Summary
Mikhail Shcherbakov is a security and vulnerability researcher and software engineer with 11 years in IT, a PhD from KTH, and a track record of publishing first-author papers at USENIX Security and NDSS. He has uncovered 30+ critical RCEs across major products (Elastic, Parse Server, Microsoft Azure DevOps) and reported multiple CVEs, regularly collaborating with vendor security teams and earning top positions on bug-bounty leaderboards. His research blends practical offensive discovery with rigorous program-analysis techniques developed during his PhD, including scalable static and dynamic analyses for managed languages. Mikhail also brings product and engineering experience—having led teams, shipped security tooling, and built a commercial devtool—so he bridges research, secure development, and product delivery. Currently based in Stockholm, he continues part-time research in LangSec on code-reuse attacks in managed runtimes while consulting on high-impact vulnerability discovery. An uncommon strength is his ability to translate formal analysis into exploitable-finding workflows, demonstrated by both academic impact and a steady pipeline of real-world advisories.
11 years of coding experience
8 years of employment as a software developer
Doctor of Philosophy - PhD, Computer Science, Doctor of Philosophy - PhD, Computer Science at KTH Royal Institute of Technology
English, Russian