Michael Rushanan, Ph.D.
1777 Reisterstown Rd, Pikesville • 1-855-CYBR-SCI • mike@harborlabs.com
Dr. Michael Rushanan is Chief Scientist at Harbor Labs, Fellow at Harbor Experts, and Lecturer in Computer Science at Johns Hopkins University. With over two decades in systems and software security, network security, and applied cryptography, he leads innovation in secure development, risk management, vulnerability assessment, and penetration testing for global medical device manufacturers. He teaches Medical Device Cybersecurity (MDC)—a course he designed to meet the need for applied education in this area. Dr. Rushanan also directs federal cybersecurity work with the U.S. FDA, HHS, and DOJ, and has testified on health and medical systems. His research has appeared in venues such as USENIX Security, and he holds patents in cybersecurity, data signaling, and artificial intelligence.
Education
Johns Hopkins University
Ph.D. Computer Science • 2016
- President, Upsilon Pi Epsilon • 2011 — 2012
- Member, Upsilon Pi Epsilon • 2011 — 2016
- Second place, Innovate for Healthcare Challenge • 2012
M.S. Security Informatics • 2015
M.S.E. Computer Science • 2015
University of Maryland Baltimore County
B.S. Computer Science • 2009
Industry Experience
Harbor Labs, LLC
Chief Scientist • Oct, 2024 — Present
- Lead cybersecurity consulting across the total product lifecycle for more than 100 medical devices and health data systems, supporting IDE, De Novo, Traditional, Special, and Abbreviated 510(k) submissions, PMAs, and postmarket activities.
- Design and develop a company-wide cybersecurity risk management (CRM) framework aligned with AAMI TIR57, AAMI/ISO 14971, ISO/IEC 27001, NIST SP 800-30, FDA premarket and postmarket cybersecurity guidance, and EU MDR.
- Perform comprehensive CRM activities, including threat modeling, risk assessment, SBOM development and management, cybersecurity requirements definition, architecture views, and evaluation of unresolved anomalies with security impact.
- Conduct architecture and design-input cybersecurity gap assessments to evaluate system architecture, cybersecurity exposure, and regulatory alignment.
- Design and develop standardized cybersecurity testing methodologies that incorporate vulnerability analysis, penetration testing, and verification of cybersecurity requirements.
- Prepare premarket cybersecurity documentation, including architecture views, threat models, cybersecurity risk assessments, SBOMs, cybersecurity labeling, and other submission-ready deliverables.
- Develop postmarket cybersecurity management processes, including vulnerability monitoring, coordinated vulnerability disclosure, software update and patching strategies, and periodic cybersecurity testing.
- Support regulatory interactions by preparing AINN deficiency responses, pre-submission materials, and other communications with the FDA and regulatory bodies.
- Direct secure product development lifecycle (SDLC) implementation for regulated medical devices, improving security controls across firmware, software, mobile, desktop, and cloud systems.
- Design and deploy PKI and cryptographic services for embedded systems, mobile and desktop applications, and cloud-based services.
- Lead technical project management for all medical device engagements, including scoping, planning, schedules, and multi-team coordination.
- Support business operations, including prospecting calls, technical scoping, SoWs, MSAs, NDAs, and engagement planning.
- Mentor and lead teams of PhD researchers, graduate engineers, and cybersecurity practitioners; supervise interns and work-study personnel.
- Provide technical support for litigation matters, including patent infringement and validity analysis, trade secret and IP cases, contract disputes, antitrust matters, regulatory compliance, and class actions.
Vice President of Medical Security • Oct, 2023 — Oct, 2024
Director of Medical Security • Dec, 2018 — Dec, 2023
Research Scientist • May, 2016 — Dec, 2018
Consultant • Jun, 2015 — May, 2016
Harbor Experts, Inc.
Fellow • Aug, 2025 — Present
- Provide expert witness testimony at trial for cases involving medical device cybersecurity, health IT systems, and networking.
- Serve as lead investigator on HHS and DOJ contracts related to healthcare IT, medical systems cybersecurity, and HIPAA compliance.
Zeutro, LLC
Software Engineer • Jul, 2015 — May, 2016
- Ported attribute-based encryption software to target architectures.
- Updated Zeutro library build systems and open-source dependencies.
- Ran and tested software on ARM, macOS, Windows, and Android platforms.
