Born in Luxembourg, I have over 25 years of experience working in different types of information security roles,  Engineering, Governance Risk and Compliance, Leadership, Software Development, Product Management. 

I have worked for J.P Morgan, HSBC, Amazon, Verizon Enterprise, Proximus and n.runs in a number of Senior Information Security and Privacy related roles and consulted many of the now fortune 100 companies.

I work for J.P. Morgan Mobility Payment Solutions S.A. as the Chief Information Security Officer and Head of Technology Risk.

My former position include  CISO @ Amazon Payments, Head of Security Risk and Compliance Europe @Amazon, Head of Country Risk for HSBC Luxembourg, EMEA Threat and Vulnerability Management Practice Lead for @ Verizon Enterprise,  Senior Security Engineer (Offensive) @ n.runs, Security Engineer @ Telindus/Proximus, and CEO of my own Startup (Security Software Development)

I am a proud founding father and distinguished subject matter expert for the ISC2 CSSLP certification, a board member at OWASP Benelux and an Advisory Board Member for C|ASE (Certified Application Security Engineer) at EC-Council. I had the opportunity to publish numerous research results that I presented at various international security conferences

Published Software and Proof of Concepts

The list of tools and whitepapers that I published is available here

Get in touch

In case you want to reach out, I can be found on XLinked-in and can be reached via an online form.

Academic References and Citations

The following is a list of academic papers, peer reviewed papers that either cite or reference my publications: 


Subject : Cryptograhy

2021 - Assessing Non-Intrusive Vulnerability Scanning Methodologies for Detecting Web Application Vulnerabilities on Large Scale
2021 International Conference on System, Computation, Automation and Networking (ICSCAN)

2020 - SecWIR: securing smart home IoT communications via wi-fi routers with embedded intelligence
MobiSys '20: Proceedings of the 18th International Conference on Mobile Systems, Applications, and Services

2017 - PHD Dissertation - Authentication Techniques for heteroeneous Telephone Networks 
University Of Florida  - Bradley Galloway Reaves

2017 - “Metodología de Hacking Ético para Instituciones Financieras, aplicación de un caso práctico"

2016 - A Comprehensive Survey on SSL/ TLS and their Vulnerabilities
International Journal of Computer Applications

2016 - Securing Medical Devices and Protecting Patient Privacy in the Technological Age of Healthcare
PHD Thesis - Paul D. Martin- The Johns Hopkins University

2016 - Authloop: End-to-end cryptographic authentication for telephony over voice channels
25th {USENIX} Security Symposium - B Reaves, L Blue, P Traynor

2015 - Evaluation of TFTP DDoS amplification attack
The Cyber Academy, Edinburgh Napier University

2015 - Optimizing TLS for Low Bandwidth Environments
International Symposium on Foundations and Practice of Security
FPS 2014: Foundations and Practice of Security

2015 - A Segurança das Comunicações dos Sítios Web Disponibilizados pelo Estado Português

2014 - Visualization of SSL Setting Status Such as the FQDN Mismatch
IMIS 14 - Proceedings of the 2014 Eighth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing
Source: 10.1109/IMIS.2014.88

2014 - PhD Thesis - Modeling and analyzinh Cryptographic real world protocols
Ruhr Uni Bochum - Florian Bergsma

2013 - Safe Configuration of TLS Connections - Beyond Default Settings
6th Symposium on Security Analytics and Automation 2013

2013 - Ataques a las comunicaciones sin hilos y sus principales métodos de mitigación
Master Thesis - Laura Rasal Blasco

2013 - Cyber-security Defense in Large-scale M2M System: Actual Issues and Proposed Solutions
Proceedings of the International Conference on Security and Management (SAM)
Technische Universität Berlin

2013 - On the security of TLS renegotiation
CCS13 - Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Authors: F Giesen, F Kohlar, D Stebila - Queensland Universtity

