Hi, I’m Cat.

I translate law and policy into code at Dynatrace, where I lead the Privacy Engineering team. I’m also developing an introductory online course on privacy engineering and keeping one foot (…sometimes it feels like both feet!) in the world of research, exploring technology’s impact on society with a focus on privacy and human rights. I’m interested in privacy concerns at every layer of the tech stack, but especially so at the hardware level.

Previously, I explored how to bridge the gap between tech and policy as an Internet Society Early Career Fellow and Virtual Routes European Cybersecurity Fellow, hacked CPUs for a living at TU Graz’s ISEC, dived into Privacy and Civil Liberties Engineering for the first time at Palantir, and geeked out over computer architecture and security in my MEng in Computer Science at the University of Bristol.

When I’m not coding, you’ll usually find me in the mountains, either knee-deep in snow or gazing in awe at the views! You can check out some of my adventures here.

Research

• CustomProcessingUnit: Reverse Engineering and Customization of Intel Microcode. Pietro Borrello, Catherine Easdon, Martin Schwarzl, Roland Czerny, Michael Schwarz. 17th IEEE Workshop on Offensive Technologies (WOOT 2023). Best Paper Award 🏅
  • Paper
  • Workshop Recording
  • BlackHat USA 2022 recording
  • Ghidra processor module for static analysis
  • Dynamic analysis framework
• Rapid Prototyping for Microarchitectural Attacks. Catherine Easdon, Michael Schwarz, Martin Schwarzl, Daniel Gruss. USENIX Security Symposium 2022.
  • Paper and Conference Slides
  • Frameworks
• PLATYPUS: Software-based Power Side-Channel Attacks on x86. Moritz Lipp, Andreas Kogler, David Oswald, Michael Schwarz, Catherine Easdon, Claudio Canella, Daniel Gruss. IEEE Symposium on Security & Privacy 2021. CVE-2020-8694 and CVE-2020-8695.
  • Website
  • Paper
  • Conference Recording
  • Music Video (yes, really!)
  • Media: The Register, Computer Weekly, arstechnica, ZDNet
• OpcodeTester: fuzzing tool for undocumented opcodes on x86 and RISC-V.
  • Code
  • Slides
  • Technical Report 2018
  • Master’s Thesis 2019
  • Hacker News discussion

Talks and Articles

I present and write about privacy, security, and policy, with some mountain expeditions thrown in for good measure.

• Observable…Yet Still Private? An Offensive Privacy Perspective on Observability, USENIX Conference on Privacy Engineering Practice and Respect (PEPR), Santa Clara, upcoming June 2025
• Software Security and Privacy: A Geopolitical Perspective (opening keynote), Hagenberg Security Forum, Hagenberg, May 2025
• Security & Privacy by Design in the SDLC: Why, When, How?, SBA Research Security Meetup, Vienna, February 2025
• Teaching dangerous technologies to keep us all safe (Panel), RightsCon, Taipei/virtual, February 2025
• Cybersecurity in Software Development, Virtual Routes European Cybersecurity Fellowship 2024-2025 workshop series, virtual, February 2025
• Responsible AI principles in an ‘apolitical’ industry, Binding Hook (op-ed), October 2024
• Privacy by Design in the SDLC: Why, When, How?, WeAreDevelopers World Congress, Berlin/virtual, July 2024
• That’s rather inappropriate, dear: the challenges of determining ‘appropriate’ measures for personal data deletion, International Workshop on Privacy Engineering (industry track), Vienna, July 2024
• Defence against the Dark Patterns: UX Lessons from the Deceptive Side of the Web, Web Summer Camp (UX track), Opatija, July 2024
• Privacy Leaks Beyond the Class-Level: Protecting Personal Data, Java Vienna, June 2024
• Rights by Design: Privacy Engineering for the Rights of All, 18th Annual Meeting of the United Nations Internet Governance Forum (IGF), Kyoto, October 2023
• Policy Development on Generative AI based on Biometrics & Weaponizing Information Bubbles (Panel), Asia Pacific Regional Internet Governance Forum (APrIGF), Brisbane/virtual, August 2023
• Online Privacy: The Foundation of Digital Rights (Panel), Internet Society Early Career Fellowship Symposium, virtual, July 2023
• Establishing a Long Distance Trail: The Caucasus and UBES(ters), UBES 60th Anniversary Celebration, Bristol, February 2020
• Why Audit Your CPU? Searching for Undocumented CPU Behavior, Third School on Security & Correctness, Graz University of Technology, September 2019
• UBES Expedition Planning Workshop, University of Bristol, May 2019
• Through the Range of Light: Hiking the JMT, UBES Shorts, University of Bristol, February 2019
• Explainable DNNs: What Has Your Network Really Learnt?, Applied Deep Learning Symposium, University of Bristol, December 2018
• Undocumented CPU Behavior: Analyzing Undocumented Opcodes on Intel x86-64, IAIK, Graz University of Technology, June 2018

Academic Service

• ACM CCS: Program Committee (Hardware, Side Channels, and Cyber-Physical Systems Track) 2023, 2024
• USENIX PEPR: Program Committee 2024, 2025
• IACR CHES: Artifact Review Committee 2023

Giving What We Can

I’ve taken the Giving What We Can 🔸 10% Pledge, and I encourage you to do the same if that’s financially feasible for you.

If you’d like to donate but don’t know how or where to start, Giving What We Can has some great resources to help guide you in evaluating which charities can do the most good with your money - and to nudge you to get started! (Check out “How Rich Am I?”)