National Security Agency
Systems Engineer • Nov, 2003 — Nov, 2010
- Provided support for business administration, finance, and technical services.
- Implemented proprietary software in Visual Basic, PHP, Perl, and IBM SPSS.
- Mentored three high school work-study temporary hires.
- Managed servers and services on the intranet.
- Implemented web services using HTML, CSS, and JavaScript.
- Managed secure network infrastructure for staging and managing COTS software.
- Extended third-party services using undocumented API requests.
- Provided web-based technical support to external groups and agencies.
- Enabled and co-authored workforce surveys.
- Mentored one college intern.
Academic Appointments
Johns Hopkins University
Adjunct Associate Research Scientist, Dept. of Computer Science • Feb, 2026 — Present
- Principal investigator for Health and Medical Security Lab
- Teaching Security and Privacy in Computing (SPC) 601.643/443.
- Created and teaching Medical Device Cybersecurity (MDC) 601.644/444.
- Doctoral thesis co-advisor for:
- Dissertation committee member for:
- Graduate MSSI Capstone Project mentor for:
- Kaixin Du, Dibyajyoti Nath, Ramit Saraswat, and Zhicheng Sun, MeDUSA: Medical Device Universal Security Alignment, Fall 2025
- Jiarou Deng and Yang Yang, A Zero-Knowledge Proof Framework for Secure and Verifiable Software Bill of Materials Validation, Fall 2025
- Pu Ji, Sikai Teng, and Ahmad Faridi, "A Framework for Automating Integrated Static Application Security Testing (SAST) Vulnerability Detection in C and C++ Programs," Spring 2025
- Shun Yang, Tianze Ran, and Ziang Liang, "Postmarket Vulnerability Surveillance for Medical Devices," Spring 2022
- Restored the Health and Medical Security (HMS) Lab.
Lecturer, Dept. of Computer Science • Jul, 2023 — Present
Lecturer, Engineering for Professionals • Jul, 2025 — Present
- Created and teaching Medical Device Cybersecurity (MDC) 695.724.
Research Assistant, Dept. of Computer Science • Aug, 2011 — May, 2016
- Conducted and published peer-reviewed research on security and privacy in health and medical systems, including implantable and wearable medical devices, health IT infrastructure, and clinical data systems.
- Focused research areas included applied cryptography, trusted computing, low-level systems security, embedded and cyber-physical systems, and adversarial analysis of real-world deployed platforms.
- Designed, executed, and evaluated experimental systems and empirical security studies, with results published in top-tier security and privacy venues.
- Collaborated with faculty and interdisciplinary research teams on systems, cryptography, and healthcare-focused security research.
- Contributed to and extended open-source cryptographic research frameworks, including Charm, libfenc, and Pairing-Based Cryptography (PBC), to support experimental cryptographic research.
- Served as Lecturer for Hardware Hacking (600.243.13) during Winter 2015, creating and delivering lectures and hands-on demonstrations on low-level systems security.
- Supported undergraduate and graduate instruction as a Teaching Assistant for courses including Database Systems, Modern Cryptography, and UI and Mobile Application Development.
- Served as Course Assistant for Security and Privacy in Computing and Network Security, grading assignments and holding office hours.
- Served as a research program analyst developing cryptographic software to secure electronic medical records using attribute-based encryption, including cross-platform implementation and validation across ARM, x86, and AMD64 architectures on Windows, macOS, and Linux, and integration into a mobile electronic health record system.
- Research supported by the U.S. Department of Health and Human Services through the Strategic Healthcare IT Advanced Research Projects on Security (SHARPS) program (Award No. 90TR0003-0).
- Research supported by the National Science Foundation through the Trustworthy Health and Wellness (THaW) Frontier (CNS-1329737).
Ph.D. Candidate, Dept. of Computer Science • Nov, 2015 — May, 2016
Ph.D. Student, Dept. of Computer Science • Aug, 2011 — Nov, 2015
Teaching Assistant, Dept. of Computer Science • January, 2012 — May, 2013
Course Assistant, Dept. of Computer Science • August, 2010 — May, 2011
Research Program Analyst, Dept. of Computer Science • Nov, 2010 — Aug, 2011
University of Maryland, Baltimore County
Advisory Board Member, Professional Engineering Program • Oct, 2025 — Present
- Provide strategic guidance to align Systems Engineering, Engineering Management, and Technical Management programs with evolving industry and government needs.
