Michael Rushanan, Ph.D.

Education

Johns Hopkins University

Ph.D. Computer Science • 2016

President, Upsilon Pi Epsilon • 2011 — 2012
Member, Upsilon Pi Epsilon • 2011 — 2016
Second place, Innovate for Healthcare Challenge • 2012

M.S. Security Informatics • 2015

M.S.E. Computer Science • 2015

University of Maryland Baltimore County

B.S. Computer Science • 2009

Industry Experience

Harbor Labs, LLC

Chief Scientist • Oct, 2024 — Present

Lead cybersecurity consulting across the total product lifecycle for more than 100 medical devices and health data systems, supporting IDE, De Novo, Traditional, Special, and Abbreviated 510(k) submissions, PMAs, and postmarket activities.
Design and develop a company-wide cybersecurity risk management (CRM) framework aligned with AAMI TIR57, AAMI/ISO 14971, ISO/IEC 27001, NIST SP 800-30, FDA premarket and postmarket cybersecurity guidance, and EU MDR.
Perform comprehensive CRM activities, including threat modeling, risk assessment, SBOM development and management, cybersecurity requirements definition, architecture views, and evaluation of unresolved anomalies with security impact.
Conduct architecture and design-input cybersecurity gap assessments to evaluate system architecture, cybersecurity exposure, and regulatory alignment.
Design and develop standardized cybersecurity testing methodologies that incorporate vulnerability analysis, penetration testing, and verification of cybersecurity requirements.
Prepare premarket cybersecurity documentation, including architecture views, threat models, cybersecurity risk assessments, SBOMs, cybersecurity labeling, and other submission-ready deliverables.
Develop postmarket cybersecurity management processes, including vulnerability monitoring, coordinated vulnerability disclosure, software update and patching strategies, and periodic cybersecurity testing.
Support regulatory interactions by preparing AINN deficiency responses, pre-submission materials, and other communications with the FDA and regulatory bodies.
Direct secure product development lifecycle (SDLC) implementation for regulated medical devices, improving security controls across firmware, software, mobile, desktop, and cloud systems.
Design and deploy PKI and cryptographic services for embedded systems, mobile and desktop applications, and cloud-based services.
Lead technical project management for all medical device engagements, including scoping, planning, schedules, and multi-team coordination.
Support business operations, including prospecting calls, technical scoping, SoWs, MSAs, NDAs, and engagement planning.
Mentor and lead teams of PhD researchers, graduate engineers, and cybersecurity practitioners; supervise interns and work-study personnel.
Provide technical support for litigation matters, including patent infringement and validity analysis, trade secret and IP cases, contract disputes, antitrust matters, regulatory compliance, and class actions.

Vice President of Medical Security • Oct, 2023 — Oct, 2024

Director of Medical Security • Dec, 2018 — Dec, 2023

Research Scientist • May, 2016 — Dec, 2018

Consultant • Jun, 2015 — May, 2016

Harbor Experts, Inc.

Fellow • Aug, 2025 — Present

Provide expert witness testimony at trial for cases involving medical device cybersecurity, health IT systems, and networking.
Serve as lead investigator on HHS and DOJ contracts related to healthcare IT, medical systems cybersecurity, and HIPAA compliance.

Zeutro, LLC

Software Engineer • Jul, 2015 — May, 2016

Ported attribute-based encryption software to target architectures.
Updated Zeutro library build systems and open-source dependencies.
Ran and tested software on ARM, macOS, Windows, and Android platforms.

National Security Agency

Systems Engineer • Nov, 2003 — Nov, 2010

Provided support for business administration, finance, and technical services.
Implemented proprietary software in Visual Basic, PHP, Perl, and IBM SPSS.
Mentored three high school work-study temporary hires.
Managed servers and services on the intranet.
Implemented web services using HTML, CSS, and JavaScript.
Managed secure network infrastructure for staging and managing COTS software.
Extended third-party services using undocumented API requests.
Provided web-based technical support to external groups and agencies.
Enabled and co-authored workforce surveys.
Mentored one college intern.

