Carter Yagemann

Carter Yagemann

Assistant Professor of Computer Science and Engineering at The Ohio State University, specializing in systems and software security, including vulnerability discovery, exploit prevention, fault injection, cyber-physical systems, and financial market security.

About

The Ohio State University (2022–Present)
Assistant Professor

I am an Assistant Professor of Computer Science and Engineering at The Ohio State University, where I teach and conduct research in systems security. My work focuses on automated vulnerability discovery, root cause analysis, exploit prevention, hardware fault injection, and cyber-physical system security. I earned my Ph.D. in Computer Science from the Georgia Institute of Technology and both my B.S. and M.S. from Syracuse University. Before academia, I worked at JPMorgan Chase in ethical hacking and cyber-threat intelligence. My broader research interests include malware analysis, machine learning, and agent-based simulation.


Education

Georgia Institute of Technology (2016–2022)
Ph.D. Computer Science
Advisors: Professors Wenke Lee and Brendan Saltaformaggio
Thesis: Hardware-Assisted Processor Tracing for Automated Bug Finding and Exploit Prevention


Syracuse University (2011–2016)
M.S., B.S. (magna cum laude), Computer Science
Advisor: Professor Wenliang (Kevin) Du
Thesis: Intentio Ex Machina: Android Intent Access Control via an Extensible Application Hook


Prior Research Experience

Georgia Institute of Technology (2016–2022)
Research Assistant

My Ph.D. research with Prof. Wenke Lee and Prof. Brendan Saltaformaggio focused on novel hardware-backed approaches for detecting and preventing software vulnerabilities using advanced program analysis techniques and machine learning. I also lead research on HECTOR for the DARPA Artificial Intelligence Mitigations of Emergent Execution (AIMEE) program. I formerly led projects in the Intel Science & Technology Center for Adversary-Resilient Security Analytics and contributed to THEIA for the DARPA Transparent Computing (TC) program.


Syracuse University (2014–2016)
Research Assistant

During my M.S. research with Prof. Wenliang (Kevin) Du, I created teaching materials on the Shellshock vulnerability found in bash and published first-ever documentation on the Android Intent Firewall, garnering attention from researchers at companies like Square. I also designed an Android framework hook to allow for user level IPC access control between applications and the operating system, which became my thesis topic that received the Syracuse University Graduate School Master of Science Prize.


Prior Industry Experience

JPMorgan Chase & Co. (2012–2013)
Analyst, Information Technology Security Risk Management

I performed software vulnerability analysis and security penetration testing on large enterprise networks and banking systems. I also designed and implemented programs to increase the efficiency of metrics reporting, along with programs in Python, C, C#, and Java to detect malware, extract critical information from infected system memory and decrypt malicious network traffic.


Frontier Communications (2011–2011)
Web Developer

I worked on the development team for TumTiki, where I helped design and implement features for their video-on-demand (VoD) service.