- Contribute professional insights to strengthen curriculum relevance and integrate modern systems engineering and management tools.
- Support student success through mentoring, career readiness initiatives, and employer-engaged projects.
- Collaborate with university leadership to expand partnerships across academia, industry, and government.
- Advise on emerging trends in medical device cybersecurity, systems risk management, and regulatory science to inform curriculum and applied research.
- Participate in working groups focused on curriculum innovation, student pathways, and program growth.
- Champion UMBC's mission of inclusive excellence and innovation in engineering education.
University of Michigan
Visiting Scholar, Dept. of Computer Science • January, 2014 — August, 2014
- Joined the Archimedes Lab led by Professor Kevin Fu.
- Studied medical infusion systems and patient monitors.
- Disassembled and recycled pacemakers.
- Submitted for IRB review to collect ECG data for empirical analysis.
- Automated ECG device button presses using an Arduino and the HID protocol.
- Implemented web-based resource depletion attacks using Web Workers.
- Engaged in academic research
- Collaborated with interuniversity students and faculty.
- Researched embedded and passively powered RFID tags.
- Implemented additively homomorphic encryption on RFID tags.
- Installed RFID tags in a concrete foundation to measure exothermic processes of concrete cement.
- Analyzed and classified NetFlow for a local medical campus.
Visiting Scholar, Dept. of Computer Science • May, 2013 — August, 2013
Publications
Refereed Conference Proceedings
-
Jiarou Deng, Yang Yang, and Michael Rushanan†. “The SBOM Transparency v. Exposure Dilemma: A Case Study on Adversarial Access to Public SBOMs in Healthcare.” Proceedings of the Healthcare Security Workshop (HealthSec), 2025.
-
Kostick, Logan, Michael Rushanan†, and Tushar M. Jois. “Compliance v. Completeness: A Case Study on SBOMs in Consideration of FDA Premarket Cybersecurity Guidance.” Proceedings of the Healthcare Security Workshop (HealthSec), 2025.
-
Paul Martin, Michael Rushanan, Thomas Tantillo, Christoph Lehmann, and Aviel D. Rubin. “Applications of Secure Location Sensing in Healthcare.” Proceedings of ACM Conference of Bioinformatics, Computational Biology, and Health Informatics (BCB), 2016.
-
Michael Rushanan, David Russell, and Aviel D. Rubin. “MalloryWorker: Stealthy Computation and Covert Channels using Web Workers.” Proceedings of International Workshop on Security and Trust Management (STM), 2016.
-
Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan. “Dancing on the Lip of the Volcano: Chosen Ciphertext Attacks on Apple iMessage.” Proceedings of USENIX Security Symposium (USENIX Security), 2016.
- Paper | Presentation | Video
-
Joseph Carrigan, Paul Martin, and Michael Rushanan. “KBID: Kerberos Bracelet Identification.” Proceedings of Financial Cryptography and Data Security (FC), 2016.
-
Michael Rushanan and Stephen Checkoway. “Run-DMA.” Proceedings of USENIX Security Workshop on Offensive Technology (WOOT), 2015.
-
Michael Rushanan, Denis Foo Kune, Colleen Swanson, and Aviel D. Rubin. “SoK: Security and Privacy in Implantable Medical Devices and Body Area Networks.” Proceedings of IEEE Symposium on Security and Privacy (Oakland), 2014.
Refereed Journal Articles
-
Joseph Akinyele, Christina Garman, Ian Miers, Matthew W. Pagano, Michael Rushanan, Matthew Green, and Aviel D. Rubin. “Charm: A Framework for Rapidly Prototyping Cryptosystems.” Journal of Cryptographic Engineering (JCEN), 2013.
Posters and Abstracts
-
Kaixin Du, Dibyajyoti Nath, Ramit Saraswat, Zhicheng Sun, Michael Rushanan†, and Tushar M. Jois. “A Hands-On Platform for Medical Device Security Education.” ACM SIGCSE Technical Symposium, 2026.
-
Jiarou Deng, Yang Yang, and Michael Rushanan†. “A Zero-Knowledge Framework for Confidential and Verifiable SBOM Validation.” Annual Computer Security Applications Conference (ACSAC), 2025.
-
Jessica Ladd, Jenny McManus, Stephan Adelson, Charlotte Gaydos, and Michael Rushanan. “Initial Uptake of STI Partner Notification Website So They Can Know.” International Society for Sexually Transmitted Diseases Research (ISSTDR), 2013.
