Thomas Roccia is a senior security researcher with 12+ years of hands-on experience in threat intelligence, malware research, reverse engineering, and incident response, currently driving security research at Microsoft from Australia. He founded the Unprotect Project and created YaraToolkit and Jupyter Universe, reflecting a strong commitment to open-source tooling for malware evasion analysis and YARA rule development. A frequent conference speaker and educator, Thomas blends practical research with teaching — he developed Black Hat training that pairs generative AI with threat intelligence and authored the bestselling Visual Threat Intelligence. His contributions to notable projects like Microsoft’s msticpy and the Yeti platform show proficiency in Python-driven notebook workflows, data acquisition, and Threat Intel integrations such as VirusTotal Hunting. Colleagues know him for turning complex reverse-engineering and data-science techniques into reproducible tooling and public resources that accelerate community defensive capabilities. Fluent in applying cutting-edge AI to real-world threat problems, he pairs rigorous research with accessible, community-focused dissemination.
12 years of coding experience
6 years of employment as a software developer
BTS Informatique de Gestion Option Administrateur de Réseaux Locaux d'Entreprise, BTS Informatique de Gestion Option Administrateur de Réseaux Locaux d'Entreprise at Groupe Médicis
BADGE Reverse Engineering, BADGE Reverse Engineering at ESIEA - École d'Ingénieur·e·s d'un numérique utile
Master of Science (M.Sc.) IT Security, Master of Science (M.Sc.) IT Security at ESGI
Contributions:2 reviews, 14 commits, 3 PRs in 6 months
Contributions summary:Thomas primarily focused on fixing bugs and improving the functionality of the Yeti platform. Their contributions include addressing missing parentheses in test files, fixing a UnicodeDecodeError in the configuration, and updating the troubleshooting documentation. They also developed a plugin for VirusTotal Hunting APIv3, demonstrating skills in threat intelligence integration.
Contributions:4 reviews, 16 commits, 3 PRs in 2 months
Contributions summary:Thomas primarily contributed to the addition of the ContiLeaks analysis notebook within the `microsoft/msticpy` repository. This involved integrating external data sources and translating Russian text, demonstrating skills in data acquisition, processing, and threat intelligence analysis. The commits show the use of Python, pandas and other relevant libraries, highlighting the user's focus on data manipulation and notebook-based threat analysis workflows. The user collaborated with other contributors on the project.
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Thomas Roccia - Senior Security Researcher at OpenClassrooms