Co-founder and CEO of Trail of Bits.

I co-founded Trail of Bits in 2012. We do security audits and craft research-grade bug-finding tools. It's the work of pulling software apart before someone with worse intentions does it for free. In 2025 we placed second in DARPA's AI Cyber Challenge and took home $3M. In 2020 we audited Zoom while the world's meetings moved onto it overnight, fixing thousands of bugs in the meeting client before version 5 shipped. That same year we audited Voatz, the mobile voting app, found ways to alter or cancel votes, and West Virginia dropped it from elections.

Before that I was the first Hacker in Residence at NYU Tandon for four years and taught the cybersecurity capstone course there for seven. I helped start the OSIRIS Lab. Trail of Bits and I trained cadets at the US military service academies to hack, then turned that material into the public CTF Field Guide. I made iVerify in 2019 to detect compromised iPhones; it spun out as its own company in 2023. I also made Algo, an open-source VPN server, after deciding most people don't need a commercial one. The New York Times and Consumer Reports both recommended it.

I sometimes say things in public that get people upset. In 2016 I argued Apple could comply with the FBI's court order to build custom firmware that would unlock the San Bernardino shooter's iPhone, and the term I coined for that firmware, "FBiOS," got picked up by the media. In 2019 I got myself escorted out of Black Hat for making too much noise about a sponsored talk on a novel encryption scheme. The conference pulled the talk from its website a week later. In 2023 and 2024 I co-chaired a CFTC cybersecurity panel advising on AI threats and crypto market security.

I grew up on Long Island. As a teenager I figured out I could change anyone's grades at my high school. I showed the superintendent. He thanked me, then banned me from the school's computers for most of junior and senior year.

I went to NYU Tandon (then Polytechnic), where I was selected for the federal CyberCorps Scholarship for Service. It paid tuition in exchange for government cybersecurity work, which I did as an NSA intern, first in TAO on the offensive side and then in IAD on the defensive side. TAO is the work that shaped how I think about security. My first job out of school was at the Federal Reserve Bank of New York, and after that I joined iSEC Partners, the security consultancy a generation of notable researchers came up through. CISA put me in the Scholarship for Service Hall of Fame in 2021.

Around eighty people into Trail of Bits, I started feeling out of my depth and went back to school. I'm finishing Harvard Business School's Owner/President Management program in October 2026. Along the way I've ended up lecturing two HBS classes myself, one on AI and one on cybersecurity.

Outside the company, I'm a major benefactor of Pioneer Works in Brooklyn and fund the Hacker Spirit Scholarship at my old high school in Mineola.

This site is for missives, photos, and notes on what I'm reading. The blog is just getting started.