Areas of Interest
- Web and Mobile Security
O’Reilly Media, Sebastopol, CA
Live Online Training (LOT) Instructor, January 2021 to present
- Designed and led Live Online Training session “Web Application Security Fundamentals”. First session on January 19, 2021 had 201 live attendees.
Tufts University, Medford, MA 02155
Associate Teaching Professor, September 2019 to present
International Relations Program Core Faculty Member, September 2017 to present
Senior Lecturer, Department of Computer Science, September 2015 to August 2019
Lecturer, September 2009 to August 2015
- Awarded the 2017 Lerman-Neubauer Prize for Outstanding Teaching and Advising, awarded annually to a faculty member of Arts and Sciences or of Engineering who has had a profound intellectual impact on his or her students, both inside and outside the classroom.
- Mentored Winnona DeSombre’s paper “Getting Harder to Catch: Analyzing the Evolution of China’s Cyber Espionage Campaigns against the United States through a Case Study of APT1” that was published in 2017 Journal of International Relations by the National Office of Sigma Iota Rho (SIR), the International Relations Honor Society. Poster presented at 2017 Women in Cyber Security (WiCyS) Conference in Chicago, IL.
- Mentored Tufts semi-finalist team in the 2017 Atlantic Council Cyber 9/12 Student Competition (Kieran Green, Alice Lee, Maretta Morovitz, Winnona DeSombre).
- Awarded the 2016 Henry and Madeline Fischer Award, awarded annually to a faculty member of the School of Engineering judged by graduating seniors of the School of Engineering to be “Engineering’s Teacher of the Year.”
- Awarded the 2016 Tufts Teaching with Technology Award
- Awarded 2016-2017 Tufts Innovate Seed Grant for an interdisciplinary course on Cybersecurity and Cyberwarfare in the amount of $7,694 with Jeff Taliaferro (Political Science)
- Mentored Tufts team (Alice Lee, Max Bernstein, Tom Hebb, Winnona DeSombre, and Maretta Morovitz) in 2016 inaugural MITRE Embedded Capture The Flag (eCTF) Competition that was awarded “Iron Flag” for being the only team to successfully design a secure system that defended every flag from its attackers
- Mentored Microsoft Imagine Cup Software Design Competition, 2012 US Finalist Team “Team Eos” (Jason Cheng, Wenshiang Chung, Gregory Wong, Xihan Zhang).
- Mentored Microsoft Imagine Cup Game Design Competition, 2010 US Finalist Team “Team AwesomeSauce” (Anit Das, Gilad Gray, Cobin Dopkeen, and Nadia Rodriguez).
Courses at Tufts University
- COMP 116: Computer System Security (a.k.a., Introduction to Security)
- Taught in Spring 2011, Spring 2012, Fall 2013, Fall 2014, Fall 2015, Fall 2016, Summer 2017 (online), Fall 2017, Spring 2018, Summer 2018 (online), Fall 2018, Summer 2019 (online), Fall 2019, Spring 2020, Summer 2020, Fall 2020, Spring 2021
- COMP 20: Web Programming
- Taught in Fall 2009, Fall 2010, Spring 2011, Summer 2011, Spring 2013, Spring 2014, Fall 2014, Spring 2015, Fall 2015, Spring 2016, Summer 2016 (Online), Fall 2016, Spring 2017, Summer 2017 (online), Fall 2017, Spring 2018, Summer 2018 (online), Fall 2018, Spring 2019, Summer 2019 (online)
- Grew the course from 11 students in fall 2009 to 119 in spring 2013.
- COMP 97 and 98: Senior Capstone Project I and II
- Taught in 2012 - 2013, 2013 - 2014, 2018 - 2019, 2019 - 2020, 2020 - 2021 academic years
- Formerly known as Software Engineering. Changed requirement from a one semester project experience to a one academic year project experience.
- Required for all undergraduate Computer Science majors through the School of Engineering.
