Curriculum Vitae - Niels Provos

Niels Provos is a German-American computer scientist with a passion for security, swordsmithing, and electronic dance music (EDM). Holding a PhD in Computer Science from the University of Michigan, he has worked at major tech companies like Google and Stripe. As a Distinguished Engineer at Google (2003-2018), he managed security engineering teams and contributed significantly to Google's Safe Browsing systems and DDoS defense infrastructure. Provos served as Stripe's Head of Security from 2018 to 2022 and has been Lacework's Head of Security Efficacy since November 2022. In addition to his professional accomplishments, Niels produces EDM under the artist name Activ8te and co-founded the Cyber-House Collective, a groundbreaking project that fuses cybersecurity and music. The collective brings together renowned security researchers and musicians to create engaging and educational tracks that address critical cybersecurity topics, sparking interest in the field and promoting learning through music.

Experience

  • Head of Security Efficacy, Lacework, Inc., USA. (November 2022 - present)
  • Founder of the Cyberhouse-Collective (May 2022 - present)
    • Cyber-House Collective is a groundbreaking initiative that fuses cybersecurity education with electronic dance music (EDM), bringing together top security researchers and skilled musicians from across the United States.
  • Head of Security, Stripe, Inc., USA. (November 2018 - May 2022)
  • Provos Production (Jan 2012 - present)
    • Electronic Music Producer (Dec 2021 - present): Producing cybersecurity-themed EDM music as Activ8te
    • Blacksmith/Videographer (Jan 2012 - present): Producing videos documenting the exploration of forging swords and knives in Anglo-Saxon and Viking-age styles.
  • Distinguished Engineer, Google, Inc., USA. (August 2003 - November 2018)
    • Manager of Security Engineering teams, e.g. Cloud Security, Data Protection, Safe Browsing, Production Security, etc (2013-2018)
    • Founder, Tech Lead and Manager of Google’s Safe Browsing systems (2006-2013)
    • Developed infrastructure to defend against Distributed Denial of Service (DDoS) attacks (2003-2006)
  • Research Assistant for the Center of Information Technology Integration, University of Michigan, USA. (September 1998 - August 2003)
  • Part-time developer for the OpenBSD project: IPSEC, Key management (photuris, isakmpd), TCP/IP, OpenSSH, … (February 1997 - August 2002)

Education

  • Ph.D. in Computer Science & Engineering, University of Michigan. (August 2003)
    • Dissertation: “Statistical Steganalysis”.
  • Master of Science in Computer Science & Engineering, University of Michigan. (April 2000)
  • Diplom in Mathematics (equivalent to a Master’s degree), Universität Hamburg. (August 1998)
    • Thesis: “Cryptography, especially the RSA algorithm on elliptic curves and Z/nZ”.

