CORELIGHT LABS
MISSION + TEAM

MISSION
To provide cutting-edge content that enables complete, detailed monitoring of enterprise network activity for threat hunting, analysis, and response.
Team
Team
- Management Team
- Management Team


Ignacio Arnaldo
Principal Data Scientist


Jamie Brim
Security Researcher


Houston Deebockum
Site Reliability Engineer


Mario De Tore
Cloud Security Researcher


Mohan Dhawan
Security Researcher


Paul Dokas
Director of Corelight Labs


Seth Hall
Co-founder & Chief Evangelist


Keith Jones
Senior Security Researcher


Mei Lam
Senior Data Scientist


Simeon Miteff
Security Researcher


Yacin Nadji
Senior Security Researcher


Dubem Nwoji
Security Researcher


Vern Paxson
Co-founder & Chief Scientist


Julien Piet
Research Intern


Ben Reardon
Senior Security Researcher


Adrian Sarno
Data Scientist


Jonathan Stasiak
Research Infrastructure Lead

Ignacio Arnaldo
Principal Data Scientist
Ignacio focuses on using machine learning to solve cybersecurity challenges. He is especially interested in building systems that can put machine learning to use, human-in-the-loop analytics, threat detection, and pentesting. Prior to Corelight, he was chief data scientist at PatternEx, and worked as a researcher at CSAIL, MIT.

Houston Deebockum
Site Reliability Engineer
Houston has more than two decades of experience working in a variety of systems admin and engineering roles at technology companies, with primary expertise in onboarding, administration and management of a number of platforms including Debian Linux, VMWare, CentOS, OpenBSD and Amazon AWS. Prior to joining Corelight he was in the trading infrastructure group at QuantLab group, an algorithmic trading firm. Before that he spent 10 years in various roles at AlertLogic. Houston is based in Houston, TX.

Mario De Tore
Cloud Security Researcher
Mario is a United States Navy veteran who completed tours at multiple overseas locations and at NSA Headquarters conducting both offensive and defensive cyber operations. After leaving the service he joined Mandiant as a Lead Incident Handler and helped build out SOCs in the USA, Singapore & Ireland. Since then he has worked in incident response and platform security roles at FinTech companies such as Square and Grab performing security operations in large-scale production cloud environments. Mario holds a graduate certificate in Incident Response from the SANS Technology Institute and a Bachelor of Science degree from Excelsior College. Mario is currently based in Singapore.

Mohan Dhawan
Security Researcher
Mohan is broadly interested in computer systems, network security, and program analysis. He earned his Ph.D. in computer science from Rutgers University in 2013, focusing on improving the security and privacy of JavaScript-based Web applications. Before joining Corelight, Mohan was a research staff member with IBM Research, India, where he worked on security for enterprise SDNs and cloud deployments, and blockchain infrastructure.

Paul Dokas
Director of Corelight Labs
Paul has more than 20 years of experience in information security with principal specialties in network intrusion detection (Snort, Bro, Suricata, SourceFire, FireEye), incident response, network vulnerability management (Qualys, Nessus, w3af, nmap and many more), computer forensics (SANS 408), firewalls, network security design, perl, python, C, FreeBSD, Linux, Windows. Prior to Corelight, he has held various information security research and management positions at Target, Code42, Thomson Reuters, GE, University of Minnesota and the Ford Motor Company. He has a master's degree in computer science from University of Minnesota and a bachelor's degree in computer science from University of Michigan.

Seth Hall
Co-founder & Chief Evangelist
Seth is co-founder and chief evangelist at Corelight, and a key contributor to the Zeek project - responsible for various frameworks, parsers and Zeek scripts in windspread global deployment. Seth is a frequent source of wisdom and advice on the Zeek mailing list, where he has helped hundreds of organizations successfully deploy Zeek and use it more effectively. He has an appointment in the networking group at the International Computer Science Institute. Many of the insights he has learned operationally have become features and capabiltiies in Zeek and within the Corelight Sensor.

Keith Jones
Senior Security Researcher
Keith is an industry-recognized international expert in computer security with over two decades of experience in cybersecurity, incident response, and computer forensics. His expertise includes software development, innovative prototyping, information security consulting, application security, malware analysis and reverse engineering, software analysis/design and image/video/audio analysis. He is an accomplished instructor and has trained computer forensics and security to thousands of students including the FBI, Secret Service, NSA, RCMP, Assistant U.S. Attorneys, private classes for clients, and public classes.