Academic Appointments

Johns Hopkins University

Lecturer, Dept. of Computer Science • Jul, 2023 — Present

Teaching Security and Privacy in Computing (SPC) 601.643/443.
Created and teaching Medical Device Cybersecurity (MDC) 601.644/444.
Doctoral thesis co-advisor for:
- Logan Kostick (Summer 2026)
Dissertation committee member for:
- Tushar Jois, JHU (May 2023)
- Maximilian Zinkus, JHU (2024)
Graduate MSSI Capstone Project mentor for:
- Kaixin Du, Dibyajyoti Nath, Ramit Saraswat, and Zhicheng Sun, MeDUSA: Medical Device Universal Security Alignment, Fall 2025
- Jiarou Deng and Yang Yang, A Zero-Knowledge Proof Framework for Secure and Verifiable Software Bill of Materials Validation, Fall 2025
- Pu Ji, Sikai Teng, and Ahmad Faridi, "A Framework for Automating Integrated Static Application Security Testing (SAST) Vulnerability Detection in C and C++ Programs," Spring 2025
- Shun Yang, Tianze Ran, and Ziang Liang, "Postmarket Vulnerability Surveillance for Medical Devices," Spring 2022
Restored the Health and Medical Security (HMS) Lab.

Lecturer, Engineering for Professionals • Jul, 2025 — Present

Created and teaching Medical Device Cybersecurity (MDC) 695.724.

Research Assistant, Dept. of Computer Science • Aug, 2011 — May, 2016

Conducted and published peer-reviewed research on security and privacy in health and medical systems, including implantable and wearable medical devices, health IT infrastructure, and clinical data systems.
Focused research areas included applied cryptography, trusted computing, low-level systems security, embedded and cyber-physical systems, and adversarial analysis of real-world deployed platforms.
Designed, executed, and evaluated experimental systems and empirical security studies, with results published in top-tier security and privacy venues.
Collaborated with faculty and interdisciplinary research teams on systems, cryptography, and healthcare-focused security research.
Contributed to and extended open-source cryptographic research frameworks, including Charm, libfenc, and Pairing-Based Cryptography (PBC), to support experimental cryptographic research.
Served as Lecturer for Hardware Hacking (600.243.13) during Winter 2015, creating and delivering lectures and hands-on demonstrations on low-level systems security.
Supported undergraduate and graduate instruction as a Teaching Assistant for courses including Database Systems, Modern Cryptography, and UI and Mobile Application Development.
Served as Course Assistant for Security and Privacy in Computing and Network Security, grading assignments and holding office hours.
Served as a research program analyst developing cryptographic software to secure electronic medical records using attribute-based encryption, including cross-platform implementation and validation across ARM, x86, and AMD64 architectures on Windows, macOS, and Linux, and integration into a mobile electronic health record system.
Research supported by the U.S. Department of Health and Human Services through the Strategic Healthcare IT Advanced Research Projects on Security (SHARPS) program (Award No. 90TR0003-0).
Research supported by the National Science Foundation through the Trustworthy Health and Wellness (THaW) Frontier (CNS-1329737).

Ph.D. Candidate, Dept. of Computer Science • Nov, 2015 — May, 2016

Ph.D. Student, Dept. of Computer Science • Aug, 2011 — Nov, 2015

Teaching Assistant, Dept. of Computer Science • January, 2012 — May, 2013

Course Assistant, Dept. of Computer Science • August, 2010 — May, 2011

Research Program Analyst, Dept. of Computer Science • Nov, 2010 — Aug, 2011

University of Maryland, Baltimore County

Advisory Board Member, Professional Engineering Program • Oct, 2025 — Present

Provide strategic guidance to align Systems Engineering, Engineering Management, and Technical Management programs with evolving industry and government needs.
Contribute professional insights to strengthen curriculum relevance and integrate modern systems engineering and management tools.
Support student success through mentoring, career readiness initiatives, and employer-engaged projects.
Collaborate with university leadership to expand partnerships across academia, industry, and government.
Advise on emerging trends in medical device cybersecurity, systems risk management, and regulatory science to inform curriculum and applied research.
Participate in working groups focused on curriculum innovation, student pathways, and program growth.
Champion UMBC's mission of inclusive excellence and innovation in engineering education.