Publications

  • Investigating Commercial Pay-Per-Install and the Distribution of Unwanted Software,
    • Kurt Thomas, Juan Antonio Elices Crespo, Ryan Rasti, Jean-Michel Picod, Cait Phillips, Marc-André (MAD) Decoste, Chris Sharp, Fabio Tirelo, Ali Tofigh, Marc-Antoine Courteau, Lucas Ballard, Robert Shield, Nav Jagpal, Moheeb Abu Rajab, Panos Mavrommatis, Niels Provos, Elie Bursztein, Damon McCoy, USENIX Security, August 2016.
  • Ad Injection at Scale: Assessing Deceptive Advertisement Modifications,
    • Kurt Thomas, Elie Bursztein, Chris Grier, Grant Ho, Nav Jagpal, Alexandros Kapravelos, Damon McCoy, Antonio Nappa, Vern Paxson, Paul Pearce, Niels Provos, Moheeb Abu Rajab, IEEE Symposium on Security and Privacy, May 2015.
  • Tick Tock: Building Browser Red Pills from Timing Side Channels,
    • Grant Ho, Dan Boneh, Lucas Ballard, Niels Provos, 8th USENIX Workshop on Offensive Technologies (WOOT 14), August 2014
  • CAMP: Content-Agnostic Malware Protection,
    • Moheeb Abu Rajab, Lucas Ballard, Noe Lutz, Panayiotis Mavrommatis, Niels Provos, ISOC Network and Distributed Systems Security Symposium (NDSS), February 2013.
  • Manufacturing Compromise: The Emergence of Exploit-as-a-Service,
    • Chris Grier, Lucas Ballard, Juan Caballero, Neha Chachra, Christian J. Dietrich, Kirill Levchenko, Panayiotis Mavrommatis, Damon McCoy, Antonio Nappa, Andreas Pitsillidis, Niels Provos, M. Zubair Rafique, Moheeb Abu Rajab, Christian Rossow, Kurt Thomas, Vern Paxson, Stefan Savage, Geoffrey M. Voelker, 19th ACM Conference on Computer and Communications Security (CCS 2012), October 2012.
  • ShellOS: Enabling fast detection and forensic analysis of code injection attacks,
    • K.Z. Snow, S. Krishnan, F. Monrose, and N, Provos, USENIX Security Symposium, August 2011.
  • The Nocebo Effect on the Web: An Analysis of Fake Anti-Virus Distribution,
    • Moheb Abu Rajab, Lucas Ballard, Panayiotis Mavrommatis, Niels Provos, Xin Zhao, 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats, April 2010.
  • All Your iFrames Point to Us,
    • Niels Provos, Panayiotis Mavrommatis, Moheeb Rajab and Fabian Monrose, 17th USENIX Security Symposium, August 2008.
  • To Catch a Predator: A Natural Language Approach for Eliciting Protocol Interaction,
    • Sam Small, Joshua Mason, Fabian Monrose, Niels Provos and Adam Stubblefield, 17th USENIX Security Symposium, August 2008.
  • Peeking Through the Cloud,
    • Moheeb Abu Rajab, Fabian Monrose, Andreas Terzis, Niels Provos, 6th Conference on Applied Cryptography and Network Security (ACNS 2008).
  • Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority,
    • David Dagon, Niels Provos, Chris Lee, and Wenke Lee, ISOC NDSS'08, February 2008.
  • A Framework for Detection and Measurement of Phishing AttacksSujata Garea,
    • Niels Provos, Monica Chew and Aviel D. Rubin, 5th ACM Workshop on Recurring Malcode (WORM 2007), November 2007.