2012 - SSL/TLS status survey in Japan-transitioning against the renegotiation vulnerability and short RSA key length problem
IEEE - Asia Joint Conference on Information Security (Asia JCIS)
Source: 10.1109/AsiaJCIS.2012.10 -

2012 - Attacks on re-keying and renegotiation in Key Exchange Protocols
Bachelor Thesis - Rati Gelashvili
Eidgenössische Technische Hochschule Zürich

2012 - Analysis of the Functionality, Risks and Counter-Measures of Current Padding Attacks
Bachelor Thesis - Alexander Colin Jüttner
Frankfurt School of Finance and Management

2012 - Countermeasures and Tactics for Transitioning against the SSL/TLS Renegotiation Vulnerability
IEEE - 6th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS)
Source: 10.1109/IMIS.2012.138 -

2011 - Security in Bluetooth, RFID and wireless sensor networks
ICCCS '11: Proceedings of the 2011 International Conference on Communication, Computing & Security

2011 - TLS and Energy Consumption On a Mobile Device: A Measurement Study
Publisher: IEEE -
DOI: 10.1109/ISCC.2011.5983970

2011 - MITM attacks on SSL/TLS related to renegotiation
Thor Siiger Prentow

2010 - Cybersecurity Myths on Power Control Systems: 21 Misconceptions and False Beliefs
Published :IEEE Transactions on Power Delivery ( Volume: 26, Issue: 1, Jan. 2011)
DOI: 10.1109/TPWRD.2010.2061872

2010 - Problems on the shifts to a new specification with countermeasures of the SSL / TLS renegotiation vulnerability
Yuji Suga

Subject : SSLscan Tool

Classifying Network Protocol Implementation Versions: An OpenSSL Case Study
Johns Hopkins University
Martin, Paul D.Rubin - Rushanan, Michael - Aviel D. - Green Matthew; Checkoway Stephen

Subject: Bluetooth and Wireless

2024 - Low-power Bluetooth/RFID devices to Track Inventory in the Supply Chain
Asian Journal of Multidisciplinary Research & Review | ISSN 2582 8088
Volume 5 Issue 1 – January February 2

2020 - Detecting Bluetooth Attacks Against Smartphones by Device Status Recognition
ICAIS 2020: Artificial Intelligence and Security

2019 - Bluetooth Intrusion Detection System (BIDS)
IEEE : DOI: 10.1109/AICCSA.2018.8612809

2019 - Analysis on Bluetooth Security
International Journal of Research in Engineering, Science and Management

2019 - Wi-Fi Channel Saturation as a Mechanism to Improve Passive Capture of Bluetooth Through Channel Usage Restriction
Journal of Network Technology, 2019

2018 - Seguretat en Bluetooth. Anàlisi de vulnerabilitats
Universitat Oberta de Catalunya

2017 - Penetration testing and testing to diagnose and detect vulnerabilities in wireless data networks
Katsadouros, Evangelos - School of Technological Applications Department of Computer Systems Engineering

2016 - Data security in telehealth and smart home environment

2015 - Bluetooth security and threats
Norwegian Defence Research Establishment (FFI)

2015 - Enhancement of bluetooth security authentication using hash-based message
Master Thesis - Diallo Alhassane Saliou
International Islamic University Malaysia

2014 - Exploiting Bluetooth 4.0 for Secure, Cloud-Enabled Monitoring of Palliative Care Patients
Master Dissertation - Will Browne - University of Dublin, Trinity College

2013 - Ubertooth - Bluetooth Monitoring und Injection
Proceedings of the Seminars Future Internet (FI) and Innovative Internet Technologies and Mobile Communications (IITM)
Martin Herrmann - Technische Universität München

2012 - Analysis of Bluetooth threats and v4.0 security features
S. Sandhya, K. S. Devi
Publisher: 2012 International Conference on Computing, Communication and Applications (ICCCA)