-
Michael Rushanan, Denis Foo Kune, Daniel E. Holcomb, and Colleen Swanson. “An Evaluation of ECG use in Cryptography for Implantable Medical Devices and Body Area Networks.” USENIX Security Workshop on Health Information Technologies (HealthTech), 2014.
- Abstract | Video
-
Miran Alhaideri, Michael Rushanan, Denis Foo Kune, and Kevin Fu. “The Moo and Cement Shoes: Future Directions of A Practical Sense-Control-Actuate Application.” International Workshop on the Swarm at the Edge of the Cloud (SEC), 2013.
- Abstract | Poster
-
Michael Rushanan, Denis Foo Kune, and Kevin Fu. “aheM: Additively Homomorphic Encryption for the Moo.” Cryptographic Hardware and Embedded Systems (CHES), 2013.
-
Michael Rushanan, Miran Alhaideri, Denis Foo Kune, and Kevin Fu. “Towards a Threat Model for Actors in the Swarm.” International Workshop on the Swarm at the Edge of the Cloud (SEC), 2013.
-
James F. Philbin, Matthew Green, Yu Ning, Mohmoud Ismail, and Michael Rushanan. “An Efficient Encryption Framework for Medical Images.” Society for Imaging Informatics in Medicine (SIIM), 2013.
Technical Reports
-
Paul D. Martin, Michael Rushanan, Stephen Checkoway, Matthew Green, and Aviel D. Rubin. “Classifying Network Protocol Implementation Versions: An OpenSSL Case Study.” Technical Report 13-01, Johns Hopkins University, 2013.
-
Jason Gionta and Michael Rushanan. “CSET ’14: 7th Workshop on Cyber Security Experimentation and Test — Conference Reports.” ;login: The USENIX Magazine, Vol. 39, No. 6 (Electronic Supplement), 2014.
-
Michael Rushanan. “HotSec ’13: Workshop on Hot Topics in Security — Conference Reports.” ;login: The USENIX Magazine (Electronic Supplement), 2013.
-
Michael Rushanan. “HealthTech ’13: Workshop on Health Information Technologies — Conference Reports.” ;login: The USENIX Magazine (Electronic Supplement), 2013.
Dissertation
-
Michael A. Rushanan. “An Empirical Analysis of Security and Privacy in Health and Medical Systems.” Doctoral Dissertation, Johns Hopkins University, 2016.
Patents
- Tushar Jois, Rohan Panaparambil, Michael Rushanan, Aviel D. Rubin. “Enabling Secure Data Communication using the Nervous System.” World Intellectual Property Organization (WIPO), WO 2025/038268 A3, Published application, 2025. Assignee: The Johns Hopkins University.
Expert Witness Consulting
Expert Witness
-
Cranial Technologies, Inc. v. Ottobock SE & Co. KGAA;
Case # 2:23-cv-02320; Patent Infringement; Litigation involving medical device technologies.
- Performed expert testimony at deposition and source code review.
-
United States of America ex rel. Ronda Osinek v. Kaiser Permanente, et al.;
Case # 3:13-cv-03891-EMC; False Claims Act Violation; Litigation related to invalid diagnosis codes for Medicare Advantage Plan enrollees.
- Performed big data analysis of EHR records.
-
Department of Justice v. Undisclosed;
Case # TBD; Litigation related to EHRs.
- Performed source code review.
-
Director of the Office for Civil Rights v. Undisclosed;
Case # TBD; Litigation related to EHRs.
- Performed source code review.
Litigation Support
-
US Dominion, Inc. v. Fox News Network;
Case # N21C-03-257-EMD; Defamation; Litigation related to voting machine software and computer security.
- Performed source code review, documentation review, and product testing.
-
WSOU Investments, LLC d/b/a Brazos Licensing and Development v. Cisco Systems Inc.;
Case # 6:21-cv-00128-ADA; Patent Infringement and Validity; Litigation related to networking.
- Performed document review, validity analysis, infringement analysis, and report drafting.
-
WSOU Investments, LLC D/B/A Brazos Licensing and Development v. Microsoft Corporation;
Case # 1:18-6:20-cv-00464-ADA; 1:18-6:20-cv-00460-ADA; 1:18-6:20-cv-00457-ADA; Patent Infringement and Validity; Litigation related to telephony management systems and skill-based matchmaking.