  • The Ghost in the Browser: Analysis of Web-based Malware
    • Niels Provos, Dean McNamee, Panayiotis Mavrommatis, Ke Wang, and Nagendra Modadugu, USENIX Workshop on Hot Topics in Understanding Botnets, April 2007.
  • Search Worms
    • Niels Provos, Joe McClain, Ke Wang, ACM WORM Workshop, November 2006.
  • Cookies Along Trust-Boundaries (CAT): Accurate and Deployable Flood Protection,
    • Martin Casado, Aditya Akella, Pei Cao, Niels Provos, Scott Shenker, SRUTI, July 2006.
  • Flow Cookies: Using Bandwidth Amplification to Defend Against DDoS Flooding Attacks,
    • Martin Casado, Pei Cao, Aditya Akella and Niels Provos, IWQoS 2006 (short paper).
  • Data Reduction for the Scalable Automated Analysis of Distributed Darknet Traffic
    • Michael Bailey, Evan Cooke, Farnam Jahanian, Niels Provos, Karl Rosaen, and David Watson, 2005 Internet Measurement Conference (IMC 2005) Berkeley, California October, 2005
  • A Virtual Honeypot Framework,
    • Niels Provos, 13th USENIX Security Symposium, San Diego, CA, August 2004.
  • Improving Host Security with System Call Policies,
    • Niels Provos, 12th USENIX Security Symposium, Washington, DC, August 2003.
  • Preventing Privilege Escalation,
    • Niels Provos, Markus Friedl and Peter Honeyman, 12th USENIX Security Symposium, Washington, DC, August 2003.
  • Detecting Steganographic Content on the Internet,
    • Niels Provos and Peter Honeyman, ISOC NDSS'02, San Diego, CA, February 2002.
  • ScanSSH - Scanning the Internet for SSH Servers,
    • Niels Provos and Peter Honeyman, 16th USENIX Systems Administration Conference (LISA). San Diego, CA, December 2001.
  • Defending Against Statistical Steganalysis,
    • Niels Provos, 10th USENIX Security Symposium, Washington, DC, August 2001.
  • Analyzing the Overload Behavior of a Simple Web Server,
    • Niels Provos, Chuck Lever and Stephen Tweedie, 4th Annual Linux Showcase & Conference, Atlanta, GA, October 2000.
  • Encrypting Virtual Memory,
    • Niels Provos. 9th USENIX Security Symposium, Denver, CO, August 2000.
  • Scalable Network I/O in Linux,
    • Niels Provos and Chuck Lever. USENIX 2000 Technical Conference, Freenix Track, San Diego, CA, June 2000.
  • The Linux Scalability Project,
    • Peter Honeyman, Chuck E. Lever, Stephen Molloy, and Niels Provos, NLUUG Najaarsconerentie 1999, Netherlands, November 1999.
  • Cryptography in OpenBSD: An Overview,
    • Theo de Raadt, Niklas Hallqvist, Artur Grabowski, Angelos D. Keromytis, and Niels Provos, USENIX ‘99, Freenix Track, Monterey, CA, June 1999.
  • A Future-Adaptable Password Scheme (the electronic version),
    • Niels Provos and David Mazières. USENIX ‘99, Freenix Track, Monterey, CA, June 1999. Note: If you cite this paper, please cite it as the electronic version and include the USENIX URL. USENIX accidentally printed our printer test document in the proceedings.