2012 - Analysis and mitigation of vulnerabilities in short-range wireless communications for industrial control systems
International Journal of Critical Infrastructure Protection - Volume 5, Issues 3–4, December 2012
Bradley Reaves, Thomas Morris

2012 - Theoretical analysis of security features and weaknesses of telecommunication specifications for Smart Metering
Master thesis - Univeristyo of Catalunya

2012 - Bluetooth security analysis for mobile phones
João Alfaiate
Publisher : 7th Iberian Conference on Information Systems and Technologies (CISTI)

2011 - A Secured Bluetooth Based Social Network
Nateq Be-Nazir Ibn Minar, M. Tarique
International Journal of Computer Applications

Bluetooth security threats and solutions: a survey
International Journal of Distributed and Parallel Systems (IJDPS)
University, Bangladesh

2011 - BlueSnarf Revisited: OBEX FTP Service Directory Traversal
International Conference on Research in Networking
NETWORKING 2011: NETWORKING 2011 Workshops
Authors: Alberto MorenoEiji Okamoto

2010 - Battery-Sensing Intrusion Protection System Validation Using Enhanced Wi-Fi and Bluetooth Attack Correlation
2009 IEEE 70th Vehicular Technology Conference Fall

2010 - Bluetooth Sniffing and the PS3
College of Engineering and Computer Science
Luke Vincent

2010 - Effects of Wi-Fi and Bluetooth Battery Exhaustion Attacks on Mobile Devices
IEEE - 10.1109/HICSS.2010.170

2010 - Taming the Blue Beast: A Survey of Bluetooth Based Threats
Published: IEEE Security & Privacy ( Volume: 8, Issue: 2, March-April 2010)

2009 - Secure Physical Layer using Dynamic Permutations in Cognitive OFDMA Systems
VTC Spring 2009 - IEEE 69th Vehicular Technology Conference
IEEE - 10.1109/VETECS.2009.5073843

2009 - Security Issues in Pervasive Computing
LA Mohammed, K Munir - Risk Assessment and Management
DOI: 10.4018/978-1-60566-220-6.ch010

2008 - Towards Pervasive Computing Security
Proceedings of the World Congress on Engineering 2008 Vol I

2008 - Breaking into Bluetooth
Author links open overlay panelKenMunro
Network Security Volume 2008, Issue 6,

2007 - Studying Bluetooth Malware Propagation: The BlueBag Project
Authors:  Luca Carettoni; Claudio Merloni; Stefano Zanero
DOI: 10.1109/MSP.2007.43

2007 - Wireless Ordering with the use of technology Bluetooth

2007 - Bluetooth Security & Hacks
RUB Seminar Arbeit
Andreas Becker

Subject : Risk Management

Perspectives in Cyber Security, the Future of Cyber Malware
Indian Journal of Criminology (ISSN 0974 – 7249), Vol .41 (1) & (2), Jan. & July,2013, p.210-227
Sandeep Mittal

Subject - Fuzzing / Vulnerability Discovery

2018 - Study of Security Attacks against IoT Infrastructures
The University of Newcastle - Advanced Cyber Security Engineering Research Centre (ACSRC)

2017 - Malware Detection Based on Multiple PE Headers Identification and Optimization for Specific Types of Files
Ton Duc Thang University - ISSN (Print): 1859-2244

2017 - Automatically Inferring Malware Signatures for Anti-Virus Assisted Attack
ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security

2016 - From Malware Signatures to Anti-Virus Assisted Attacks
Technische Universität Braunschweig

2016 - A novel malware for subversion of self‐protection in anti‐virus
Software—Practice & ExperienceMarch 2016

2015 - A security analysis method of antivirus software upgrade process
Journal of Wuhan University (Science Edition)

2015 - Design and Evaluation of Feature Distributed Malware Attacks against the Internet of Things (IoT)
2015 20th International Conference on Engineering of Complex Computer Systems (ICECCS)

