Hi / Salut / 你好 👋，

I’m a Senior Security Intelligence Engineer at Lookout where I troll the internet for malicious applications and reverse engineer mobile malware. Prior to Lookout, I worked as an Application Security Engineer at Shopify focusing mostly on Android mobile security.

My principal areas of interest are in surveillance and ransomware applications, particularly those targeting activists and journalists. I also conduct dark web research and threat hunting, primarily for Malware as a Service samples.

I’m a fan of languages (especially when they help read malicious logging messages). I’ve completed my HSK2 (汉语水平考试 二) and am preparing to write my HSK三 in late 2021. I speak French at a business competency level.

I graduated with a Bachelor of Computer Science from McGill University in 2012, and am currently pursuing a MSc. in Computer Science with Cybersecurity from The University of York in England (2022). I hold the following GIAC certifications: GCSFA (Certified Smartphone Forensics Analyst), GCIH (Certified Incident Handler) and GSEC (Security Essentials).

Want more details? Find me on LinkedIn.

Publicly Available Technical Research Reports

Sadly, much of my research is private. The following are technical reports publicly available to non-enterprise consumers:

BeiTa Ad, https://blog.lookout.com/beitaplugin-adware

Conferences

CUSEC / Careers in Cybersecurity: The jobs you never knew you wanted, https://www.youtube.com/watch?v=X3xetwM4YYQ

Hackfest / Adventures in Obfuscated Mobile Adware, https://www.youtube.com/watch?v=LBaBNfx70Do

BSidesTO / BeitaAd Research, https://www.youtube.com/watch?v=QlkjOn7xMXg

NorthSec / Evading Vulnerability Exploitation Through Secure Android Development, https://www.youtube.com/watch?v=S0a3EtlB824

GDG / Not the Droid You’re Looking For, https://www.youtube.com/watch?v=_vZ7vp2DC4w

AndroidTO / Auditing Your APKs Like a Black Hat Hacker, https://www.youtube.com/watch?v=5XgZaS19jOU

ShopifyDevs / #noobsec : The Web Security Fundamentals That Every Web Developer Should Know, https://www.youtube.com/watch?v=qCWU5Slg3_I

Interviews

Techopedia / “The Women Who Shaped the Tech World”, https://www.techopedia.com/q1-feature-long-form-the-women-who-shaped-the-tech-world/2/34482

Threatpost / “Dark Web Markets for Stolen Data See Banner Sales”, https://threatpost.com/dark-web-markets-stolen-data/164626/

DICE News / “Why Cybercriminals Still Look for Skilled Developers on Darknet Sites”, https://insights.dice.com/2021/03/08/why-cybercriminals-still-look-for-skilled-developers-on-darknet-sites/

Dark Reading / “Cybercrime ‘Help Wanted’: Job Hunting on the Dark Web“, https://www.darkreading.com/theedge/cybercrime-help-wanted-job-hunting-on-the-dark-web/b/d-id/1340265

Le Monde / Ransomware Mobile (forthcoming)

Canadian Cycling Magazine / Should You Make Your Strava Account Private?, https://cyclingmagazine.ca/sections/feature/should-you-make-your-strava-account-private/

SC Magazine / Chinese-made drone app may be spying on Americans, https://www.scmagazine.com/home/security-news/apts-cyberespionage/chinese-made-drone-app-may-be-spying-on-americans/

SC Magazine / When Women Lead, https://www.scmagazine.com/home/security-news/when-women-lead/

Ars Technica / 238 Google Play apps with >440 million installs made phones nearly unusable, https://arstechnica.com/information-technology/2019/06/238-google-play-apps-with-440-million-installs-made-phones-nearly-unusable/

Tech Republic / Engineering careers are hot. Here’s how women can catapult into the male-dominated field, https://www.techrepublic.com/article/engineering-careers-are-hot-heres-how-women-can-catapult-into-the-male-dominated-field/

The Globe and Mail / Therapy via text? Digital clinic bets on cheaper, on-demand treatment, https://www.theglobeandmail.com/business/article-therapy-via-text-digital-clinic-bets-on-cheaper-on-demand-treatment/

The Verge / Google bans another Chinese app developer for bad ad practices, https://www.theverge.com/2019/7/16/20697205/google-bans-cootek-apps-ad-violations

Women of Silicon Valley / 5 Questions with Kristina Balaam, https://medium.com/the-12-women-of-crypto/5-questions-with-kristina-balaam-ce1eb0d2361e

Speaking Engagements

WoSEC / Finding & Reversing Malicious Mobile Malware, https://www.youtube.com/watch?v=Sf7uwSMQ8W8&feature=youtu.be

The Social / What You Should Know About the Dark Web, https://t.co/XU268gqSVy?amp=1

LuminaPR/ 2021 and the Future of Cybersecurity, https://www.youtube.com/watch?v=_ychUU4UQgg&feature=emb_title

KevTalks, Microsoft / Closing the Gender Gap, https://news.microsoft.com/en-ca/2020/03/12/kevtalks-iwd-special-closing-the-gender-gap-in-the-technology-industry/?ocid=AID2424801_TWITTER_oo_spl100001202029841

KevTalks, Microsoft / 10 Insider Threats, https://news.microsoft.com/en-ca/2020/04/01/kevtalks-episode-10-insider-threats-in-the-workplace-and-how-organizations-can-better-protect-themselves/