About

Academic Journey

I am Zhuoran Tan, a PhD candidate in Computing Science at the University of Glasgow (2023–2026). My research focuses on how complex, multi-stage attacks propagate through software supply chains and AI pipelines, and how to detect and attribute them automatically. I combine graph-based learning (temporal graph analysis, provenance graph mining) with runtime behavioral analysis to build detection systems that go beyond static rules.

Concretely, my published work covers:

Supply chain threat modeling — systematic analysis of APT campaigns that exploit software dependencies (IEEE IoT Journal)
Automated attack attribution — causal graph construction from parallel semantic log parsing (IEEE ICDCS)
Open-source execution datasets — labeled execution traces for reproducible security research (IEEE MSR)
LLM supply chain security — position work on securing LLM development and deployment pipelines (LLMSC @ FSE 2026)

I work primarily with Python, Go, and Rust, and have a strong focus on building tools that are deployable, not just publishable.

Technical Capabilities

Detection & Analysis Pipelines End-to-end threat detection — from data collection (Zeek, ELK, Airflow) through feature engineering and model training to alert triage. Experience with graph databases (Neo4j) and vector search (Milvus) for security analytics.
Security Engineering Hands-on application security across the SDLC: OWASP Top 10 testing, SBOM/SLSA compliance, WAF tuning, log-based IOC matching. Practical blue-team experience with SIEM workflows and network traffic inspection.
AI/LLM Security Jailbreak and prompt-injection evaluation, safety guardrails, model supply chain integrity. Familiar with PEFT fine-tuning, RAG pipelines, and LLMSecOps practices.
Systems & Infrastructure Backend and tooling development in Go and Rust. MLOps with containers, CI/CD, DVC, and MLflow. Cloud experience with AWS ML, Azure Log Analytics, and BigQuery.

Education

PhD in Computing Science

University of Glasgow, United Kingdom
2023 – 2026 (expected)

Supervisors:

Prof Jeremy Singer
Dr Christos Anagnostopoulos

External Supervisors:

Prof Ashkan Sami (Edinburgh Napier University)
Dr Marc Juarez Miro (The University of Edinburgh)

External Collabrators:

Wenbo Guo (Nanyang Technological University)
Run Hao (Aarhus University)
Bo Shao (CISPA)
Chongyang Xu (MPI SWS)
JieWen Luo (Royal Holloway, University of London)

Research focus includes software and AI supply chain security, AI systems security, LLM safety, and temporal graph learning.

Visiting PhD Researcher

University of Edinburgh, United Kingdom
Feb 2026 – May 2026

Visiting research collaboration with Dr Marc Juarez, focusing on Agent/DNN based backdoor detection

MSc in Information Security (with a Year in Industry)

Royal Holloway, University of London, United Kingdom
2018 – 2020

During my MSc studies, I was fortunate to receive high-quality training through rigorous coursework delivered by outstanding and internationally recognised lecturers. These included Lorenzo Cavallaro (Software Security, now at UCL), Martin R. Albrecht (Software Testing: Theory and Practice, now at King’s College London), and Daniele Sgandurra (Computer Security, now an industry research manager), among others.

BEng in Cyber Security & Law Enforcement

People’s Public Security University of China, Beijing
2013 – 2017

Academic Position

Reviewer: Engineering Applications of Artificial Intelligence, Computer Networks, IEEE ICC, IEEE ICDCS
Editorial Board Member: Transnational Supply Chain Resilience
Programme Committee Member: IEEE ICDCS 2025, Open Source SecurityCon (KubeCon + CloudNativeCon NA 2025)

Certificates

I previously held several professional security-related certificates. Some certifications are no longer active, and others were explored but not completed (e.g., OSCP). I consider certifications as complementary to hands-on research, system building, and long-term academic work, rather than as an end goal in themselves.

AWS Certified Machine Learning – Specialty
CREST Practitioner Security Analyst (CPSA): Credential ID 266639836
CompTIA Security+ ce Certification
Remark: OSCP (tried once: finished 3.5 targets, did not try again due to limited time)

Personal Interests

Strategy games (Go, Chinese Chess)
Martial arts and disciplined physical training
Endurance sports and racket sports