I break/fix computer security, uh, stuff! Currently working for Riscure, a security testing lab. You can trust me (to break stuff).

I also break (and fix!) things in my free time; occasionally I write about that. I collect CVEs and t-shirts.


You can e-mail me at (my first name) at zall.org. (key)


I'm narcoleptic, so I'm sleepy a lot. Please let me stand when possible.

My native tongue is English; I also speak Dutch. (In fact, I am Dutch.)


SafeInit: Comprehensive and Practical Mitigation of Uninitialized Read Vulnerabilities
Alyssa Milburn, Cristiano Giuffrida and Herbert Bos
In Proceedings of the 2017 Network and Distributed System Security Symposium (NDSS '17),
San Diego, CA, USA, February 2017

other stuff I like

I enjoy low-level computing, particularly compilers (including working with LLVM/gcc), kernel-level work and embedded platforms.

ScummVM logoI'm fascinated by old computer games. I'm involved in various open source projects in this vein, in particular ScummVM, GemRB and openc2e.

I love explaining stuff. I like giving talks! I've also helped teach a bunch of CS bachelor program courses, and been a TA for others.

Reverse engineering is great fun too; as well as taking apart old computer games, I've also applied my skills for analyzing embedded firmware, and for security work.

You, if you read all of that without closing your browser tab. Have a stroopwafel!