I'm a security consultant for NCC Group. My resume.
I'm interested in security, hardware, math, and making and breaking things.
Find me: Github, Twitter, tannerprynn at gmail.


CORS Research

Systematically evaluating browsers' implementations of the CORS standard.

Elliptic Curve Cryptography

I taught myself about ECC from an algebraic perspective, and implemented ECDHE in ruby. Check out my report or the cool poster.

IoT Security Research

Worked with a team at NCC Group owning a bunch of Internet of Things devices.

Smash Stats

A statistics dashboard in d3.js for Super Smash Bros. Melee.

Awesome Arduino

An Arduino bot which automatically responds to Twitter replies with pictures of itself.

Google Adwords Term Analysis

A frequentist analysis of Google Adwords terms using R. Asserts that bundles of terms are related, and cost similar amounts.


flowers.pde: A generative art project that spawns a multitude of flowers.
communities.pde: A signal passing automaton.
life3d.pde: A 3-dimensional implementation of the Game of Life.
camboard.pde: An audio visualizer which dynamically colors webcam input.



  • NCC Group Security Consultant (August 2015 - now)
  • CSRF in the Modern Age: Sidestepping the CORS Standard (Toorcon 2016) [Slides]
  • Matasano Security Intern (May 2014 - August 2014)
  • computer science

  • GEOCAM - Topology & graphics in Java using JReality
  • ACM ICPC Competition (Local 2013, Local 2012)
  • Project Euler (using C and Java)
  • Networking (Proxy, Router)
  • math

  • Elliptic Curve Cryptography: I wrote a report about ECC and implementing Curve25519.
  • GEOCAM undergraduate research assistant (January 2013 - August 2013)
  • Statistics (using R)
  • Interests: Cryptography