SURF

Mozilla Security Engineering University Relationship Framework

The Mozilla Sec-Eng University Relationship Framework (SURF) initiative aims to increase collaboration between Mozilla and the academic community. We would like to leverage academic talent to help explore security and privacy research problems and to strengthen Mozilla's ties to the academic community. Mozilla security engineers aim to actively participate in the research community through thesis supervision, collaborations, placements and Mozilla-hosted security summits.

To date, the SURF team has planned three research summits, is actively participating in several research collaborations, and is serving on a number of conference program committees. We can offer real-world security and privacy research problems and we would love to collaborate with you! Please don’t hesitate to get in touch.

If you're involved in research that impacts the privacy and security of Firefox and would like to reach us, please send an email to: surf@mozilla.com.

People

Christoph Kerschbaumer

Manager, Security Engineering

Mozilla

ckerschbaumer@mozilla.com

Christoph has over two decades of experience in software engineering and computer security. His work ranges from designing secure systems with fail-safe defaults to fighting cross-site scripting to preventing man-in-the-middle attacks. He received his PhD in Computer Science from the University of California, Irvine, where he focused his research on information flow tracking techniques within web browsers.

Lars Eggert

Senior Principal Engineer

Mozilla

leggert@mozilla.com

Lars Eggert is a Senior Principal Software Engineer for networking, security and privacy at Mozilla, and a past chair of the Internet Engineering Task Force (IETF). Lars is an experienced technology leader with deep expertise in distributed systems, network architectures and protocol design, ranging from the Internet to datacenter to IoT/edge environments. Lars received his Ph.D. in Computer Science from the University of Southern California (USC) in 2003.

John Schanck

Security Researcher

Mozilla

jschanck@mozilla.com

John is a cryptography engineer on the Network Security Services team at Mozilla. He has done extensive work on mitigating the threat to Internet security that is posed by quantum computers. In particular he is a co-author of the NTRU and Kyber key encapsulation mechanisms, both of which are finalists in NIST's post-quantum cryptography standardization effort. John received his PhD in Mathematics from the department of Combinatorics and Optimization at the University of Waterloo.

Dennis Jackson

Security Researcher

Mozilla

djackson@mozilla.com

Dennis’ research interests include applied cryptography, protocol design and formal verification. His work includes clarifying the precise security properties of Ed25519, formally verifying the security of the Noise key exchange framework, and discovering new attacks on deployed protocols like Secure Scuttlebutt’s authenticated transport. He is also a Core Contributor at the Tor Project, where he works with the Network Health team.

Benjamin VanderSloot

Privacy Researcher

Mozilla

bvandersloot@mozilla.com

Ben is an engineer on the Privacy & Protections team at Mozilla. His research interests focus on privacy harms and experiences of users on the Web. Ben received his PhD in Computer Science and Engineering from the University of Michigan.

Valentin Gosu

Network Software Engineer

Mozilla

vgosu@mozilla.com

Valentin has been working on Mozilla's networking stack for over 10 years. He is interested in writing secure computer code, bypassing censorship and improving the performance of networking software.

Andrew Creskey

Performance Engineer

Mozilla

acreskey@mozilla.com

Andrew is a Firefox performance engineer at Mozilla, dedicated to making the web faster for everyone. He specializes in evaluating the performance impact of changes through various methods—including techniques for field experimentation (A/B tests, etc.), automated performance testing, local testing scenarios, and leveraging popular tools like WebPageTest and Browsertime. Andrew is particularly interested in extracting signal from noise, understanding the impact of latency, and performance metrics. He focuses on optimization across both desktop and mobile platforms.

Benjamin Beurdouche

Security Researcher

Mozilla

bbeurdouche@mozilla.com

Benjamin is a security researcher working on formal methods for cryptographic primitives and security protocols. He worked on the design and security analysis of TLS and currently is a co-author of the Messaging Layer Security (MLS) protocol at the IETF, and the HACL* cryptographic library which is part of Project Everest.

Anna Weine

Security Researcher

Mozilla

anna.weine@mozilla.com

Anna is a security researcher working on cryptography. She has a particular interest in asymmetric cryptography, side-channel analysis and fault injection countermeasures, and formal verification. Anna received her PhD in Cryptography from the University PSL, prepared at ENS Ulm & Inria.

Summits

Security Research Summit - San Diego

San Diego, California March 1, 2025

Security Research Summit - Vienna

Vienna, Austria November 8, 2019

Security Research Summit - San Francisco

San Francisco, CA, USA May 24, 2019

Security Research Summit - London

London, England November 12, 2018