
Hi / Salut / 你好 ?,
I’m a Senior Security Intelligence Engineer at Lookout where I troll the internet for malicious applications and reverse engineer mobile malware. Prior to Lookout, I worked as an Application Security Engineer at Shopify focusing mostly on Android mobile security.
My principal areas of interest are in surveillance and ransomware applications, particularly those targeting activists and journalists. I also conduct dark web research and threat hunting, primarily for Malware as a Service samples.
I’m a fan of languages (especially when they help read malicious logging messages). I’ve completed my HSK2 (汉语水平考试 二) and am preparing to write my HSK三 in late 2021. I speak French at a business competency level.
I graduated with a Bachelor of Computer Science from McGill University in 2012, and am currently pursuing a MSc. in Computer Science with Cybersecurity from The University of York in England (2022). I hold the following GIAC certifications: GCSFA (Certified Smartphone Forensics Analyst), GCIH (Certified Incident Handler) and GSEC (Security Essentials).
Want more details? Find me on LinkedIn.
Publicly Available Technical Research Reports
Sadly, much of my research is private. The following are technical reports publicly available to non-enterprise consumers:
BeiTa Ad, https://blog.lookout.com/beitaplugin-adware
Conferences
CUSEC / Careers in Cybersecurity: The jobs you never knew you wanted, https://www.youtube.com/watch?v=X3xetwM4YYQ
Hackfest / Adventures in Obfuscated Mobile Adware, https://www.youtube.com/watch?v=LBaBNfx70Do
BSidesTO / BeitaAd Research, https://www.youtube.com/watch?v=QlkjOn7xMXg
NorthSec / Evading Vulnerability Exploitation Through Secure Android Development, https://www.youtube.com/watch?v=S0a3EtlB824
GDG / Not the Droid You’re Looking For, https://www.youtube.com/watch?v=_vZ7vp2DC4w
AndroidTO / Auditing Your APKs Like a Black Hat Hacker, https://www.youtube.com/watch?v=5XgZaS19jOU
ShopifyDevs / #noobsec : The Web Security Fundamentals That Every Web Developer Should Know, https://www.youtube.com/watch?v=qCWU5Slg3_I
Interviews
Techopedia / “The Women Who Shaped the Tech World”, https://www.techopedia.com/q1-feature-long-form-the-women-who-shaped-the-tech-world/2/34482
Threatpost / “Dark Web Markets for Stolen Data See Banner Sales”, https://threatpost.com/dark-web-markets-stolen-data/164626/
DICE News / “Why Cybercriminals Still Look for Skilled Developers on Darknet Sites”, https://insights.dice.com/2021/03/08/why-cybercriminals-still-look-for-skilled-developers-on-darknet-sites/
Dark Reading / “Cybercrime ‘Help Wanted’: Job Hunting on the Dark Web“, https://www.darkreading.com/theedge/cybercrime-help-wanted-job-hunting-on-the-dark-web/b/d-id/1340265
Le Monde / Ransomware Mobile (forthcoming)
Canadian Cycling Magazine / Should You Make Your Strava Account Private?, https://cyclingmagazine.ca/sections/feature/should-you-make-your-strava-account-private/
SC Magazine / Chinese-made drone app may be spying on Americans, https://www.scmagazine.com/home/security-news/apts-cyberespionage/chinese-made-drone-app-may-be-spying-on-americans/
SC Magazine / When Women Lead, https://www.scmagazine.com/home/security-news/when-women-lead/
Ars Technica / 238 Google Play apps with >440 million installs made phones nearly unusable, https://arstechnica.com/information-technology/2019/06/238-google-play-apps-with-440-million-installs-made-phones-nearly-unusable/
Tech Republic / Engineering careers are hot. Here’s how women can catapult into the male-dominated field, https://www.techrepublic.com/article/engineering-careers-are-hot-heres-how-women-can-catapult-into-the-male-dominated-field/
The Globe and Mail / Therapy via text? Digital clinic bets on cheaper, on-demand treatment, https://www.theglobeandmail.com/business/article-therapy-via-text-digital-clinic-bets-on-cheaper-on-demand-treatment/
The Verge / Google bans another Chinese app developer for bad ad practices, https://www.theverge.com/2019/7/16/20697205/google-bans-cootek-apps-ad-violations
Women of Silicon Valley / 5 Questions with Kristina Balaam, https://medium.com/the-12-women-of-crypto/5-questions-with-kristina-balaam-ce1eb0d2361e
Speaking Engagements
WoSEC / Finding & Reversing Malicious Mobile Malware, https://www.youtube.com/watch?v=Sf7uwSMQ8W8&feature=youtu.be
The Social / What You Should Know About the Dark Web, https://t.co/XU268gqSVy?amp=1
LuminaPR/ 2021 and the Future of Cybersecurity, https://www.youtube.com/watch?v=_ychUU4UQgg&feature=emb_title
KevTalks, Microsoft / Closing the Gender Gap, https://news.microsoft.com/en-ca/2020/03/12/kevtalks-iwd-special-closing-the-gender-gap-in-the-technology-industry/?ocid=AID2424801_TWITTER_oo_spl100001202029841
KevTalks, Microsoft / 10 Insider Threats, https://news.microsoft.com/en-ca/2020/04/01/kevtalks-episode-10-insider-threats-in-the-workplace-and-how-organizations-can-better-protect-themselves/