University of Michigan

Visiting Scholar, Dept. of Computer Science • January, 2014 — August, 2014

Joined the Archimedes Lab led by Professor Kevin Fu.
Studied medical infusion systems and patient monitors.
Disassembled and recycled pacemakers.
Submitted for IRB review to collect ECG data for empirical analysis.
Automated ECG device button presses using an Arduino and the HID protocol.
Implemented web-based resource depletion attacks using Web Workers.
Engaged in academic research
Collaborated with interuniversity students and faculty.
Researched embedded and passively powered RFID tags.
Implemented additively homomorphic encryption on RFID tags.
Installed RFID tags in a concrete foundation to measure exothermic processes of concrete cement.
Analyzed and classified NetFlow for a local medical campus.

Visiting Scholar, Dept. of Computer Science • May, 2013 — August, 2013

Publications

Refereed Conference Proceedings

Jiarou Deng, Yang Yang, and Michael Rushanan^†. “The SBOM Transparency v. Exposure Dilemma: A Case Study on Adversarial Access to Public SBOMs in Healthcare.” Proceedings of the Healthcare Security Workshop (HealthSec), 2025.
- Paper | Presentation | Artifacts
Kostick, Logan, Michael Rushanan^†, and Tushar M. Jois. “Compliance v. Completeness: A Case Study on SBOMs in Consideration of FDA Premarket Cybersecurity Guidance.” Proceedings of the Healthcare Security Workshop (HealthSec), 2025.
- Paper | Presentation | Artifacts
Paul Martin, Michael Rushanan, Thomas Tantillo, Christoph Lehmann, and Aviel D. Rubin. “Applications of Secure Location Sensing in Healthcare.” Proceedings of ACM Conference of Bioinformatics, Computational Biology, and Health Informatics (BCB), 2016.
- Paper | Presentation
Michael Rushanan, David Russell, and Aviel D. Rubin. “MalloryWorker: Stealthy Computation and Covert Channels using Web Workers.” Proceedings of International Workshop on Security and Trust Management (STM), 2016.
- Paper | Presentation
Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan. “Dancing on the Lip of the Volcano: Chosen Ciphertext Attacks on Apple iMessage.” Proceedings of USENIX Security Symposium (USENIX Security), 2016.
- Paper | Presentation | Video
Joseph Carrigan, Paul Martin, and Michael Rushanan. “KBID: Kerberos Bracelet Identification.” Proceedings of Financial Cryptography and Data Security (FC), 2016.
- Paper
Michael Rushanan and Stephen Checkoway. “Run-DMA.” Proceedings of USENIX Security Workshop on Offensive Technology (WOOT), 2015.
- Paper | Presentation | Artifacts
Michael Rushanan, Denis Foo Kune, Colleen Swanson, and Aviel D. Rubin. “SoK: Security and Privacy in Implantable Medical Devices and Body Area Networks.” Proceedings of IEEE Symposium on Security and Privacy (Oakland), 2014.
- Paper | Presentation

Refereed Journal Articles

Joseph Akinyele, Christina Garman, Ian Miers, Matthew W. Pagano, Michael Rushanan, Matthew Green, and Aviel D. Rubin. “Charm: A Framework for Rapidly Prototyping Cryptosystems.” Journal of Cryptographic Engineering (JCEN), 2013.
- Paper | Artifacts

