Hi, I’m Tom

My name is Tom Ganz and I am currently living in London and working as a engineer @Amazon. I am interested in computer security and machine learning. Feel free to send me an E-Mail using my PGP key.

Academical Merits

• PhD Machine Learning and IT Security @Technical University of Berlin
• Msc. Computer Science @University of Applied Sciences Karlsruhe
• Bsc. Applied Computer Science @Corporate State University Karlsruhe

Patents

• Tom Ganz, Martin Härterich, Philipp Rall: Directed fuzzing for vulnerability detection US12386978B2
• Erik Imgrund, Tom Ganz, Martin Härterich: Measuring confounding effects in machine learning-based vulnerability discovery USUS20250173442A1
• Tom Ganz, Martin Härterich, Erik Imgrund: Patch-based vulnerability discovery using machine learning US20250173443A1

Publications

• Tom Ganz: PhD Thesis: Software Defect Localization Using Explainable Deep Learning (TU Berlin 2024)
• Felix Weißberg, Jonas Möller, Tom Ganz, Erik Imgrund, Lukas Pirch, Lukas Seidel, Moritz Schloegel, Thorsten Eisenhofer and Konrad Rieck: SoK: Where to Fuzz? Assessing Target Selection Methods in Directed Fuzzing (ASIACCS 2024)
• Tom Ganz, Erik Imgrund, Martin Härterich, Konrad Rieck: PAVUDI: Patch-based Vulnerability Discovery using Machine Learning (ACSAC 2023)
• Erik Imgrund, Tom Ganz, Martin Härterich, Lukas Pirch, Niklas Risse, Konrad Rieck: Broken Promises: Measuring Confounding Effects in Learning-based Vulnerability Discovery (CCS AISec 2023)
• Tom Ganz, Erik Imgrund, Martin Härterich, Konrad Rieck: CodeGraphSMOTE - Data Augmentation for Vulnerability Discovery (DBSEC 2023)
• Tom Ganz, Philipp Rall, Martin Härterich, Konrad Rieck: Hunting for Truth: Analyzing Explanation Methods in Learning-based Vulnerability Discovery (Euro S&P 2023)
• Tom Ganz, Inaam Ashraf, Martin Härterich, Konrad Rieck: Detecting Backdoors in Collaboration Graphs of Software Repositories (CODASPY 2023)
• Tom Ganz, Martin Härterich, Alexander Warnecke, Konrad Rieck: Explaining Graph Neural Networks for Vulnerability Discovery (CCS AISec 2021)

Academic Services

• Reviews for IEEE Access, TOSEM, CCS AISec
• Subreviews for S&P

Other Stuff

• Master Thesis: Assessing and selecting Eps for differentially private Federated Learning with Inference Attacks
• ML powered Binary analysis
• Autonomous System Spam Monitor
• Security Paper Aggregator
• AI-supported flash cards
• Device Fingerprinting
• Hash Collisions in Java
• My (inactive) Hackerrank
• Cruzzer

Awards

• NextGen Security Automation Amazon Hackathon 1st Place Award 2025
• AISec CCS Best Paper Award 2021

Invited Talks

• @Memgraph Graph-based vulnerability discovery 2024
• Cooperate State University Karlsruhe 2022: Lecturer for Compiler Engineering
• SAP Conference on Machine Learning 2022: Explainable Fuzzing
• SAP Conference on Machine Learning 2022: Graph Autoencoders - on the Hunt for Malicious Commits
• SAP Development Kick-Off Meeting: Automated Analysis of Source Code Repositories using Machine Learning
• SAP Conference on Machine Learning 2021: Intelligently Protect the Enterprise - What machines may learn about graphs in your software
• SAP Security Expert Summit 2021: Intelligently Protect the Enterprise - What machines may learn about graphs in your software

Check out my LinkedIn to see my current CV.