- Performed source code review, documentation review, validity analysis, infringement analysis, and report drafting.
-
Finjan v. Palo Alto Networks;
Case # 4:14-CV-04908-PJH; Patent Non-infringement and Invalidity; Litigation related to malware scanning gateways.
- Performed invalidity analysis, claim construction analysis, and source code review.
-
Huawei Technologies Co. v. Verizon Communications Inc.;
Case # 6:20-CV-00090; Patent Non-infringement and Invalidity; Litigation related to anti-virus and malware detection.
- Performed declaration preparation.
-
Sable Networks v. Splunk Inc.;
Case # 5:21-CV-00040-RWS; Claim Construction; Litigation related to intrusion detection and prevention.
- Performed invalidity analysis, claim construction analysis, and service/software testing.
-
Epic Games, Inc. v. Apple Inc.;
Case # 4:20-cv-05640-YGR-TSH; Sherman Act; Litigation related to App Store and in-app purchases.
- Performed declaration preparation related to background of technology.
-
Philips North America LLC; Koninklujke Philips N.V. v. Summit Imaging Inc.;
Case # 2:19-cv-01745-JLR; DMCA and Copyright; Litigation related to DMCA and Copyright.
- Performed code review and declaration preparation.
-
California Physicians Service, Inc. D/B/A Blue Shield of California v. Healthplan Services Inc.;
Case # 3:18-cv-3730; Contract Dispute; Litigation related to software quality and security.
- Performed code review, declaration preparation, and experimentation.
-
Blackberry Limited v. Facebook, Inc.;
Case # 2:18-cv-01844; Patent Infringement and Validity; Litigation related to cryptographic techniques.
- Performed declaration preparation and experimentation.
-
Netfuel, Inc. v. Cisco Systems, Inc.;
Case # 5:18-cv-2352-EJD; Patent infringement and Validity; Litigation related to network packet handling and processing.
- Performed declaration preparation and experimentation.
-
Rimini Street, Inc. v. Oracle International Corporation, et al.;
Case # 2:14-CV-01699 LRH-CWH; False Claims; Litigation related to false claims on security.
- Performed declaration preparation and experimentation.
-
Carl Zeiss et al. v. Nikon Corporation et al.;
Case # 2:17-cv-03221; Litigation related to patents on image detection algorithms.
- Performed source code review.
-
Amazon.com Inc., Hulu, LLC, and Netflix, Inc. v. Uniloc Luxembourg S.A.;
Case # IPR 2017-00948; Patent Invalidity; Litigation related to systems and methods to prevent software piracy; digital rights management.
- Performed IPR preparation and declaration preparation.
-
Finjan v. Symantec Corporation;
Case # 14-cv-02998-HSG; Patent Invalidity and Non-infringement; Litigation related to automated analysis and inspection of dynamically generated code (e.g., JavaScript).
- Performed declaration preparation and source code review.
-
F5 Networks, Inc. v. Radware, LTD.;
Case # IPR 2017-00124; Patent Invalidity; Litigation related to data route optimization through a computer network.
- Performed document review.
-
Sabre GLBL Inc. v. HP Enterprise Services LLC;
Case # 1310022761; Contract Dispute; Litigation related to a breach of contract.
- Performed expert report preparation, contract review, and technical interviews.
-
Palo Alto Networks v. Finjan;
Case # IPR 2016-00151; Patent Invalidity; Litigation related to automated analysis and inspection of dynamically generated code (e.g., JavaScript).
- Performed IPR preparation, declaration preparation, and document review.
-
Palo Alto Networks v. Finjan;
Case # IPR 2015-02001 & IPR 2016-00157; Patent Invalidity; Litigation related to automated analysis and inspection of dynamically generated code (e.g., JavaScript).
- Performed IPR preparation, declaration preparation, and document review.
-
Palo Alto Networks v. Finjan;
Case # IPR 2015-01979; Patent Invalidity; Litigation related to automated analysis and inspection of dynamically generated code (e.g., JavaScript).
- Performed IPR preparation, declaration preparation, and document review.
-
Palo Alto Networks v. Finjan;
Case # IPR 2015-01974; Patent Invalidity; Litigation related to automated analysis and inspection of dynamically generated code (e.g., JavaScript).
- Performed IPR preparation, declaration preparation, and document review.
