Projects

Hacker culture

What happens when powerful new AI tools are capable of giving hacking skills to everyone on the planet, allowing them to iterate through exploits at machine speed? For The Verge, I wrote about the new script kiddies, what happens after Mythos, and how companies can prepare.

In 2022, Consumer Reports hosted an online convening to discuss ways to encourage widespread adoption of code written in memory-safe languages. I wrote a report summarizing our findings, which was published in 2023.

Later that year, I teamed up with Internet Society Senior Director of Internet Trust, Christine Runnegar, to create a document about how to speak to one’s manager about memory safety.

My memory safety work has been cited in the Washington Post, IEEE Spectrum, Inside Cybersecurity, The Register, Tech Talk, ZDNet, and Dan Hon’s blog, Things that Caught My Attention. It was also a footnote in a CISA report, was discussed in the Oxide and Friends podcast, and was mentioned in my favorite cybersecurity newsletter, Zack Whittaker’s This Week In Security. I spoke at an Enigma panel on memory safety alongside panelists Josh Aas and Alex Gaynor, who have been sounding the alarm on memory safety long before I became aware of the issue.

The bar wasn’t exactly high for dystopian hacker suspense thrillers when USA Network’s Mr. Robot launched in 2015, but the show has gone on to surprise everyone because of how true it is to its subject matter, from the alienation at the heart of an always-connected life to the technologies the characters use to pull off the story lines.

Before the Season 1 finale, I chatted with show creator Sam Esmail and took a look at the real tools and apps used in the show for WIRED.

For Seasons 2-3, I gathered a group of hacker friends and we did roundtable chats after each season to discuss the tech in the show (and sometimes the storyline). These were published in Forbes. I continued this for Motherboard four Seasons 4-5.

I profiled the Plaid Parliament of Pwning, one of the world’s elite hacking teams competing in a niche competition called Capture the Flag. This is where teams compete to solve computer security problems modeled on real-world vulnerabilities.

An estimated 50-100K folks had microchip implants at the time of this story for Ars Technica. I looked at how the benefits compare to the risks.

This piece was cited in the Cyberpolitik Journal, Harvard Journal of Law & Technology, International Journal of Advanced Computer Science and Applications, Journal of Bone and Joint Surgery (JBJS) Case Connector, North Carolina Journal of Law & Technology, Ohio State Law Journal, William & Mary Law Review, and the Beacon Florida Fusion Center’s Cyber and Critical Infrastructure Report, It’s also cited in the Penn State course IST 110: Introduction to Information Sciences and Technology.