Thomas H. Ptacek


This is a short bio I wrote because I rant a lot on Twitter but my Twitter bio doesn’t explain anything about who I am or what standing I have to rant about the things I rant about. This bio may not convince you that my ranting is valid or that I should be ranting at all, but I hope that it makes me just a little bit less confusing.

This is where things go that are too long for Twitter or message board comments but not well-formed enough for, like, my amazing blog.

I’m a security researcher, software developer, and a Principal at Latacora. We run security teams for startups.

I’m probably best known as one of the three cofounders of Matasano Security, which was prior to its acquisition by NCC Group one of the largest software security firms in the US. I’ve been working in software security since 1995, and was a member of the industry’s first commercial vulnerability research lab, at Secure Networks. A lot of my work there involved intrusion detection systems.

Two other things I had a hand in that people seem familiar with:

The Matasano Cryptopals Challenges, 7 sets of 8 cryptographic challenges each based on real-world crypto flaws. I have a research interest in practical crypto vulnerabilities; I work on crypto the way other vulnerability researchers work on iOS, or on Windows kernel vulnerabilities.

Microcorruption, a hiring CTF based on memory corruption vulnerabilities on an idealized MSP430. I ran hiring for Matasano, and, briefly, at NCC, and have strong opinions about recruiting.

I’m a reviewer for several security conferences. If I underwent mitosis at this moment, the two beings that would result would be the two highest-karma users on Hacker News.