Headshot of Justin Cummins

Justin Cummins

M.S. Student, UCDavis
Email:
GPG Key ID: E64CE4E9
Office: 2110 Watershed, One Shields Ave, Davis, CA, 95616

I am a member of the security team at Square. It's a blast; you should join ;). You can keep up with me on twitter @justincummins.

I love the challenges of computer security and try to learn as much as possible about it. I completed my M.S. in computer science at UCDavis. I entered into the Ph.D. program but decided a M.S. better suits my goals. Along the way, I have worked on many projects, gained teaching experience, and been fortunate to have many wonderful internships.

At UCDavis I started some work on a project called Digital Ants, distributed intrusion detection influenced by swarm intelligence algorithms in AI. I have worked on network intrusion detection appliances, e-voting machines, (general) data sanitization frameworks, ways to protect and give users more power w/r/t privacy in mobile operating systems (e.g. Android), and web application vulnerability detection.

My advisor was Matt Bishop and I spent many, many hours in the seclab. Occasionally, I post on the Seclab Blog.

Professional Experience

Square Security Engineer - San Francisco, CA - April 2011 - Present

  • As part of the Square security team, I work on many different projects and love the variety of skills I get to use and expand upon.
  • We could absolutely use more great people. If you're interested feel free to contact me or check out our jobs page.

Google Software Engineering Intern - Mountain View, CA - Summer 2010

  • Enhanced Lemon, an automated web application security testing tool.

NASA Ames Research Intern - Moffett Field, CA - Summer 2009

  • Researched and prototyped tools and systems to support the agency security operations center (SOC).

RSA, Security Division of EMC Intern - San Mateo, CA - Summer 2008

  • Created configurable stress testing environment for data leak prevention (DLP) network appliances.
  • Engineered and performance tested scaling and graduated fail-over for data leak prevention (DLP) appliances.

Sandia National Lab, CCD Intern - Livermore, CA - Summer 2007

  • Team-based red teaming project on network devices.

Counterstorm Intern - New York, NY - June 2005 to August 2006

  • Dramatically reduced false positive rate of intrusion detection.
  • Analyzed anomalous network events from customer sites using forensics tools, sandbox testing, and in-house tools and tracked botnets, compromised servers, and worms.
    • `
  • Pen-tested our network appliance and discovered vulnerabilities such as reflective and persistent XSS and configuration errors such as supporting export and weak cipher options with SSL.

NUCIA Researcher - Omaha, NE - June 2003 to June 2005

  • Researched current, practical, multi-level secure (MLS) operating systems for defense and military use.
  • Produced and refined curriculum and laboratory exercises for computer security courses including secure system administration, networking, and forensics.

Naval Research Lab, CHACS Intern - Washington, DC - Summer 2004

  • Developed sound optimizations for code generation from formally modeled system specifications.
Education

I grew up in Omaha, NE and attended college there at the University of Nebraska at Omaha. I double majored in Computer Science and Mathematics graduated in 2006. While there, I benefited greatly from the computer security group, NUCIA, and completed the concentration for Information Assurance.

After completing my undergraduate degree, I enrolled in the computer science department at UCDavis and plan to graduate March 2011.

Instruction Experience

I have a fairly substantial teaching record, at one time or another TA'ing many of the core undergraduate CS courses. Each course has different duties but often involve developing lectures (discussion and sometimes primary), developing assignments, programming, grading, office hours, and lab assistance. Courses where I have been a teaching assistant:

  • ECS140A - Programming Languages with Prof. Ron Olsson, Fall 2009 and Fall 2010
  • ECS60 - Data Structures & Algorithms with Sean Davis, Fall 2007 and Winter 2008
  • ECS40 - Intro. to Software Development & OO Programming with Prof. Hao Chen, Spring 2010
  • ECS30 - Intro. to Programming with Prof. S. Felix Wu, Fall 2008
  • ECS10 - Basic Concepts of Computing with Prof. Matt Bishop, Spring 2009
  • ECS10 - Basic Concepts of Computing with Sean Davis, Winter 2009

Publications

M. Bishop, J. Cummins, S. Peisert, A. Singh, B. Bhumiratana, D. Agarwal, D. Frincke, and M. Hogarth, "Relationships and Data Sanitization: A Study in Scarlet,"Proceedings of the 2010 New Security Paradigms Workshop (Sep. 2010).

E. Proebstel, S. Riddle, F. Hsu, J. Cummins, F. Oakley, T. Stanionis, and M. Bishop, "An Analysis of the Hart Intercivic DAU eSlate," Proceedings of the 2007 USENIX/ACCURATE Electronic Voting Technology Workshop (Aug. 2007). PDF