Patents

Board of Directors

  • Director, USENIX Organization, elected by popular vote, 2 year term: 2012-2014.
  • Director, USENIX Organization, elected by popular vote, 2 year term: 2010-2012.
  • Director, USENIX Organization, elected by popular vote, 2 year term: 2008-2010.
  • Director, USENIX Organization, elected by popular vote, 2 year term: 2006-2008

Program Committees

  • Program Committee, IEEE Symposium on Security and Privacy (2018).
  • Program Committee, IEEE Symposium on Security and Privacy (2017).
  • Program Committee, 24th USENIX Security Symposium (2016).
  • Program Committee, 24th USENIX Security Symposium (2015).
  • Program Committee, IEEE Symposium on Security and Privacy (2015).
  • Program Committee, IEEE Symposium on Security and Privacy (2014).
  • Program Committee, 16th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2013).
  • Program Committee, 22nd USENIX Security Symposium (2013)
  • Program Committee, IEEE Symposium on Security and Privacy (2013).
  • Program Committee, 2012 ACM Conference on Computer and Communication Security (CCS)
  • Program Committee, LEET Workshop 2012
  • Program Committee, HotSec Workshop 2012
  • Program Committee, 21th USENIX Security Symposium (2012)
  • Program Committee, 2012 EuroSys Conference
  • Program Committee, 2011 ACM Conference on Computer and Communication Security (CCS)
  • Program Committee, 20th USENIX Security Symposium (2011)
  • Program Committee, HotCloud (2010)
  • Program Committee, ACM SIGCOMM (SIGCOMM 2010)
  • Program Committee, 19th USENIX Security Symposium (2010)
  • Program Committee, 17th Annual Network and Distributed System Security Symposium (NDSS 2010).
  • Program Committee, 18th USENIX Security Symposium (2009)
  • Program Committee, 2009 USENIX Annual Technical Conference (ATC 2009).
  • Program Committee, 16th Annual Network and Distributed System Security Symposium (NDSS 2009).
  • Program Committee, 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET ‘09)
  • Program Committee, ACM Web 2.0 Security & Privacy Workshop (W2SP 2008)
  • Program Committee, ACM SIGCOMM (SIGCOMM 2008)
  • Program Chair, 3rd Workshop on Hot Topics in Security (HotSec 2008).
  • Program Committee, 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET ‘08)
  • Program Committee, 1st EuroSec Workshop (EuroSec 2008)
  • Program Committee, Internet Measurement Conference (IMC 2008)
  • Program Committee, IEEE Symposium on Security and Privacy (2008).
  • Program Committee, 15th Annual Network and Distributed System Security Symposium (NDSS 2008).
  • Program Committee, 1st Workshop On Offensive Technologies (2007)
  • Program Committee, 2nd HotSec Workshop (2007)
  • Program Committee, Internet Measurement Conference (IMC 2007)
  • Program Committee, ACM SIGCOMM Workshop on Large-Scale Attack Defense (LSAD 2007)
  • Program Chair, 1st Workshop on Hot Topics in Understanding Botnets (HotBots 2007)
  • Program Chair, 16th USENIX Security Symposium (2007)
  • Program Committee, WORM Workshop (2006).
  • Program Committee, ACM SIGCOMM Workshop on Large-Scale Attack Defense (LSAD 2006)
  • Program Committee, 2nd Steps to Reducing Unwanted Traffic on the Internet Workshop (SRUTI 2006)
  • Program Committee, 15th USENIX Security Symposium (2006).
  • Program Committee, 13th Annual Network and Distributed System Security Symposium (NDSS 2006).
  • Program Committee, WORM Workshop (2005).
  • Program Committee, Applied Cryptography and Network Security (2005).
  • Program Committee, IEEE Symposium on Security and Privacy (2005).
  • Program Committee, 14th USENIX Security Symposium (2005).
  • Program Committee, 14th International World Wide Web Conference (WWW2005), Security and Privacy track.
  • Program Committee Chair, USENIX 2005 Freely Distributable Software Track (FREENIX).
  • Program Committee, 12th Annual Network and Distributed System Security Symposium (NDSS 2005).
  • Program Committee, 11th ACM Computer and Commmunications Security, Industry Track (2004).
  • Program Committee, 13th USENIX Security Symposium (2004).
  • Program Committee, 13th International World Wide Web Conference (WWW2004), Security and Privacy track.
  • Program Committee, 12th DFN-CERT Workshop (2004), Hamburg, Germany.
  • Co-chair, Security track, RMLL 2003.
  • Program Committee, 12th USENIX Security Symposium (2003).
  • Program Committee, USENIX 2002 Freely Distributable Software Track (FREENIX).
  • Program Committee, USENIX 2000 Freely Distributable Software Track (FREENIX).

