Summary
Ronnie Salomonsen is a Principal Security Researcher with nine years of focused experience in threat hunting, malware analysis, incident response and reverse engineering, currently leading adversary methods research within Google Cloud Security/Mandiant. He specializes in uncovering low-visibility TTPs and net-new malware families, translating deep technical findings into platform detections and actionable guidance for global incident response. Ronnie’s background spans large-scale forensic investigations for APTs and financially motivated intrusions, plus exploit development and responsible disclosure—he’s credited with numerous CVEs and maintains a public CVE repository on GitHub. Comfortable across Linux, Windows and macOS, he pairs low-level memory and file forensics with network protocol analysis and pragmatic scripting (Python, Bash, C/C++). Known as a rapid learner and clear communicator, he routinely bridges expert technical analysis and non-technical stakeholders to close detection gaps at scale. An early career in avionics and networking gives him a pragmatic systems-first perspective that informs his threat modeling and defensive designs.
9 years of coding experience
5 years of employment as a software developer
Academy Profession (AP) IT - Electronics Engineer, Academy Profession (AP) IT - Electronics Engineer at KEA - Københavns Erhvervsakademi
Technical University of Denmark
Danish, English, Swedish, Norwegian