-
Cap Co. v. McAfee, LLC;
Case # IPR 2015-01855, 00216, 00222, 01877; Patent Non-Infringement and Invalidity; Litigation related to anti-virus scanning.
- Performed network analysis and declaration preparation.
-
Vir2us Inc. v. Invincea, Inc. and Invincea Labs, LLC;
Case # 2:15cvl62; Patent Non-Infringement and Invalidity; Litigation related to virtual execution environment and browsing environment (sandboxing/isolation).
- Performed source code review.
Security Consulting
Thesys CAT, LLC
Consolidated Audit Trail • 02/2017 – 02/2019
- Reviewed Consolidated Audit Trail (CAT) protocol security and correctness for high-throughput transaction processing
- Developed CAT supporting systems implementing mutual authentication, query signing, and back-end signature verification
- Extended the Java Database Connectivity (JDBC) driver to support authenticated request workflows
- Integrated hardware-backed key protection using a SafeNet Luna Network HSM as a root of trust
- Designed and deployed PKI services, including an HSM-backed certificate authority
- Deployed and configured OpenStack Keystone identity services and Barbican key management
- Integrated YubiKey hardware tokens into authentication and signing workflows
- Authored cybersecurity policies and operational best-practices documentation
- Provided cybersecurity and cryptography consulting support to third parties, including IBM
ToxTrack
Encryption Review • 04/2018
- Reviewed fingerprint and fully homomorphic encryption (FHE) cryptographic scheme
Mauriel Kapouytian Woods LLP (MKW)
IT Security Audit • 07/2018
- Managed a team that performed an IT security audit
- Performed asset and service discovery
- Performed physical inspection
- Conducted firewall policy review
- Executed a network security policy review
Dyadic
EKM Product • 11/2016
- Performed product review of Enterprise Key Management (EKM) version 2.0
- Performed cryptographic protocol analysis and security policy review
Security First Innovations, LLC
SPx Product Analysis & Secure Boot Research • 11/2015 – 09/2016
- Built and deployed virtual infrastructure to deploy SPxSHARC and SPxGateway applications
- Performed local, co-located, and cloud penetration testing
- Researched boot security including secure boot, trusted boot, and measured boot
- Investigated Intel Trusted Execution Technology
- Compared and contrasted OS-level technologies, type-I and II hypervisors, and filesystem controls such as full-disk encryption
Special Projects and Ongoing Research
MEDIC™
Jun, 2025 — Present
- Designed and developed libmedic (Memory-safe End-to-End Device Integrity and Cryptography), a medical device encryption and authentication library.
CampViews
Nov, 2025 — Present
- Provided pro bono cybersecurity assessment for the Nevada Diabetes Association’s CampViews Diabetes Camp mobile application.
- Shepherded CampViews through Dexcom integration processes to enable use of Dexcom APIs.
My Heart Your Heart
Aug, 2013 — Jan, 2014
- Physically dismantled and analyzed used pacemakers to determine suitability for repurposing or recycling.
- Performed electrical testing on pacemakers to assess functionality and safety.
So They Can Know
2011 — 2012
- Led backend development for the web application, supporting both front-end integration and backend services.
Technical Expertise
Systems & Software
Operating Systems
- Developed software for Windows, macOS, Linux, iOS, Android, Zephyr, and FreeRTOS
Programming Languages
- Proficient in C, C++, C#, Java, Python, Perl, Swift, x86 Assembly, Matlab, R, JavaScript, PHP, Go, and Rust
- Working knowledge of Kotlin, Ruby, Lua, OCaml
Shell Scripting
- Automated tasks and managed system operations using Tcl, ZSH, Bash, Fish, and PowerShell
Architectures
- Experienced in Arm, AArch64, x86, and x86-64
- Working knowledge of RISC-V
Web Frameworks
- Developed web applications using Django, Flask, Drupal, and Node.js
Security & Cryptography
Penetration Testing Tools
- Installed and managed Kali Linux laptops for on premise testing engagements
- Used network analysis tools such as Wireshark, nmap, scapy, Nessus, TestSSL, and mitmproxy
- Used HTTP analysis tools and proxies such as Charles Proxy, BurpSuite, and mitmweb
- Used reverse engineering and binary analysis tools such as binwalk, IDA Pro, Hooper, and Ghidra
- Used fuzzers such as boofuzz and AFL
- Used container analysis tools such as Clair, Trivy, and Anchore