Talks and Presentations

  • “The Future of Computer Security Research”, Opening Keynote, Cyber Security & Privacy Institute, Northeastern, October 2017
  • “Google’s Approach to Infrastructure Security”, Duo Tech Talk, Ann Arbor, August 2017
  • Google Infrastructure Security Design Overview”, Google Cloud NEXT ‘17, San Francisco, March 2017
  • Security”, Keynote, Google NEXT’16, San Francisco, March 2016
  • “Evolution of Badness: A Safe Browsing Perspective”, Keynote RAID 2014, Gothenburg, Sweden, October 2014
  • “Real-World Challenges of Web-Based Malware”, Distinguished Lecture in Computer Science and Engineering, University of Michigan, Ann Arbor, MI, October 2010.
  • “Real-World Challenges of Web-Based Malware”, Google Faculty Summit, Mountain View, CA, August 2010.
  • “All Your iFrame are Point to Us”, USENIX Security 2008, San Jose, CA, July 2008.
  • “All Your iFrame are Point to Us”, Yahoo Security Group, Sunnyvale, CA, July 2008.
  • “The Ghost in the Browser: Analysis of Web-based Malware”, OWASP, Palo Alto, CA, December 2007.
  • “The Ghost in the Browser: Analysis of Web-based Malware”, Stanford Security Seminar, Palo Alto, CA, September 2007.
  • “The Ghost in the Browser: Analysis of Web-based Malware”, USENIX Hot Topics in Understanding Botnets Cambridge, MA, April 2007.
  • “Search Worms”, ACM WORM 2006 Washington, DC, November 2006.
  • “Search Worms”, SPAR Seminar Johns Hopkins, Baltimore, MD, November 2006.
  • “Google Safe Browsing”, TIPPI Workshop, Stanford, CA, June 2006.
  • “Honeyd Virtual Honeypots and Their Applications”, NoAH Workshop, Catania, Italy, May 2006.
  • “Limits of Virtualization”, Panel Discussion, NDSS 2006, San Diego, February 2006.
  • “Honeyd Virtual Honeypots and Their Applications”, Five-College Speaker Series on Information Assurance, Amherst, MA, December 2005.
  • “Honeyd Virtual Honeypots and Their Applications”, Computer Science Colloquium, Perdue, IN, September 2005.
  • “A Virtual Honeypot Framework”, Colloquium, Sonoma State University, CA, March 2005.
  • “Google: A Computer Scientist’s Playground”, Seminar, University of Michigan, Ann Arbor, MI, October 2004.
  • “The Honeyd Honeypot”, DoD Honeygrid Techexchange, Washington, DC, August 2004.
  • “A Virtual Honeypot Framework”, 13th USENIX Security Symposium, San Diego, CA, August 2004.
  • “Honeyd - A Virtual Honeypot Framework”, Security Workshop - Pervasive Technology Lab, Indiana University, Bloomington, IN, June 2004.
  • “Honeyd - A Virtual Honeypot Framework”, CESG, Cheltenham, UK, March 2004.
  • “Systrace - Improving Host Security with System Call Policies”, Apple, Cupertino, CA, December 2003.
  • “Honeyd - A Virtual Honeypot Framework”, Palo Alto Research Center, Palo Alto, CA, December 2003.
  • “Honeyd - A Virtual Honeypot Framework”, Stanford Security Seminar, Palo Alto, CA, November 2003.
  • “Improving Host Security with System Call Policies”, USENIX Security Symposium, Washington, DC, August 2003.
  • “Preventing Privilege Escalation”, USENIX Security Symposium, Washington, DC, August 2003.
  • “The Honeynet Project - Virtual Honeypots”, Lockdown, University of Wisconsin, Madison, July 2003.
  • “Libevent - An Event Notification Library”, Libre Software Meeting, Metz, France, July 2003.
  • “Honeyd - A Virtual Honeypot Daemon”, UW MSRT CMU Software Security Institute, June 2003.
  • “The Practice of Steganalysis”, Seminar, UCSD, San Diego, CA, March 2003.
  • “Honeyd - A Virtual Honeypot Daemon”, 10th DFN-CERT Workshop, Hamburg, Germany, February 2003.
  • “Honeyd - Virtual Honeypots”, Libre Software Meeting, Bordeaux, France, July 2002.
  • “Systrace - Interactive Policy Generation for System Calls”, Libre Software Meeting, Bordeaux, France, July 2002.
  • “Detecting Steganographic Content on the Internet”, Communication Security Establishment, Ottawa, ON, May 2002.
  • “Virtual Honeypots and Hidden Content on the Internet”, CanSecWest, Core02, Vancouver, BC, May 2002.
  • “Detecting Steganographic Content on the Internet”, Columbia Networking Research Center, Columbia University, New York, NY, February 2002.
  • “Detecting Steganographic Content on the Internet”, Network and Distributed System Security Symposium, San Diego, CA, February 2002.
  • “ScanSSH - Scanning the Internet for SSH Servers”, USENIX LISA, San Diego, CA, December 2001.
  • “Detecting Steganographic Content on the Internet”, CSL EE380 Colloquium, Stanford University, Palo Alto, CA, November 2001.
  • “Detecting Steganographic Content on the Internet”, USENIX Security Symposium, Washington, DC, August 2001.
  • “Detecting Steganographic Content on the Internet”, Hackers At Large, University of Twente, Netherlands, August 2001.
  • “Defeating Statistical Steganalysis”, LCS Applied Security Reading Group, MIT, Boston, March 2001.
  • “The IPSec Architecture in OpenBSD”, IPSEC 2000, Paris, October 2000.
  • “Analyzing the Overload Behavior of a Simple Web Server”, Atlanta Linux Showcase, Atlanta, October 2000.
  • “Encrypting Virtual Memory”, USENIX Security Symposium, Denver, August 2000.
  • “Scalable Network I/O in Linux”, USENIX Technical Conference, Freenix Track, San Diego, June 2000.
  • “Encrypted Backing Store”, UM ACM computer security seminar series, April 2000.
  • “OutGuess - Practical Steganography”, UM ACM computer security seminar series, November 1999.
  • “A Future-Adaptable Password Scheme”, USENIX Technical Conference, Freenix Track, Monterey, June 1999.
  • “An overview of the OpenBSD project”, Dug Song and Niels Provos, ACM Tech Luncheon, University of Michigan, April 1999.
  • “TCP/IP Security”, workshop, Hacking in Progress, Netherlands, August 1997.

