Curriculum Vitae
Curriculum Vitae of Thomas Sutter
Basics
| Name | Thomas Sutter |
| Label | Information Security Researcher |
| Url | https://7homasSutter.github.io |
| Summary | PhD Student in Computer Science at University of Bern. I am interested in Information Security, Applied Cryptography, Mobile Computing, Web Security, and Software Engineering. |
Work
-
2017.11 - 2021.03 Research Associate
Zurich University of Applied Sciences, Winterthur, Switzerland
Research Associate at the Institute of Computer Science (InIT) at Zurich University of Applied Sciences (ZHAW).
- Penetration Testing
- Security Audits
- Machine Learning
- Information Security
- Cryptography
- Mobile Computing
- Software Engineering
-
2017.11 - 2021.03 Research Assistant
Zurich University of Applied Sciences, Winterthur, Switzerland
Research Assistant at the Institute of Applied Information Technology (InIT) at Zurich University of Applied Sciences (ZHAW).
- Information Security
- Cryptography
- Mobile Computing
- Software Engineering
- Penetration Testing
- Security Audits
Volunteer
-
2020.01 - 2021.01 Zurich, Switzerland
Student program representative
Master of Science in Engineering (MSE
Elected student program representative of the Master of Science in Engineering (MSE) at Zurich University of Applied Sciences (ZHAW).
- Student program representative
- Master of Science in Engineering (MSE)
Education
-
2023.08 - 2026.12 Bern, Switzerland
PhD
University of Bern, Bern, Switzerland
Computer Science
- Machine Learning
- Advanced Software Engineering
- Information Security
- Mobile Computing
- Software Engineering
- Mathematics
- Statistics
-
2018.01 - 2021.03 Zurich, Switzerland
Master
Zurich University of Applied Sciences, Winterthur, Switzerland
Master of Science in Engineering
- Machine Learning
- Advanced Software Engineering
- Information Security
- Mobile Computing
- Software Engineering
- Mathematics
- Statistics
-
2014.08 - 2017.08 Zurich, Switzerland
Bachelor
Zurich University of Applied Sciences, Winterthur, Switzerland
Computer Science
- Computer Science
- Information Security
- Cryptography
- Mobile Computing
- Software Engineering
Awards
- 2017.07.01
SWEN Award for outstanding Bachelor Thesis
Software Engineering Network
Awarded for the outstanding Bachelor Thesis in the field of Software Engineering.
Certificates
| OffSec Wireless Professional (OSWP) | ||
| OffSec | 2022-11-17 |
| OffSec Certified Professional (OSCP) | ||
| OffSec | 2022-11-02 |
| Cambridge English Level 2 Certificate in ESOl International | ||
| Cambridge English Academy | 2014-05-01 |
Languages
| German | |
| Native speaker |
| English | |
| Fluent |
| French | |
| Basic |
| Russian | |
| Basic |
Interests
| Computer Science | |
| Software Engineering | |
| Software Testing | |
| Python | |
| Rust | |
| Java | |
| C/C++ |
| Cyber Security | |
| Red Teaming | |
| Penetration Testing | |
| Security Audits | |
| Cryptography | |
| Machine Learning | |
| Reverse Engineering | |
| Web Security | |
| Network Security | |
| Mobile Security |
| Hiking | |
| Swiss Alps | |
| Säntis | |
| Hoher Kasten | |
| Churfirsten | |
| Alpstein |
| Gym | |
| Strength Training | |
| Cardio | |
| Rowing | |
| Jogging | |
| Cycling |
| Books | |
| Science Fiction | |
| Fantasy | |
| Thriller | |
| History |
| Cats | |
| Thurgauer Schildpatt |
Projects
- 2018.01 - 2021.12
SeCoSS: Secure Collaboration with SecureSafe
SecureSafe is an established and highly secure online storage service. In this project, SecureSafe will be extended with novel functionality and security components so that it supports secure and privacy-preserving collaboration between multiple parties, e.g. between a bank and its customers.
- Angular
- Node.js
- MongoDB
- Cryptographic Protocols
- Webworkers
- WebSockets
- 2021.01 - 2022.12
HostDetective – Next Generation Active and Passive Web Server Rating System
This project extends Exeon Analytics' ExeonTrace product with HostDetective Next Generation (HD.ng), a tool to identify and mitigate Web-related data breaches. HD.ng implements a novel active and passive Web server assessment method to determine the type, purpose and risk score of a Web server. This project builds on the results of the HostDetective project.
- Network Security
- Anomaly Detection
- Machine Learning
- Web Security
- Web Server Fingerprinting
- Web Server Classification
- 2021.01 - 2022.12
OptiPhish – Effective and Measurable Phishing Awareness Training
In this project, LUCY - a system for phishing awareness training - will be significantly extended in order to put such training on a scientific basis and to bring it to a new level of quality. The goal is to provide completely automated, effective and individualized phishing awareness training with measurable training effect. The project will last two years and is being carried out jointly by InIT and Lucy Security AG.
- Scientific Project Management
- Phishing Awareness Training
- Phishing Simulation
- Phishing Campaigns
- Phishing Metrics
- Phishing Training Effectiveness
- 2022.01 - 2023.12
Dynamic Analysis of Internal Android Systems
In this project, we focus on the current state of Android security. One main focus will be to determine current difficulties and limitations that hinder security researchers in performing a dynamic analysis of Android pre-installed software components such as pre-installed apps or native libraries. In a first step, we conduct a systematic literature review. Based on the findings of the stuy, we will derive potential solution ideas and will develop a concept and early prototypes (leveraging existing work where possible) for a security testing framework that will allow security researchers to dynamically test pre-installed Android software. The purpose of developing early proof-of-concept prototypes is to test the feasibility of our fundamental solution ideas.
- Android Security
- Dynamic Analysis
- Pre-installed Apps
- Native Libraries
- Security Testing Framework
- 2023.01 - 2024.12
Dynamic Security Analysis of Android Pre-installed Apps
The project aims at enhancing security testing methodologies for Android pre-installed applications. It encompasses empirically evaluation of hindering factors associated with dynamic analysis of pre-installed apps on the Android emulator. To be more precise, the feasibility of rehosting Android pre-installed apps, extracted from real-world firmware, to different CPU architectures (x86/64, and ARM64) on the Android emulator is examined. Another goal of the project is to develop novel testing methodologies for pre-installed apps to improve compatibility, fault detection, and code coverage while contributing to the advancement of Android application testing practices.
- Android Security
- Dynamic Analysis
- Pre-installed Apps
- Native Libraries
- Security Testing Framework