Simeon Miteff
Security Researcher
Simeon is based in Brisbane Australia and has a background in advanced networks and software engineering. Prior to Corelight, he developed software for maritime intelligence in New Zealand, ran the network operations team at Lawrence Berkeley National Lab in California USA, and helped build the high speed national research and higher education network in South Africa. Simeon has a particular interest in network security software and previously studied using SDN for firewall traffic acceleration. He holds a masters degree in information engineering from Witwatersrand University and bachelor's degrees in computer science from the University of Pretoria and University of South Africa.

Yacin Nadji
Senior Security Researcher
Yacin builds algorithms to better understand network traffic, often in the context of improving security, ascertaining ownership of digital assets, or identifying abuse on the Internet. While completing his Ph.D. at Georgia Tech, he published academic papers in these research areas in a variety of research publications. He is also a volunteer and technology instructor for Black Girls Code.

Dubem Nwoji
Security Researcher
Dubem has a background in network security and data science. Prior to Corelight, he was a Security Fellow at Insight Data Science in San Francisco and a graduate student researcher at the University of Southern California where he earned a Master's degree in Data Informatics. At Corelight, Dubem focuses on developing algorithms for encrypted traffic analysis and inference.

Vern Paxson
Co-founder & Chief Scientist
Vern is co-founder and chief scientist at Corelight, professor of computer science and UC Berkeley and creator of Zeek, the de facto standard open source platform for network security monitoring. A prolific and internationally recognized researcher, he also leads the networking group and security group at the Internation Computer Science Institute, and for decades held a position as the staff scientist at the Lawrence Berkeley National Lab. His wide-ranging research interests include Internet measurement, high performance network monitoring, detection algorithms, and combatting cybercrime, censorship and abusive surveillance.

Julien Piet
Research Intern
Julien designs algorithms to create more robust network inferences using machine learning. He recently developed GGFAST, a tool that analyzes network traffic based on packet length signatures. Before joining Corelight in 2020 as an intern, he earned an master's degree from Ecole polytechnique, in computer systems security.

Ben Reardon
Senior Security Researcher
Ben is based in Brisbane, Australia and has more than 20 years of experience in helping organizations in the finance, cloud, law enforcement and telecommunications sectors design and deploy security controls, detection, response and investigative functions. Prior to Corelight, Ben was a principal engineer in the Threat Detection and Response team at Salesforce and has also served as senior investigator in the Cyberdefense team for NBNCo in Australia. He has a postgraduate certificate in information technology from Queensland University of Technology and a bachelor's degree in civil engineering from The University of Queensland.

Adrian Sarno
Data Scientist
Adrian started his career in Microsoft, designing data analytics modules. He later moved to Ericsson to participate in the development of projects in cooperation with the corporate security team. Since 2017, he has been modeling cyber attacks with machine learning and deep learning. Adrian's tasks involve researching behavioral patterns, designing machine learning algorithms, and developing Deep Learning models for sequence analysis, generative models and text classifiers. He has a master's degree from Trinity College, Dublin and holds a bachelor of science degree in computer science from University of Buenos Aires.