2015 - Design, implementation and evaluation of a novel anti-virus parasitic malware
SAC '15: Proceedings of the 30th Annual ACM Symposium on Applied ComputingApril

2015 - Error-Correcting Codes as Source for Decoding Ambiguity
2015 IEEE Security and Privacy Workshops - DOI: 10.1109/SPW.2015.28

2014 - Feature-Distributed Malware Attack: Risk and Defence
European Symposium on Research in Computer Security - ESORICS 2014: Computer Security - ESORICS 2014

2014 - Design and Analysis of a New Feature-Distributed Malware
2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications

2014 - Fuzzing analysis: Evaluation of properties for developing a feedback driven fuzzer tool
Master Thesis Kris Gundersen

2012 - PE-Header-Based Malware Study and Detection
University of Giorgia

2012 - Abusing file processing in malware detectors for fun and profit
2012 IEEE Symposium on Security and Privacy : DOI 10.1109/SP.2012.15
Section II - Related Work

Subject : Misc

2009 - Client-side threats and a honeyclient-based defense mechanism, Honeyscout
Master Thesis - Clementson, Christian
Linköping University, Department of Electrical Engineering.

2011 - Exposing the Lack of Privacy in File Hosting Services
Universiteit Leuven, Belgium
LEET'11: Proceedings of the 4th USENIX conference on Large-scale exploits and emergent threats

How I started in the field of Information Security

As a teenager I was captivated by technology. My self-taught journey began with dabbling in BASIC development on the Atari 1024ST— yes, the one with cassette decks! The thrill of watching a machine come alive with my commands and logic was nothing short of magical.

I'm grateful to my parents for nurturing my tech inclinations and later transitioned to the iconic IBM x68 architecture. This shift allowed me to delve into the world of 3D modeling and animations with 3D Studio, which later evolved into 3DS Max. I also happen to explore  the realm of music production using "Fast Tracker II", a music tracker with roots in the Demo Scene (Example).

The advent of the Internet was a game-changer for me. It opened doors to a universe of free knowledge, introducing me to the intricacies of networks, protocols, and the intriguing world of cyberattacks.

My deep dive into the Infosec realm began when I stumbled upon an article about a Remote Access Tool named BO (cDC) in the German magazine "ct". At 15, my curiosity was piqued. I was eager to understand its mechanics and the technology that facilitated remote access. This led me to explore the intricacies of IP, TCP, UDP, and the inner workings of operating systems. I dedicated years to building a solid foundational understanding.

By the late 90s, I had analyzed and reverse-engineered a vast number of malicious codes. Back then, the tools for analysis were rudimentary compared to today's standards. To the best of my recollection, there weren't any publicly accessible ones. I took it upon myself to curate what might have been the world's most extensive repository of malware analysis, possibly pioneering the first centrally maintained list of indicators of compromise.

My work gained recognition, with mentions by the SANS Institute, citations in various books, and integration into both commercial and non-commercial IDS rules, as well as AV vendors. Reflecting on it now, I'm struck by the realization that some IDS systems still carry my original signatures.

Much of my personal time was dedicated to learning, reading, and hands-on practice. As I delved into multiple programming languages, explored both binary and dynamic reverse engineering, and immersed myself in an information security environment, significant breakthroughs began to emerge.

During this period, my passion for Information Security truly crystallized. After parting ways with n.runs in mid-2009, I established G-SEC. My vision was to create a local non-profit organization aimed at fostering interest and awareness, especially for those still contemplating their career paths.

My research led me to uncover hundreds of vulnerabilities, including critical defects in key tech components. I pioneered the first Bluetooth cryptographic attack and made the code open-source. I take particular pride in identifying high-profile vulnerabilities in software from giants like Microsoft, Oracle, Google, and Apple. This body of work culminated in IBM X-Force recognizing me as one of the Global Top Vulnerability Discoverers of 2009.