Johnny So

Johnny So

Research Scientist @ Meta

Stony Brook University

Biography

I am currently a Research Scientist at Meta, after having completed my Ph.D. in Computer Science at Stony Brook University in 2025 under the guidance of Professor Nick Nikiforakis at the PragSec Lab. I also obtained my Bachelor of Science degrees in Computer Science, and in Applied Mathematics and Statistics, at SBU in May 2020.

My research interests lie in the area of web security, particularly with respect to (the lack of) integrity for web resources. If you are interested, you can check the list of my publications here. Although I have made the transition to industry, I hope to remain connected to the academic community.

Interests
  • Web Security
  • Distributed Systems
  • Network Security
  • Algorithms
Education

  • PhD in Computer Science, 2025

    Stony Brook University

  • BSc in Computer Science, 2020

    Stony Brook University

  • BSc in Applied Math and Statistics, 2020

    Stony Brook University

Work

 
 
 
 
 
Research Scientist
Meta
Sep 2025 – Present Seattle, WA
 
 
 
 
 
Research Assistant
PragSec Lab @ Stony Brook University
Aug 2020 – May 2025 Stony Brook, New York

Conducted research projects that result in flagship security conference publications. Ongoing projects include:

  • Analyzing the security of web2 links in web3 contexts
 
 
 
 
 
Software Engineer Intern
IAB / Browser Product Infrastructure @ Meta
May 2024 – Aug 2024 Bellevue, Washington
Prototyped new functionality for the Facebook iOS in-app browser.
 
 
 
 
 
Software Engineering Intern
Bot Management / API Shield @ Cloudflare
Jun 2023 – Aug 2023 Remote
Designed a policy-based system to detect broken object-level authorization in API traffic
 
 
 
 
 
PhD Research Intern
Research @ NortonLifeLock
May 2022 – Aug 2022 Remote
Analyzing the integrity of Android applications through dynamic analysis (under submission)
 
 
 
 
 
Software Development Engineer Intern
Alexa @ Amazon
Jun 2019 – Aug 2019 Seattle, Washington
Created an intent recommendation service for Alexa skills using short utterance text data
 
 
 
 
 
Software Engineer Intern
Softheon
Jun 2018 – Dec 2018 Stony Brook, New York
Built the prototype of a new state health exchange platform and established a preprocessing library used to build machine learning models

Publications

Quickly discover relevant content by filtering publications.
Johnny So, Michael Ferdman, Nick Nikiforakis (2025). What Gets Measured Gets Managed: Mitigating Supply Chain Attacks with a Link Integrity Management System. In Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security.

PDF Cite PDF (extended)

Johnny So (2025). Protecting the Integrity of Modern Web Resources by Leveraging Patterns of Change.

Cite

Johnny So, Iskander Sanchez-Rola, Nick Nikiforakis (2025). Lost in the Mists of Time: Expirations in DNS Footprints of Mobile Apps. In Proceedings of the 34th USENIX Security Symposium, 2025.

PDF Cite Artifacts

Johnny So, Michael Ferdman, Nick Nikiforakis (2023). The More Things Change, the More They Stay the Same: Integrity of Modern JavaScript. In Proceedings of the ACM Web Conference (WWW), 2023.

PDF Cite Teaser Media Coverage

Brian Kondracki, Johnny So, Nick Nikiforakis (2022). Uninvited Guests: Analyzing the Identity and Behavior of Certificate Transparency Bots. In Proceedings of the USENIX Security Symposium (USENIX Security), 2022.

PDF Cite Talk NSA 11th Annual Best Scientific Cybersecurity Paper

Johnny So, Najmeh Miramirkhani, Michael Ferdman, Nick Nikiforakis (2021). Domains Do Change Their Spots: Quantifying Potential Abuse of Residual Trust. In Proceedings of the IEEE Symposium on Security and Privacy (IEEE S&P), 2022.

PDF Cite Teaser Talk

Timothy Barron, Johnny So, Nick Nikiforakis (2021). Click This, Not That: Extending Web Authentication with Deception. In ACM Asia Conference on Computer and Communications Security (AsiaCCS), 2021.

PDF Cite

Teaching

WSE 380 Rotation: Technical Foundations of a Startup
Instructor Mar 2025 – Apr 2025
CSE 361: Web Security
Teaching Assistant Jan 2025 – May 2025
WSE 380 Rotation: Technical Foundations of a Startup
Instructor Apr 2024 – Apr 2024
WSE 380 Rotation: Honeypots and Intrusion Detection
Instructor Oct 2022 – Nov 2022
WSE 380 Rotation: Honeypots and Intrusion Detection
Instructor Mar 2022 – Apr 2022
CSE 331: Computer Security Fundamentals
Teaching Assistant Aug 2020 – May 2021
CSE 214: Data Structures
Teaching Assistant Aug 2017 – Aug 2018

Service

Paper Reviewer

I contributed paper reviews for the following conferences and journals:

  • International Symposium on Research in Attacks, Intrusions, and Defenses (RAID), External Reviewer: 2023
  • IEEE Transactions on Networking (ToN), Paper Reviewer: 2024
  • ACM Transactions on the Web (TWEB), Paper Reviewer: 2025

Artifact Evaluation Committee

I served on the artifact evaluation committee for the following conferences:

Honors

Graduate Research Day 2024 Best Poster Award Runner-Up
The More Things Change, the More They Stay the Same: Integrity of Modern JavaScript Mar 2024
NSA 11th Annual Best Scientific Cybersecurity Paper
Uninvited Guests: Analyzing the Identity and Behavior of Certificate Transparency Bots Feb 2024

Contact

  • josso [at] cs [dot] stonybrook [dot] edu