Jonathan Stasiak
Research Infrastructure Lead
Jonathan lives in Lisbon, Portugal and has more than 20 years experience building and and maintaining highly-available infrastructure with a passion for building platforms that augments his team’s output and ability. Prior to Corelight he has held engineering roles at Uber, Cloudflare and Samsung. He is responsible for maintaining Corelight’s Polaris program.
Scientific roots
Grant Ho, Mayank Dhiman, Devdatta Akhawe, Vern Paxson, Stefan Savage, Geoffrey M. Voelker, David Wagner.
Hopper: Modeling and Detecting Lateral Movement.
Proc. USENIX Security Symposium, August 2021.
Keith J. Jones, Yong Wang.
Malgazer: An Automated Malware Classifier With Running Window Entropy and Machine Learning
Sixth International Conference on Mobile And Secure Services (MobiSecServ), 2020.
Ignacio Arnaldo, Kalyan Veeramachaneni.
The Holy Grail of "Systems for Machine Learning": Teaming humans and machine learning for detecting cyber threats.
ACM SIGKDD Explorations Newsletter 21 (2), 39-47, 2019.
Grant Ho, Asaf Cidon, Lior Gavish, Marco Schweighauser, Vern Paxson, Stefan Savage, Geoffrey M. Voelker, David Wagner.
Detecting and Characterizing Lateral Phishing at Scale.
Proc. USENIX Security Symposium, August 2019.
Ankit Arun, Ignacio Arnaldo.
Shooting the Moving Target: Machine Learning in Cybersecurity.
USENIX Conference on Operational Machine Learning (OpML 19), 13-14, 2019.
Ignacio Arnaldo, Kalyan Veeramachaneni, Mei Lam.
eX2: A Framework for Interactive Anomaly Detection.
Intelligent User Interfaces Workshops, 2019.
Ignacio Arnaldo, Ankit Arun, Sumeeth Kyathanahalli, Kalyan Veeramachaneni.
Acquire, Adapt, and Anticipate: Continuous Learning to Block Malicious Domains.
IEEE International Conference on Big Data (Big Data), 1891-1898, 2018.
Grant Ho, Aashish Sharma, Mobin Javed, Vern Paxson, David Wagner.
Detecting Credential Spearphishing Attacks in Enterprise Settings.
Proc. USENIX Security Symposium, August 2017.
Ignacio Arnaldo, Alfredo Cuesta-Infante, Ankit Arun, Mei Lam, Costas Bassias, Kalyan Veeramachaneni.
Learning Representations for Log Data in Cybersecurity.
International Conference on Cyber Security Cryptography and Machine Learning, 2017.
Yizheng Chen, Yacin Nadji, Athanasios Kountouras, Fabian Monrose, Roberto Perdisci, Manos Antonakakis, Nikolaos Vasiloglou.
Practical Attacks Against Graph-based Clustering.
Proceedings of the 24th ACM Conference on Computer and Communications Security (CCS), 2017.
Charles Lever, Robert Walls, Yacin Nadji, David Dagon, Patrick McDaniel, Manos Antonakakis.
Domain-Z: 28 Registrations Later - Measuring the Exploitation of Residual Trust in Domains.
IEEE Symposium on Security and Privacy (Oakland), 2016.
Kalyan Veeramachaneni, Ignacio Arnaldo, Vamsi Korrapati, Constantinos Bassias, Ke Li.
AI^2: Training a Big Data Machine to Defend.
IEEE 2nd International Conference on Big Data Security on Cloud, 2016.
To learn more about joining Corelight Labs, visit our Careers page.
Scientific roots
Hopper: Modeling and Detecting Lateral Movement.
Proc. USENIX Security Symposium, August 2021.
Malgazer: An Automated Malware Classifier With Running Window Entropy and Machine Learning
Sixth International Conference on Mobile And Secure Services (MobiSecServ), 2020.
The Holy Grail of "Systems for Machine Learning": Teaming humans and machine learning for detecting cyber threats.
ACM SIGKDD Explorations Newsletter 21 (2), 39-47, 2019.
Detecting and Characterizing Lateral Phishing at Scale.
Proc. USENIX Security Symposium, August 2019.
Shooting the Moving Target: Machine Learning in Cybersecurity.
USENIX Conference on Operational Machine Learning (OpML 19), 13-14, 2019.
eX2: A Framework for Interactive Anomaly Detection.
Intelligent User Interfaces Workshops, 2019.
Acquire, Adapt, and Anticipate: Continuous Learning to Block Malicious Domains.
IEEE International Conference on Big Data (Big Data), 1891-1898, 2018.
Detecting Credential Spearphishing Attacks in Enterprise Settings.
Proc. USENIX Security Symposium, August 2017.
Learning Representations for Log Data in Cybersecurity.
International Conference on Cyber Security Cryptography and Machine Learning, 2017.
Practical Attacks Against Graph-based Clustering.
Proceedings of the 24th ACM Conference on Computer and Communications Security (CCS), 2017.
Domain-Z: 28 Registrations Later - Measuring the Exploitation of Residual Trust in Domains.
IEEE Symposium on Security and Privacy (Oakland), 2016.
AI^2: Training a Big Data Machine to Defend.
IEEE 2nd International Conference on Big Data Security on Cloud, 2016.