Curriculum Vitae

I am a security researcher with a Ph.D. in Computer Science and Engineering from the University of Michigan. My doctoral research focused on understanding Nation-State Attackers such as the NSA and GCHQ while also measuring Internet-scale vulnerabilities and attack-surfaces. In my graduate education, I was advised by Prof. J. Alex Halderman and funded by an NSF Graduate Research Fellowship and the Post-9/11 GI Bill.

Currently, I am working on Google's Production Security team in Mountain View, California. My work-related responsibilities focus on identifying, monitoring, and reducing Insider Threats as well as improving Google's overall infrastructure security. Outside of work, I am still actively researching Internet-scale computer security issues as well as working towards improving the security properties of widely used protocols and mechanisms.

Contact: (PGP key)


Ph.D. in Computer Science and Engineering, University of Michigan, Jul 2013 – Apr 2018
  • Advisor: J. Alex Halderman
  • Thesis: Nation-State Attackers and their Effects on Computer Security
  • Committee: Peter Honeyman, Atul Prakash, and Florian Schaub
M.S. in Computer Science and Engineering, University of Michigan, 2013 – 2015
B.S. in Computer Science, University of Alabama, 2009 – 2013

Awards and Honors

  • Honorable Mention for Graduate Student Instructor Award (2017)
  • 2015 Pwnie for Most Innovative Research (2015)
  • Best Paper Award, ACM CCS (2015)
  • NSF Graduate Research Fellowship (2013)

Peer-Reviewed Research Papers

The Security Impact of HTTPS Interception
Zakir Durumeric, Zane Ma, Drew Springall, Richard Barnes, Nick Sullivan, Elie Bursztein, Michael Bailey, J. Alex Halderman, and Vern Paxson
Network and Distributed System Security Symposium (NDSS), February 2017
    Measuring the Security Harm of TLS Crypto Shortcuts
    Drew Springall, Zakir Durumeric, and J. Alex Halderman
    ACM Internet Measurement Conference (IMC), November 2016
      FTP: The Forgotten Cloud
      Drew Springall, Zakir Durumeric, and J. Alex Halderman
      IEEE/IFIP Conference on Dependable Systems and Networks (DSN), June 2016
        Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice
        David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta, Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Beguelin, and Paul Zimmermann
        ACM Computer and Communications Security (CCS), October 2015
        Best Paper Award
        2015 Pwnie for Most Innovative Research
          Security Analysis of the Estonian Internet Voting System
          Drew Springall, Travis Finkenauer, Zakir Durumeric, Jason Kitcat, Harri Hursti, Margaret MacAlpine and J. Alex Halderman
          ACM Computer and Communications Security (CCS), November 2014

          Work Experience

          Software Engineer — Google (Mountain View, CA)
          Production Security Team, Dec 2017–Present
          • Identify, monitor, and reduce Insider Threats caused by over-privileged entities, cross-domain privilege interaction, and legacy organizational processes
          • Improve infrastructure security against lateral movement in potential Right-of-Hack scenarios
          Graduate Student Instructor — University of Michigan
          EECS 388 Introduction to Computer Security, Winter 2017
          • Lectured on Binary Exploitation and Control Flow Hijacking
          • Led weekly recitation section
          Software Engineering Intern — Google (Mountain View, CA)
          Android SafetyNet Team, Summer 2016
          • Implemented new developer-facing Android APIs to provide application developers the ability to leverage Android SafetyNet's anti-malware efforts within their own applications
          • Drafted public documentation and internal design documentation for Android SafetyNet APIs
          Software Engineering Co-Op Intern — Hewlett Packard (Houston, TX)
          ESS BIOS Development Team, Jan. 2011–Nov. 2012
          • Developed, improved, and maintained capabilities and functionality for Proliant server BIOS and UEFI firmware applications to improve customer ease-of-use and remote management
          • Created a suite of developer-centric tools allowing intelligent reporting, maintenance, updating, and collaboration of development and bug trackers
          Special Intelligence Communications Technician — United States Marine Corps (various)
          Sergeant (2651), 2004–2009
          • Installed, administered, maintained, and repaired secure computer, radio, SATCOM, and telephone networks and equipment
          • Served in many technical billets throughout the US, Iraq, and Afghanistan in support of the Marine Corps, National Security Agency, and multinational Intelligence Community