About Me

I’m a computer scientist in Massachusetts with graduate education and 15 years of security-relevant industry experience. I’ve worked hands-on in binary- and source-based static program analysis, symbolic execution, compilers and interpreters, high-performance computing, fuzz testing, application security, secrets detection, and production machine learning systems.

I currently work at Truffle Security doing research and development on secrets detection and all other things secrets-related. Previously, for nearly 4 years, I authored and maintained Nosey Parker, a fast, high-signal secrets detector designed for offensive security engagements.

I love building tools that people use, and I deeply value craftsmanship. I’ve done my very best work when I’m directly involved with the entire product life, including ideation, development, distribution, and working with users to understand their problems and make them successful.

My professional interests focus on making software better, based on the thesis that computers can be leveraged dramatically more than they are today to aid in constructing software that works as intended. This involves things like building correct-by-construction libraries, scaling program analyses to real software, applying fuzzing and property-based testing to existing code, and integrating machine-based checks into the software development process. Imagine—software that works!

You can find a PDF of my resume here. I’ve also written and presented several peer-reviewed publications over the years.

Elsewhere

I’m active on GitHub as @bradlarsen. I sometimes post on Mastodon. You can email me too.

I grudgingly have a LinkedIn account.