I’m a computer scientist in Massachusetts with graduate education who has worked in industry for 15 years. I’ve worked on static program analysis, symbolic execution, compilers and interpreters, high-performance computing, fuzz testing, application security, and production machine learning systems.
I currently work in a team at Praetorian that combines static analysis with machine learning to augment the capabilities of offensive security operators.
You can find a PDF of my resume here. I’ve also written and presented several peer-reviewed publications over the years.
You can find me on the infosec.exchange Mastadon instance as @bradlarsen.
The vast majority of my professional work has been in closed-source proprietary codebases. But some has been open-source, including these things:
- I'm the author and maintainer of Nosey Parker, a fast secrets detector for offensive security with high signal-to-noise, and its complementary Nosey Parker Explorer TUI app for interactive triage
- I found and fixed a bug in the tokenizer in SQLite that caused it to not work on EBCDIC systems
- I contributed additional fuzz targets to CPython's OSS-Fuzz integration, which found a few bugs
- I found and fixed memory errors in the parser in CPython that also affected its related
typed-astlibrary - I added the
sha1function to DuckDB - I found and fixed several bugs in Manticore, the low-level symbolic execution engine, enhanced its ARMv7 support, and enhanced its Linux filesystem emulation