I’m a computer scientist in Massachusetts with graduate education who has worked in industry for 13 years. I’ve worked on static program analysis, symbolic execution, compilers and interpreters, fuzz testing, application security, and production machine learning systems.

I currently work in a team at Praetorian that combines static analysis with machine learning to augment the capabilities of offensive security operators.

You can find my resume here. I’ve also written and presented several peer-reviewed publications over the years.

You can find me on the infosec.exchange Mastadon instance as @bradlarsen.

Nearly all my professional work has been in closed-source proprietary codebases. But some has been open-source, including these things:

• I am the primary author and maintainer for Nosey Parker, a fast secret detector with high signal-to-noise
• I found and fixed a bug in the tokenizer in SQLite that caused it to not work on EBCDIC systems
• I contributed additional fuzz targets to CPython's OSS-Fuzz integration, which found a few bugs
• I found and fixed memory errors in the parser in CPython that also affected its related typed-ast library
• I added the sha1 function to DuckDB
• I found and fixed several bugs in Manticore, the low-level symbolic execution engine, enhanced its ARMv7 support, and enhanced its Linux filesystem emulation