Michael Myers
I am a security researcher based in the Los Angeles area, with over 18 years experience supporting our country's national security and now commercial business communities. I have led and contributed to projects in Embedded Systems Development and Exploitation, Malware Analysis, Code Security Audits, Threat Modeling, Vulnerability Research, Reverse Engineering, and Software Engineering. Currently I am not seeking new employment opportunities. If you have project opportunities or are interested in working with me, please contact me at Trail of Bits.
Work Experience
Trail of Bits
Principal Security Engineer
August 2017 – current
Long Beach, CA
Trail of Bits is a leader in security research and engineering. I contribute to R&D efforts, lead security audits, and manage the security engineering team. I work with customers in tech, defense, and finance to improve, extend, and integrate the best open-source security tools.
Work Experience
Digital Operatives LLC
Chief Technology Officer (CTO)
November 2011 – February 2017
Arlington, VA
Digital Operatives is a boutique cyber security company performing expert analysis, R&D, and operational support for government and business needs. As CTO I was instrumental in DO’s initial years of stable growth. I led our technical vision, pursued new business, and led contracts.
Work Experience
Harris Corporation
Principal Security Researcher
August 2005 – November 2011
Chantilly, VA
At Crucial Security (acquired by Harris, 2009), I was the most senior engineer in a division providing cyber capabilities and on-site operations support. I also led the USB device security research, and was PI for a Phase I & II SBIR to create an x86 hypervisor-based software isolation.
Work Experience
SPARTA, Inc. (now Parsons)
Senior Systems Analyst
June 2000 – August 2005
Centreville, VA
At SPARTA I provided low-level expertise in Windows malware and embedded software. For 5+ years I was lead developer and operational support for an offensive security project for a national security mission. I performed a mix of develoment, RE, and vuln. research.
Open Source
Some of my participation in open source:
- Personal Blog about Security & Tech
- MacOS-WPA-PSK: a proof-of-concept script in Python showing that MacOS leaves the wifi network key unprotected in NVRAM (original research) (25+ stars)
- ImportDeliciousToDiigo: a user account migration tool from Delicious to Diigo services, implemented as a standalone HTML5 file with embedded JavaScript.
Giving Back
- Coordinated with Apple to publish CVE-2014-8816: Arbitrary Code execution in Mac OS X CoreGraphics. I identified an exploitable heap corruption issue in PDF handling.
- “Exploiting Weak Shellcode Hashes to Thwart Module Discovery,” an article in issue (0x12) of PoC || GTFO. (Jun. 2016)
- “Anti-Keylogging with Random Noise,” an article in issue (0x14) of PoC || GTFO. (Mar. 2017)
Certifications
- Completed the Immunity NOP Certification test, a timed and proctored practical exam demonstrating the ability to write a buffer overflow exploit for a Windows target program. (2011)
- Previously completed certifications for CISSP (2010) and CEH (2010).
- Crytography I course completion certificate (Stanford, Coursera) (2013)
Skills
- Native code reverse engineering
- C, C++, x86 and ARM Assembly
- Java, Python, Ruby, JavaScript
- Vulnerability Research
- Cryptography
- Exploit Development
- Security Threat Modeling
- Technical Marketing and Proposal Writing
- Customer Service
- Technical Leadership
Education
Virginia Tech
BS, Computer Engineering
1996 – 2000
Blacksburg, VA, USA
The Computer Engineering program I completed at VT was an early hybrid of Computer Science and Electrical Engineering.