Posters and Abstracts

Kaixin Du, Dibyajyoti Nath, Ramit Saraswat, Zhicheng Sun, Michael Rushanan^†, and Tushar M. Jois. “A Hands-On Platform for Medical Device Security Education.” ACM SIGCSE Technical Symposium, 2026.
- Abstract | Poster
Jiarou Deng, Yang Yang, and Michael Rushanan^†. “A Zero-Knowledge Framework for Confidential and Verifiable SBOM Validation.” Annual Computer Security Applications Conference (ACSAC), 2025.
- Abstract | Poster
Jessica Ladd, Jenny McManus, Stephan Adelson, Charlotte Gaydos, and Michael Rushanan. “Initial Uptake of STI Partner Notification Website So They Can Know.” International Society for Sexually Transmitted Diseases Research (ISSTDR), 2013.
- Abstract
Michael Rushanan, Denis Foo Kune, Daniel E. Holcomb, and Colleen Swanson. “An Evaluation of ECG use in Cryptography for Implantable Medical Devices and Body Area Networks.” USENIX Security Workshop on Health Information Technologies (HealthTech), 2014.
- Abstract | Video
Miran Alhaideri, Michael Rushanan, Denis Foo Kune, and Kevin Fu. “The Moo and Cement Shoes: Future Directions of A Practical Sense-Control-Actuate Application.” International Workshop on the Swarm at the Edge of the Cloud (SEC), 2013.
- Abstract | Poster
Michael Rushanan, Denis Foo Kune, and Kevin Fu. “aheM: Additively Homomorphic Encryption for the Moo.” Cryptographic Hardware and Embedded Systems (CHES), 2013.
- Abstract | Poster
Michael Rushanan, Miran Alhaideri, Denis Foo Kune, and Kevin Fu. “Towards a Threat Model for Actors in the Swarm.” International Workshop on the Swarm at the Edge of the Cloud (SEC), 2013.
- Abstract | Poster
James F. Philbin, Matthew Green, Yu Ning, Mohmoud Ismail, and Michael Rushanan. “An Efficient Encryption Framework for Medical Images.” Society for Imaging Informatics in Medicine (SIIM), 2013.
- Abstract

Technical Reports

Paul D. Martin, Michael Rushanan, Stephen Checkoway, Matthew Green, and Aviel D. Rubin. “Classifying Network Protocol Implementation Versions: An OpenSSL Case Study.” Technical Report 13-01, Johns Hopkins University, 2013.
- Paper
Jason Gionta and Michael Rushanan. “CSET ’14: 7th Workshop on Cyber Security Experimentation and Test — Conference Reports.” ;login: The USENIX Magazine, Vol. 39, No. 6 (Electronic Supplement), 2014.
- Supplement
Michael Rushanan. “HotSec ’13: Workshop on Hot Topics in Security — Conference Reports.” ;login: The USENIX Magazine (Electronic Supplement), 2013.
- Supplement
Michael Rushanan. “HealthTech ’13: Workshop on Health Information Technologies — Conference Reports.” ;login: The USENIX Magazine (Electronic Supplement), 2013.
- Supplement

Dissertation

Michael A. Rushanan. “An Empirical Analysis of Security and Privacy in Health and Medical Systems.” Doctoral Dissertation, Johns Hopkins University, 2016.
- Paper

^† Principal investigator

Patents

Tushar Jois, Rohan Panaparambil, Michael Rushanan, Aviel D. Rubin. “Enabling Secure Data Communication using the Nervous System.” World Intellectual Property Organization (WIPO), WO 2025/038268 A3, Published application, 2025. Assignee: The Johns Hopkins University.

Expert Witness Consulting

Expert Witness

Cranial Technologies, Inc. v. Ottobock SE & Co. KGAA; Case # 2:23-cv-02320; Patent infringement litigation involving medical device technologies.
- Performed source code review and expert witness testimony.
Department of Justice v. Undisclosed; Case # TBD; Litigation related to EHRs.
- Performed big data review of EHR records.
Department of Justice v. Undisclosed; Case # TBD; Litigation related to EHRs.
- Performed source code review.
Director of the Office for Civil Rights v. Undisclosed; Case # TBD; Litigation related to EHRs.
- Performed source code review.

