highly interactive displays based on proximity or tour route. A final example use case would be in stores, where the store will have a means to provide targetted advertising to customers depending on their location in the store (what aisle, nearby items, etc.) or their typical path (what items will they be near next, or, how do we get them to this part of the store?). Exciting!


NC State Logo

Undergraduate Research Assistant

NC State University - Network Performance Research Group

Spring 2016

In my senior year, I assisted on a project run by Dr. Michael Devetsikiotis, a Professor of Electrical and Computer Engineering. The project involved indoor localization and tracking of people inside buildings using Bluetooth Low Energy beacons. As part of the Network Performance Research Group, this project was aimed at being an innovative IoT solution.

My major role was evaluating the performance of such a system, including identifying the optimal transmit power level to achieve reliable localization without sacrificing battery life and determining a maximum number of beacons that can be individually identified without interference.

Additionally, I assisted in the planning of an on-campus study for Fall 2016. I am continuing with this research project into my MS and my thesis will be based on this topic.


NC State Logo

Undergraduate Research Assistant

NC State University - Active Robot Sensing Laboratory

Spring 2014

In my sophomore year, I volunteered to work on an ongoing research project on reconstructing three dimensional outdoor scenes using a stereo digital camera setup under Dr. Edgar Lobaton. Dr. Lobaton runs the Active Robotic Sensing (ARoS) Laboratory.

My main role was to review documentation and pre-existing source code to look for possible improvements. During this process, I became familiar with both third-party open source (OpenCV) and original C++ and MATLAB source code.