- COMP 50: Computer Science for Future Presidents
- Taught in Fall 2019 with Susan Landau
- Created course with Susan Landau as first course in Cyber Security and Public Policy Master’s Program
- COMP 50 / PS 188: Cyber Security and Cyber Warfare
- Taught in Spring 2017, Spring 2019, Spring 2020
- Cross-listed with Department of Political Science
- COMP 150-MMD: Mobile Medical Devices and Apps
- Taught in Fall 2014, Spring 2016, Spring 2018
- First cross-listed with Department of Electrical and Computer Engineering in over a decade
- COMP 120: Web Engineering
- Taught in Spring 2010, Spring 2011, Fall 2011, Fall 2013, Spring 2015, Spring 2016, Spring 2017
- COMP 23: Introduction to Game Development
- Taught in Spring 2008, Spring 2009, Summer 2009, Spring 2010, Summer 2010, Fall 2010, Spring 2012, Spring 2014, Fall 2015
- Course was given an official course number in spring 2014.
- Named one of the nation’s coolest engineering courses by the American Society for Engineering Education (ASEE) in 2011 (see http://www.prism-magazine.org/summer11/feature_01.cfm)
- COMP 150-ISW: Music Apps on the iPad
- Taught in Spring 2012, Spring 2013, Spring 2015
- Cross-listed with Department of Music
- COMP 15: Data Structures (the second course in the Computer Science curriculum)
- Taught in Fall 2011, Summer 2012, Fall 2012
- Developing Computer & Interactive Media (Precollege Course for High School Students)
- Taught in Summer 2012
- Course websites, overall course ratings, and overall performance of instructor ratings available at http://mchow01.github.io/courses/
Middlesex Community College, Lowell, MA 01852
- Spring 2008, Spring 2009: Cyber Security
- Taught classroom-based sessions for Middlesex Community College, who received a grant from the University of Pittsburgh Medical Center (UPMC) to offer the course. The course was part of the Community Preparedness Schoolhouse, which is a component of UPMC’s Strategic Bio-Defense Emergency Operations and Communication System.
- Lectured on the goals of cyber security, laws and regulations, threats, vulnerabilities, information resources, and cyber security policy.
- Created basic demonstrations on password cracking, packet sniffing, scanning, and backdoors.
Tufts University Experimental College, Medford, MA 02155
- Spring 2007: Security, Privacy, and Politics in the Computer Age
- Created new lectures on software security, regulatory compliance, digital forensics, and data security.
- Assigned two high-level security design projects.
- Demonstrated a digital investigation of a compromised web server using a virtual machine and Windows Sysinternals.
- Demonstrated vulnerable and insecure web applications written in PHP.
- Spring 2006: Introduction to Game Development
- Lectured on various aspects of game development including: Java programming, 2D graphics, animation, user interaction, 3D graphics, modeling, game genres, and ethics in gaming.
- Placed students in teams to develop complex 2D games with design documentation.
- Spring 2005: Security, Privacy, and Politics in the Computer Age
- Lectured on computer security, privacy, and political issues including: open source and free software, malware, spam, rootkits, buffer overflow, intrusion detection, reverse engineering of software, wireless and location-based privacy, and Radio Frequency Identification (RFID) tags.
- Assigned two debates and two expert panel sessions.
- Hosted a colloquium entitled “Building Privacy-Aware Applications” with guest speaker JC Cannon from Microsoft for the Tufts Department of Computer Science.
Presentations and Publications
- Packet Analysis Using Wireshark. Intro Sec Con (@IntroSecCon), Virtual Conference, April 25, 2020.
- Lessons from an Undergraduate Course in Cybersecurity and Cyber Warfare - Is Our Children Securing? Presented with Matt Weinberg. Circle of HOPE, Hotel Pennsylvania, New York, NY, July 21, 2018.
- Why Git and GitHub? on GitHub Panel GitHub: Real-World Tools, Engaged Students. ACM SIGCSE 2018, Baltimore, MD, February 22, 2018.