Litigation Support

US Dominion, Inc. v. Fox News Network; Case # N21C-03-257-EMD; Litigation related to defamation and voting machine security.
- Performed source code review, documentation review, and product testing.
WSOU Investments, LLC v. Cisco Systems Inc.; Case # 6:21-cv-00128-ADA; Litigation related to patents on networking.
- Performed document review, validity analysis, infringement analysis, and report drafting.
WSOU Investments, LLC D/B/A Brazos Licensing and Development v. Microsoft Corporation; Case # 1:18-6:20-cv-00464-ADA; 1:18-6:20-cv-00460-ADA; 1:18-6:20-cv-00457-ADA; Litigation related to patents on telephony management systems and skill-based matchmaking.
- Performed source code review, documentation review, validity analysis, infringement analysis, and report drafting.
Finjan v. Palo Alto Networks; Case # 4:14-CV-04908-PJH; Litigation related to patents on malware scanning gateways.
- Performed invalidity analysis, claim construction analysis, and source code review.
Huawei Technologies Co. v. Verizon Communications Inc.; Case # 6:20-CV-00090; Litigation related to patents on anti-virus and malware detection.
- Performed declaration preparation.
Sable Networks v. Splunk Inc.; Case # 5:21-CV-00040-RWS; Litigation related to intrusion detection and prevention.
- Performed invalidity analysis, claim construction analysis, and service/software testing.
Epic Games, Inc. v. Apple Inc.; Case # 4:20-cv-05640-YGR-TSH; Litigation related to the Sherman Act.
- Performed declaration preparation related to background of technology.
Philips North America LLC; Koninklujke Philips N.V. v. Summit Imaging Inc.; Case # 2:19-cv-01745-JLR; Litigation related to DMCA and Copyright.
- Performed code review and declaration preparation.
California Physicians Service, Inc. D/B/A Blue Shield of California v. Healthplan Services Inc.; Case # 3:18-cv-3730; Litigation related to software quality and security.
- Performed code review, declaration preparation, and experimentation.
Blackberry Limited v. Facebook, Inc.; Case # 2:18-cv-01844; Litigation related to cryptographic techniques.
- Performed declaration preparation and experimentation.
Netfuel, Inc. v. Cisco Systems, Inc.; Case # 5:18-cv-2352-EJD; Litigation related to network packet handling and processing.
- Performed declaration preparation and experimentation.
Rimini Street, Inc. v. Oracle International Corporation, et al.; Case # 2:14-CV-01699 LRH-CWH; Litigation related to false claims on security.
- Performed declaration preparation and experimentation.
Carl Zeiss et al. v. Nikon Corporation et al.; Case # 2:17-cv-03221; Litigation related to patents on image detection algorithms.
- Performed source code review.
Amazon.com Inc., Hulu, LLC, and Netflix, Inc. v. Uniloc Luxembourg S.A.; Case # IPR 2017-00948 (Patent invalidity); Litigation related to systems and methods to prevent software piracy; digital rights management.
- Performed IPR preparation and declaration preparation.
Finjan v. Symantec Corporation; Case # 14-cv-02998-HSG (Patent invalidity and non-infringement); Litigation related to automated analysis and inspection of dynamically generated code (e.g., JavaScript).
- Performed declaration preparation and source code review.
F5 Networks, Inc. v. Radware, LTD.; Case # IPR 2017-00124 (Patent invalidity); Litigation related to data route optimization through a computer network.
- Performed document review.
Sabre GLBL Inc. v. HP Enterprise Services LLC; Case # 1310022761 (Contract dispute); Litigation related to a breach of contract.
- Performed expert report preparation, contract review, and technical interviews.
Palo Alto Networks v. Finjan; Case # IPR 2016-00151 (Patent invalidity); Litigation related to automated analysis and inspection of dynamically generated code (e.g., JavaScript).
- Performed IPR preparation, declaration preparation, and document review.
Palo Alto Networks v. Finjan; Case # IPR 2015-02001 & IPR 2016-00157 (Patent invalidity); Litigation related to automated analysis and inspection of dynamically generated code (e.g., JavaScript).
- Performed IPR preparation, declaration preparation, and document review.
Palo Alto Networks v. Finjan; Case # IPR 2015-01979 (Patent invalidity); Litigation related to automated analysis and inspection of dynamically generated code (e.g., JavaScript).
- Performed IPR preparation, declaration preparation, and document review.
Palo Alto Networks v. Finjan; Case # IPR 2015-01974 (Patent invalidity); Litigation related to automated analysis and inspection of dynamically generated code (e.g., JavaScript).
- Performed IPR preparation, declaration preparation, and document review.
Cap Co. v. McAfee, LLC; Case # IPR 2015-01855, 00216, 00222, 01877 (Patent non-infringement and invalidity); Litigation related to anti-virus scanning.
- Performed network analysis and declaration preparation.
Vir2us Inc. v. Invincea, Inc. and Invincea Labs, LLC; Case # 2:15cvl62 (Patent non-infringement and invalidity); Litigation related to virtual execution environment and browsing environment (sandboxing/isolation).
- Performed source code review.

