I'm a computer systems security researcher, specializing in low-level systems software and (embedded) hardware. Some keywords to spark your imagination include firmware, SoC design, TrustZone, Secure Boot and Fault Injection. I help people understand and improve the security of embedded systems.

I'm also working on getting my PhD (yes, I went back to academia..) at the VUSec systems security research group, at the Vrije Universiteit Amsterdam. I was previously at Riscure, a hardware security testing lab.


I am on Twitter and Telegram. Also, LinkedIn.

You can also e-mail me at a.a.milburn@vu.nl.

things about me

I'm narcoleptic, so I struggle a lot with being sleepy. I don't like late afternoons! Please let me stand when possible.

My native tongue is English; I also speak Dutch. (In fact, I am Dutch.)

(selected) publications/talks

There will be Glitches: Extracting and Analyzing Automotive Firmware Efficiently  [slides]
Alyssa Milburn, Santiago Cordoba, Nils Wiersma, Ramiro Pareja and Niek Timmers
Presented at Black Hat USA 2018, Las Vegas, NV, USA, August 2018.

Efficient Reverse Engineering of Automotive Firmware
Alyssa Milburn and Niek Timmers
Presented at the escar USA conference 2018, Ypsilanti, MI, USA, June 2018.

SafeInit: Comprehensive and Practical Mitigation of Uninitialized Read Vulnerabilities  [paper]
Alyssa Milburn, Cristiano Giuffrida and Herbert Bos
Presented at the 2017 Network and Distributed System Security Symposium (NDSS '17),
San Diego, CA, USA, February 2017.

other stuff I like

I used to write about security issues I found in software, but that's pretty out-of-date nowadays.

I enjoy low-level computing, particularly compilers (including working with LLVM/gcc), kernel-level work and embedded platforms.

ScummVM logoI'm fascinated by old computer games. I used to be involved in various open source projects in this vein, in particular ScummVM, GemRB and openc2e, back when I had free time.

I love explaining stuff. I like giving talks! I've also helped teach a bunch of CS bachelor program courses, and been a TA for others.

Reverse engineering is great fun too; as well as taking apart old computer games, I've also applied my skills for analyzing embedded firmware, and for security work.

You, if you read all of that without closing your browser tab. Have a stroopwafel!