Since August 2022, working as a security engineer at Meta - focusing on mobile security.
Before that, since 2018 I was a Security Research Engineer at Synopsys, focusing on static analysis. As part of this work, I have been investigating security issues in frameworks and libraries developed in various languages, creating SAST rules for identifying them at scale. I’ve created workflows and infrastructure for others to contribute checkers and models efficiently. More recently I have been part of a team that started, from the ground up, a new static analysis tool developed fully in Rust, aiming to be extremely small and fast.
Previously, for 6 years I’ve worked as an application security consultant at Cigital, based in London, UK. I focused primarily on mobile application security. As a consultant I helped architects and developers build mobile applications securely from design and specifications to low-level details of binary protections. I also spend time designing and building static & dynamic analysis tools for mobile applications. Over the years I’ve engaged in many aspects of application security, including architecture reviews, threat modeling, SDLC management, code reviews, pentesting and reverse engineering.
You might see my name written as Yiannis, Yannis, Ioannis or John, depending on context and platform. Kozyrakis is pronounced “cozy-ra-kiss”.