Security Consulting

Thesys CAT, LLC

Consolidated Audit Trail • 02/2017 – 02/2019

Reviewed Consolidated Audit Trail (CAT) protocol security and correctness for high-throughput transaction processing
Developed CAT supporting systems implementing mutual authentication, query signing, and back-end signature verification
Extended the Java Database Connectivity (JDBC) driver to support authenticated request workflows
Integrated hardware-backed key protection using a SafeNet Luna Network HSM as a root of trust
Designed and deployed PKI services, including an HSM-backed certificate authority
Deployed and configured OpenStack Keystone identity services and Barbican key management
Integrated YubiKey hardware tokens into authentication and signing workflows
Authored cybersecurity policies and operational best-practices documentation
Provided cybersecurity and cryptography consulting support to third parties, including IBM

ToxTrack

Encryption Review • 04/2018

Reviewed fingerprint and fully homomorphic encryption (FHE) cryptographic scheme

Mauriel Kapouytian Woods LLP (MKW)

IT Security Audit • 07/2018

Managed a team that performed an IT security audit
Performed asset and service discovery
Performed physical inspection
Conducted firewall policy review
Executed a network security policy review

Dyadic

EKM Product • 11/2016

Performed product review of Enterprise Key Management (EKM) version 2.0
Performed cryptographic protocol analysis and security policy review

Security First Innovations, LLC

SPx Product Analysis & Secure Boot Research • 11/2015 – 09/2016

Built and deployed virtual infrastructure to deploy SPxSHARC and SPxGateway applications
Performed local, co-located, and cloud penetration testing
Researched boot security including secure boot, trusted boot, and measured boot
Investigated Intel Trusted Execution Technology
Compared and contrasted OS-level technologies, type-I and II hypervisors, and filesystem controls such as full-disk encryption

Special Projects and Ongoing Research

MEDIC™

Jun, 2025 — Present

Designed and developed libmedic (Memory-safe End-to-End Device Integrity and Cryptography), a medical device encryption and authentication library.

CampViews

Nov, 2025 — Present

Provided pro bono cybersecurity assessment for the Nevada Diabetes Association’s CampViews Diabetes Camp mobile application.
Shepherded CampViews through Dexcom integration processes to enable use of Dexcom APIs.

My Heart Your Heart

Aug, 2013 — Jan, 2014

Physically dismantled and analyzed used pacemakers to determine suitability for repurposing or recycling.
Performed electrical testing on pacemakers to assess functionality and safety.

So They Can Know

2011 — 2012

Led backend development for the web application, supporting both front-end integration and backend services.

Open-Source Software Development

libfenc. Contributed to an open-source functional encryption library.
Charm. Contributed to a framework for rapidly prototyping cryptographic schemes.
PBC. Patched and cross-compiled the Pairing-Based Cryptography library.

Technical Expertise

Systems & Software

Operating Systems	Developed software for Windows, macOS, Linux, iOS, Android, Zephyr, and FreeRTOS
Programming Languages	Proficient in C, C++, C#, Java, Python, Perl, Swift, x86 Assembly, Matlab, R, JavaScript, PHP, Go, and Rust Working knowledge of Kotlin, Ruby, Lua, OCaml
Shell Scripting	Automated tasks and managed system operations using Tcl, ZSH, Bash, Fish, and PowerShell
Architectures	Experienced in Arm, AArch64, x86, and x86-64 Working knowledge of RISC-V
Web Frameworks	Developed web applications using Django, Flask, Drupal, and Node.js