- Created SBOMs using CycloneDX command line tools such as CycloneDX-CLI and Syft
- Used software composition analysis tools such as OWASP Dependency-Track
- Used password cracking software such as John the Ripper and Hashcat
- Used injection tools such as sqlmap
- Used Linux, macOS, and Windows auditing tools such as Lynis and Wynis
Hardware and Wireless Tools
- Experienced with JTAG and SWD debugging, JTagulator, Immortal Knight DMA PCILeech, Ubertooth One, Yardstick One, HackRF One, GreatFET, Flipper Zero, Chameleon, and HackRF One
Cryptography Software
- Developed cryptographic libraries and protocols for embedded, real-time, and general-purpose systems
- Utilized WolfSSL, BoringSSL, and OpenSSL
- Implemented AES (GCM, CTR, CBC, CBC-MAC), KP-ABE, and CP-ABE algorithms for various platforms and targets
- Contributed to Charm Crypto, a framework for prototyping cryptosystems
- Contributed to libfenc, a functional encryption library
- Contributed to OpenABE, an attribute-based encryption library
- Contributed to PBC, a pairing-based cryptography library
- Worked with the W3C WebCrypto API, SJCL, and CryptoJS before native crypto support was available in browsers
PKI and KMS
- Developed PKI process using HSMs such as YubiHSM, Nitrokey HSM, and SafeNet Luna Network HSM (PCIe, USB, and network appliances)
- Developed using KMSs such as HashiCorp Vault, Azure Key Vault, AWS Key Management Service, and Google Cloud Key Management Service
Infrastructure & Cloud
IT Management
- Managed Google Workspace and Microsoft 365 productivity tools for two companies, including configuring SPF, DKIM, and DMARC policies, enforcing authentication and authorization policies (e.g., MFA), setting data retention and on and offboarding policies, etc.
- Managed GitHub Enterprise account for internal product development and testing artifacts for contract penetration testing
- Managed AWS services to enable other productivity tools such as Route53 (DNS), ACM (TLS certificate management), LightSail, S3, Cloudfront, Security Groups, and EC2 (for Internet-accessible services and web server management)
- Managed EC2 Linux-based servers and open-source web and RESTful server software, including OS update and hardening activities
- Setup and managed Dell enterprise server on-premise, configuring Proxmox Type 1 hypervisor and container orchestration for local virtual machines, penetration testing, and product services
- Managed Keybase end-to-end encrypted communication for two companies
- Managed Slack account for Harbor Labs
Cloud
- Developed applications using virtual machines, containers, and serverless applications in AWS, Azure, and GCP
- Deployed OpenStack Cloud
Orchestration
- Experienced with Docker, LXC, Kubernetes, MicroK8s, Azure Kubernetes Service (AKS), Google Kubernetes Engine (GKE), and Amazon Elastic Kubernetes Service (EKS)
- Teach classes using Docker Desktop and containerized applications
Virtualization
- Managed type I and II hypervisors including Linux KVM, Proxmox, VMware ESXi, Workstation, and Pro, Virtualbox, and Parallels
- Used emulation software such as QEMU
News and Media
- Presented at DC Systems 007. “Building Medical Devices With Security by Design.” June 10, 2025.
- Interviewed for The Health Beat. “Intersection of security and medicine.” August 1, 2021.
- Presented at DEF CON 28 — Biohacking Village. “DIY Diabetics and a Million Boluses.” August 7, 2020.
- Presented at UL Solutions Webinar. “Cybersecurity in an Era of Smart Pump Interoperability.” February 5, 2020.
- Presented at DEF CON 27 — Biohacking Village. “The Attack Surface of a Networked Medical Device.” August 8, 2019.
- Interviewed for ABC Radio National – Health Report. “Pacemakers and cybersecurity.” October 8, 2018.
- Team interviewed for Southern California Public Radio (KPCC/LAist). “Students figure out how to hack Apple's messaging system (audio available).” March 22, 2016.
- Work presented in The Washington Post. “Johns Hopkins researchers discovered encryption flaw in Apple’s iMessage.” March 21, 2016.
- Work presented in Johns Hopkins Hub. “Johns Hopkins team uncovers bug in Apple’s iMessage encryption.” March 21, 2016.
Social Links
- Github: https://github.com/micharu123
- Twitter: https://x.com/micharu123
- LinkedIn: https://www.linkedin.com/in/michael-a-rushanan-8a1a8126
- Website: https://harborlabs.com/