• Published 7 top-tier papers, 5 co-authored papers, and  3 technical reports.

• Led empirical research on the effectiveness of software security practices in improving real-world security. 

• Designed and executed large-scale qualitative and quantitative studies across open-source ecosystems (npm, PyPI), combining statistical analysis and machine learning to develop and evaluate novel security metrics.

• Worked on an NSF-funded grant and collaborated with sponsors at Google and Cisco.

• Collaboration: Microsoft, Google, GitHub, npm, Cisco.

• Skills: Google BigQuery · Statistical Modeling · MySQL · Git · Linux · Empirical Research · Python · Supply Chain Security · Data Mining · Machine Learning

• Worked on LLM pipeline integrating static analysis with GPT-3.5/GPT-4, improving automated malicious package detection accuracy by 2% across millions of npm packages.

• Investigated prompt strategies (CoT, Iterative Self-Refinement, LLM-as-a-Judge) to extract key threat indicators.

• Optimized pipeline efficiency by reducing LLM-invoked files by 78%, cutting analysis costs by over 76%.

• Built a data infrastructure to collect and construct a benchmark dataset to evaluate malware detection.

• Collaborated with cross-functional teams to integrate AI-driven threat intelligence findings.

• Collaboration: Socket

• Skills: LLM · CodeQL · MySQL · Git · Linux · Empirical Research · Python · Supply Chain Security · JS · Machine Learning

• Conducted an empirical analysis of 1.63 million npm packages to identify data-driven novel attacks.

• Developed a comparison system using attack metrics to detect thousands of compromised npm accounts.

• Collaborated with npm and GitHub to strengthen defense strategies.

• Conducted a survey, validating signals and uncovering eight new security weaknesses.

• Presented findings to different organizations like Microsoft, npm, GitHub, and Cisco.

• Skills: Human Factors · Survey Research · SQL · Python · Supply Chain Security · npm · Large-scale Data Analysis

Integrated and deployed biometric sensing systems (fingerprint and facial recognition) on an embedded access-control platform.

Conducted system-level testing of biometric pipelines, assessing sensor reliability, environmental robustness, and recognition error rates under varying physical conditions.

Collaborated on multi-biometric embedded platforms, ensuring effective hardware–software integration and real-time data processing.

Analyzed video and sensor data to identify physical adversarial conditions and enhance system accuracy.