Security & Cryptography

Penetration Testing Tools	Installed and managed Kali Linux laptops for on premise testing engagements Used network analysis tools such as Wireshark, nmap, scapy, Nessus, TestSSL, and mitmproxy Used HTTP analysis tools and proxies such as Charles Proxy, BurpSuite, and mitmweb Used reverse engineering and binary analysis tools such as binwalk, IDA Pro, Hooper, and Ghidra Used fuzzers such as boofuzz and AFL Used container analysis tools such as Clair, Trivy, and Anchore Created SBOMs using CycloneDX command line tools such as CycloneDX-CLI and Syft Used software composition analysis tools such as OWASP Dependency-Track Used password cracking software such as John the Ripper and Hashcat Used injection tools such as sqlmap Used Linux, macOS, and Windows auditing tools such as Lynis and Wynis
Hardware and Wireless Tools	Experienced with JTAG and SWD debugging, JTagulator, Immortal Knight DMA PCILeech, Ubertooth One, Yardstick One, HackRF One, GreatFET, Flipper Zero, Chameleon, and HackRF One
Cryptography Software	Developed cryptographic libraries and protocols for embedded, real-time, and general-purpose systems Utilized WolfSSL, BoringSSL, and OpenSSL Implemented AES (GCM, CTR, CBC, CBC-MAC), KP-ABE, and CP-ABE algorithms for various platforms and targets Contributed to Charm Crypto, a framework for prototyping cryptosystems Contributed to libfenc, a functional encryption library Contributed to OpenABE, an attribute-based encryption library Contributed to PBC, a pairing-based cryptography library Worked with the W3C WebCrypto API, SJCL, and CryptoJS before native crypto support was available in browsers
PKI and KMS	Developed PKI process using HSMs such as YubiHSM, Nitrokey HSM, and SafeNet Luna Network HSM (PCIe, USB, and network appliances) Developed using KMSs such as HashiCorp Vault, Azure Key Vault, AWS Key Management Service, and Google Cloud Key Management Service

Infrastructure & Cloud

IT Management	Managed Google Workspace and Microsoft 365 productivity tools for two companies, including configuring SPF, DKIM, and DMARC policies, enforcing authentication and authorization policies (e.g., MFA), setting data retention and on and offboarding policies, etc. Managed GitHub Enterprise account for internal product development and testing artifacts for contract penetration testing Managed AWS services to enable other productivity tools such as Route53 (DNS), ACM (TLS certificate management), LightSail, S3, Cloudfront, Security Groups, and EC2 (for Internet-accessible services and web server management) Managed EC2 Linux-based servers and open-source web and RESTful server software, including OS update and hardening activities Setup and managed Dell enterprise server on-premise, configuring Proxmox Type 1 hypervisor and container orchestration for local virtual machines, penetration testing, and product services Managed Keybase end-to-end encrypted communication for two companies Managed Slack account for Harbor Labs
Cloud	Developed applications using virtual machines, containers, and serverless applications in AWS, Azure, and GCP Deployed OpenStack Cloud
Orchestration	Experienced with Docker, LXC, Kubernetes, MicroK8s, Azure Kubernetes Service (AKS), Google Kubernetes Engine (GKE), and Amazon Elastic Kubernetes Service (EKS) Teach classes using Docker Desktop and containerized applications
Virtualization	Managed type I and II hypervisors including Linux KVM, Proxmox, VMware ESXi, Workstation, and Pro, Virtualbox, and Parallels Used emulation software such as QEMU

News and Media

Presented at DC Systems 007. “Building Medical Devices With Security by Design.” June 10, 2025.
Interviewed for The Health Beat. “Intersection of security and medicine.” August 1, 2021.
Presented at DEF CON 28 — Biohacking Village. “DIY Diabetics and a Million Boluses.” August 7, 2020.
Presented at UL Solutions Webinar. “Cybersecurity in an Era of Smart Pump Interoperability.” February 5, 2020.
Presented at DEF CON 27 — Biohacking Village. “The Attack Surface of a Networked Medical Device.” August 8, 2019.
Interviewed for ABC Radio National – Health Report. “Pacemakers and cybersecurity.” October 8, 2018.
Team interviewed for Southern California Public Radio (KPCC/LAist). “Students figure out how to hack Apple's messaging system (audio available).” March 22, 2016.
Work presented in The Washington Post. “Johns Hopkins researchers discovered encryption flaw in Apple’s iMessage.” March 21, 2016.
Work presented in Johns Hopkins Hub. “Johns Hopkins team uncovers bug in Apple’s iMessage encryption.” March 21, 2016.

Social Links

Github: https://github.com/micharu123
Twitter: https://x.com/micharu123
LinkedIn: https://www.linkedin.com/in/michael-a-rushanan-8a1a8126
Website: https://harborlabs.com/