Technical Skills and Areas of Interest

  • Network Security and Protocols
    • Knowledge in network protocols and techniques, especially network security and cryptography.Advisories: “A simple TCP spoofing attack”, “BIND Vulnerabilities and Solutions”.
  • Operating Systems
    • Knowledge in operating system theory and research, especially security and performance for network intensive applications.Linux kernel development as part of the
      Linux Scalability: scaling of network I/O, poll()/select() improvements.
  • Number Theory and Cryptography
    • Knowledge in the theory of numbers, finite fields and their relation to cryptography. Diploma thesis about elliptic curve cryptography. Steganography, some of my work resulted in OutGuess, a system for practical steganography.
  • Miscellaneous
    • Knowledge of many UNIX-like operating systems: AIX, Linux, *BSD, Solaris, … as well as VMS and others.
    • Programming experience in: C, Perl, Pascal, Python, C++, 680x0 assembly, and many other more esoteric ones.
    • *BSD development: IPSEC and Key Management (photurisd, isakmpd), TCP/IP SACK and New Reno fast recovery, OpenSSH (press release), …
    • Compiler backend optimizations, esp. partial redundancy elimination.

Teaching

  • Teaching Assistant, EECS 598-1 Cryptography and Network Security, University of Michigan, Winter 2001.

Released Software

  • dnsscan
    • a fast scanner for identifying open recursive dns resolvers
  • SpyBye
    • helps web masters determine if their web pages have been compromised and install malware. Released in Feburary, 2007.
  • Disconcert
    • a distributed computing framework for loosely-coupled workstations, part of the steganography detection framework. Released in January, 2003.
  • Systrace
    • fine-grained confinement for multiple applications with multiple policies and interactive policy generation. Released in May, 2002.
  • Honeyd
    • a small daemon for creating virtual honeypots. Released in April, 2002.
  • Privilege Separated OpenSSH
    • use privilege separation to contain unknown programming errors in a completely unprivileged process. Released in March, 2002.
  • Crawl
    • a small and efficient HTTP crawler that saves images it encounters. Released in June, 2001.
  • Vomit
    • voice over misconfigured internet telephones - an VoIP debugging tool. Released in June, 2001.
  • Stegdetect
    • a steganography detection framework. Released in April, 2001.
  • libevent
    • an event notification library. Released in November, 2000.
  • ScanSSH
    • an efficient SSH server version scanner. Released in September, 2000.
  • OutGuess
    • a steganography tool for the JPEG image format that performs statistical corrections to avoid detection. Released in November, 1999.

Thesis Committees

  • Ke Wang, Columbia University, 2006.
  • Angelos Stavrou, Columbia University, 2007.
  • Moheeb Rajab, Johns Hopkins University, 2008.
  • Kevin Snow, Johns Hopkins University, 2014.

Awards

  • Rackham Predoctoral Fellowship, University of Michigan, 2002.
  • Distinguished Achievement Award in Computer Science, University of Michigan, 2002.

Additional Publications

  • Virtual Honeypots: From Botnet Tracking to Intrusion Detection
    Niels Provos and Thorsten Holz, Addison Wesley, July 2007.
  • Diffie-Hellman Group Exchange for the SSH Transport Layer ProtocolMarkus Friedl, Niels Provos and William A. Simpson, Request For Comments (RFC 4419), March 2006.
  • FirewallNiels Provos, Encyclopedia of Information Security, pages to appear, Kluwer 2003.
  • Hide and Seek: An Introduction to SteganographyNiels Provos and Peter Honeyman, IEEE Security & Privacy Magazine, May/June 2003.
  • Honeyd - A VirtualHoneypot Daemon (Extended Abstract) [ps]Niels Provos, 10th DFN-CERT Workshop, Hamburg, Germany, Feburary 2003.
  • Systrace - A tightly locked jail of legitimate system calls
    Marius A. Eriksen and Niels Provos, Linux Magazine, February 2003.
  • Enges Korsett: Systrace setzt Regeln für erlaubte Systemaufrufe durch
    Marius A. Eriksen and Niels Provos, Linux Magazin, January 2003.
  • The Use of HMAC-RIPEMD-160-96 within ESP and AHAngelos D. Keromytis and Niels Provos. Request for Comments (RFC 2857), June 2000.
The views expressed on these pages are my own and do not represent the views of anyone else.
Built with Hugo - Theme Stack designed by Jimmy