Research Philosophy

On agentic AI: Actively transitioning into this space. Pursuing OSAI as a structured path in.

Publications

Master's Thesis

Advisors: Prof. Steven Weber and Ben Goodman

Dagmawi Mulugeta, "Security Posture Based Incident Forecasting," 2019 [pdf] [slides]

Papers

Dagmawi Mulugeta, Ben Goodman, and Steven Weber. "Security posture-based incident forecasting." Variance Journal 15.1 (2022) [pdf]

Patents

Security systems and methods for detecting malleable command and control; Aug 2024; Netskope, Inc.; Dagmawi Mulugeta, Wu-Sheng Lin, Colin Davidson Estep, Raymond Joseph Canzanese Jr., Yong Zheng, Haoxin Hu, Yongxing Wang, Siying Yang

ML-based encrypted file classification for identifying encrypted data movement; Apr 2024; Netskope, Inc.; Yi Zhang, Siying Yang, Yihua Liao, Dagmawi Mulugeta, Raymond Joseph Canzanese Jr., Ari Azarafrooz

Trained model to detect malicious command and control traffic; Dec 2023; Netskope, Inc.; Colin Estep, Siying Yang, Jenko Hwong, Gustavo Palazolo Eiras, Yongxing Wang, Dagmawi Mulugeta, Raymond Joseph Canzanese Jr.

Detecting malicious command and control cloud traffic; Aug 2023; Netskope, Inc.; Dagmawi Mulugeta, Raymond Joseph Canzanese Jr., Colin Estep, Siying Yang, Jenko Hwong, Gustavo Palazolo Eiras, Yongxing Wang

Training a model to detect malicious command and control cloud traffic; Mar 2023; Netskope, Inc.; Raymond Joseph Canzanese Jr., Colin Estep, Siying Yang, Jenko Hwong, Gustavo Palazolo Eiras, Yongxing Wang, Dagmawi Mulugeta

Select Talks & Conferences
Jun 2026 — Infosecurity Europe "Surviving the Agentic Wild West: Move Fast Without Breaking Things" [webpage]
Aug 2025 — Black Hat USA (News Desk) "Catching Up with Colin Estep and Dagmawi Mulugeta, Netskope" [interview]
Aug 2025 — Black Hat USA "Your Traffic Doesn't Lie: Unmasking Supply Chain Attacks via Application Behaviour" [recording] [slides] [webpage]
Jun 2025 — Infosecurity Europe "Effective Detection of Malleable C2 Malware" [webpage]
May 2023 — MySecTV "Insider Threats and Corporate Data Exfiltration" [interview]
May 2023 — Black Hat Asia "Insider Threats Packing Their Bags With Corporate Data" [recording] [slides]
Oct 2022 — BSides London "Cloud Chatter: Defending Against Cloud C2" [recording]
Oct 2022 — Swiss CyberStorm "Detecting Cloud Command and Control" [recording] [slides]
Jun 2022 — Area41 by DEFCON Switzerland "Command & Control Freak: Cloud Edition" [recording]
Jun 2022 — OWASP AppSec EU "Abusing Cloud Apps 101: Command and Control" [recording]
May 2021 — HITBSecConf Amsterdam (COMMSEC) "JARM Randomizer: Evading JARM Fingerprinting" [recording] [slides]
Research Groups

Netskope Threat Labs — 2020 to present

  • Identify, profile, and hunt the latest trends in cloud-enabled threats
  • Design and implement advanced heuristic and ML-based detections
  • Publish academic and non-academic research to advance the field

Cloud Threat Team, Sift Security (acq. Netskope) — 2018

  • Member of backend engineering, data science, and threat research groups
  • Gained deep understanding in securing cloud providers (GCP & AWS)
  • Solved complex issues in the product's detection components

S.T.A.R Scholar, Drexel University — 2015