- Panel: Mentoring The Next Generation of Security Talent (with Sandy Carielli, Tim Ferguson, Laurene Hummer, and Daniel Nelson). SOURCE Conference Boston 2017, Marriott Tremont, Boston, MA, April 27, 2017.
- Panel: Breaking Into InfoSec (with Keith Hoodlet, Tracy Maleeff, and Justin Pagano). BSides Boston Security Conference, Harvard University Science Center, Cambridge, MA, April 15, 2017.
- Invited Talk: The Hard Problems in Security. Rocket Build 2016, InterContinental Hotel, Boston, MA, November 30, 2016.
- Computer Science Curricula’s Failure - What Can We Do Now? (Presented with Roy Wattanasin)
- 2016 ISSA International Conference, Hyatt Regency Dallas, Dallas, TX, November 1, 2016. (declined)
- The Eleventh HOPE, Hotel Pennsylvania, New York, NY, July 23, 2016.
- SOURCE Conference Boston 2016, Marriott Tremont, Boston, MA, May 18, 2016.
- New England Security Day Spring 2016, Harvard University, Cambridge, MA, April 28, 2016
- So What is Being Exposed From IoT Devices? The Security of Things Forum, Sheraton Commander Hotel, Cambridge, MA, September 10, 2015.
- The Blame Starts with Computer Science Curricula. BeaCon 2015 Mini-Conference, The Red Hat, Boston, MA, May 30, 2015.
- Swift and Security. OWASP Boston Chapter Monthly Meeting, Akamai Technologies, 8 Cambridge Center, Cambridge, MA, December 3, 2014.
- Security Weekly, Episode 394. http://securityweekly.com/2014/11/07/check-out-episode-394-interview-with-ming-chow/
- A Growing Mongo Problem! Boston Security Conference #3, Microsoft New England Research and Development Center, Cambridge, MA, October 20, 2014.
- Information Security Careers & Education Panel. BSides Boston Security Conference, Microsoft New England Research and Development Center, Cambridge, MA, May 10, 2014.
- Abusing Mobile Games. BSides Boston Security Conference, Microsoft New England Research and Development Center, Cambridge, MA, May 10, 2014.
- Abusing Mobile Games. Raytheon BBN Technologies, Cambridge, MA, March 24, 2014.
- The Silver Bullet Security Podcast with Gary McGraw, Episode 94. http://www.cigital.com/silver-bullet/show-094/
- Understanding the Threat Profile of Mobile Apps. Mobile & Smart Device Security 2013, Renaissance Boston Waterfront Hotel, Boston, MA, November 20, 2013.
- Mobile Web Apps: What You Need to Know. Mobile & Smart Device Security 2013, Renaissance Boston Waterfront Hotel, Boston, MA, November 19, 2013.
- Abusing NoSQL Databases. OWASP Boston Chapter Monthly Meeting, Akamai, Cambridge, MA, October 2, 2013.
- Abusing NoSQL Databases. DEF CON 21 Hacking Conference, The Rio All Suite Hotel and Casino, Las Vegas, NV, August 2, 2013.
- Capture the Flags. OWASP Boston Application Security Conference (BASC) 2012, Microsoft New England Research Development Center, Boston, MA, October 13, 2012.
- Android Forensics. InfoSec World Conference and Expo 2012, Disney’s Contemporary Resort, Orlando, FL, April 3, 2012.
- Abusing HTML5. 2011 Intel Security Conference, Intel - Hillsboro, Hillsboro, OR, November 17, 2011.
- Abusing HTML5. DEF CON 19 Hacking Conference, The Rio All Suite Hotel and Casino, Las Vegas, NV, August 6, 2011.
- Android Apps Development Boot Camp. Design Automation Conference (DAC) 2011, San Diego Convention Center, San Diego, CA, June 6, 2011.
- HTML5 Vulnerabilities and Precautions. InfoSec World Conference and Expo 2011, Disney’s Contemporary Resort, Orlando, FL, April 20, 2011.
