Omid Mirzaei


I am a security research lead in the email threat research team at Cisco Talos.
My journey in the cybersecurity domain began during my doctoral studies in the COmputer Security (COSEC) lab at University Carlos III of Madrid (UC3M), Spain, where I immersed myself in Android application triage, malware detection, and characterization — experiences that set the stage for a rewarding research career. This period was immediately followed by my graduate studies in artificial intelligence.
After earning my PhD, I joined the Systems Security Lab (SecLab) at Northeastern University in Boston, MA, serving as both a postdoctoral research associate and a part-time lecturer. During this period, I led a funded project to detect code reuse in advanced Windows malware used in targeted attacks. I also taught several courses on cybersecurity and on applying machine learning to cybersecurity at both the undergraduate and graduate levels.
My areas of expertise and interest include computer security, mobile security, the application of machine learning in security, and the development of more secure and trustworthy AI-based solutions. My dedication and contributions to the field have been recognized through numerous prestigious awards.
In my spare time, I channel my enthusiasm for the field by crafting engaging blog posts, usually focused on the threat research landscape, but also covering topics related to machine learning.
News
Jul 4, 2025 | I will be serving in the program committee for the Network and Distributed System Security (NDSS) symposium. |
Jul 4, 2025 | The Cybernews has reported on my blog about brand impersonation via PDF payloads. |
Jul 3, 2025 | The Dark Reading has reported on my blog about brand impersonation via PDF payloads. |
Jul 3, 2025 | The ISMG has reported on my blog about brand impersonation via PDF payloads. |
Jul 3, 2025 | The Malwarebytes Labs has reported on my blog about brand impersonation via PDF payloads. |
Jul 3, 2025 | The TechRadar has reported on my blog about brand impersonation via PDF payloads. |
News Archive |
Selected Publications
DIMVA'21 | SCRUTINIZER: Detecting Code Reuse in Malware via Decompilation and Machine Learning. [PDF] |
ASIACCS'19 | AndrEnsemble: Leveraging API Ensembles to Characterize Android Malware Families. [PDF] |
FGCS | AndrODet: An Adaptive Android Obfuscation Detector. [PDF] |
ASIACCS'17 | TriFlow: Triaging Android Applications using Speculative Information Flows. [PDF] |
NODY | A New Image Encryption Method: Parallel Sub-Image Encryption with Hyper Chaos. [PDF] |
All Publications |