- HTML5 Security. OWASP Boston Application Security Conference (BASC) 2010, Microsoft New England Research Development Center, Boston, MA, November 20, 2010.
- Security Issues and Crime Pertaining to Online Games. High Technology Crime Investigation Association - New England Chapter (HTCIA-NE), Boston, MA, September 9, 2010.
- Investigations and Incident Response Using BackTrack. High Technology Crime Investigation Association - New England Chapter (HTCIA-NE), Boston, MA, September 22, 2009.
- Designing an Implementation-Based Game Development Course. Game Education Summit, Carnegie Mellon University, Pittsburgh, PA, June 17, 2009.
- Ming Chow & Gary McGraw, editors. (2009) Securing Online Games, a special issue of IEEE Security & Privacy, Volume 7, Number 3, May/June 2009.
- Internet Investigations 2.0: Privacy & New Technologies. Greater Boston Chapter of the Association of Certified Fraud Examiners (ACFE), Boston, MA, September 19, 2008.
- Use of the Internet in Fraud Investigations
- Massachusetts Office of the Attorney General, Boston, MA, September 18, 2009.
- International Association of Law Enforcement Intelligence Analysts (IALEIA) - New England Chapter, Franklin, MA, October 3, 2008.
- New England Association of Insurance Fraud Investigators (NEAIFI) 3rd Annual Training, Westford, MA, June 11, 2008.
- John Hancock, Boston, MA, October 24, 2007.
- Greater Boston Chapter of the Association of Certified Fraud Examiners (ACFE), Boston, MA, September 21, 2007.
- Q&A Regarding Using the Internet for Investigations. New England International Association of Special Investigation Units (NEIASIU), Westborough, MA, March 14, 2008.
- Joint Educational Initiatives to Address Cybercrime Incident Response. High Technology Crime Investigation Association - New England Chapter (HTCIA-NE), Boston, MA, August 9, 2007.
- Google: The Search Engine and Its Tools. New England Association of Insurance Fraud Investigators (NEAIFI) 2nd Annual Training, Westford, MA, June 13, 2007.
- Teaching Computer Security, Privacy and Politics to the Masses, ;login: The Magazine of USENIX & Sage, vol. 30, no. 6, pp. 62-63, December 2005.
- What is Outstanding in Your Security and Compliance Practice? Northeast Regional Computing Program (NERCOMP) Workshop: Achieving Optimal Security and Compliance in Higher Education, University of Massachusetts Amherst, November 14, 2005.
Harvard University Department of Environmental Health & Safety (EH&S), Cambridge, MA 02139
Program Support Specialist, July 2004 - June 30, 2010
- Co-invented contractor assessment process, a cost-effective and efficient method to pre-qualify contractors and sub-contractors for safety performance. U.S. Patent Application No.12/271,128 filed on November 14, 2008, and granted IP to University. See http://www.techtransfer.harvard.edu/inventions/startupventures/examples/ for more details.
- Redeveloped the Harvard EH&S Training Management System and business process to better manage the training requirements for over 12,000 Harvard personnel. Led a team of two developers to develop the web application. Implemented training assessment form, training action plan, and employee management components.
- Designed and developed web application for tracking asbestos waste shipment records for construction projects at the University. System allows the University to track regulatory compliance dates and ensure all asbestos waste is disposed at Harvard approved disposal sites in an appropriate manner and timeframe.
- 2006 Harvard Heroes honoree: for leadership, teamwork, adaptability, and work that set new standards for performance at Harvard University.
- Spearheaded the redesign of the University Operations Services (UOS) service organization website that receives over 20,000 unique visitors per month. Redesigned UOS website was rolled-out in June 2008. See http://www.uos.harvard.edu/.
- Coordinated the migration of 45,000 Social Security Numbers to an alternative form of ID in the EH&S Radiation Protection Office’s electronic recordkeeping system and in all Harvard accounts managed by vendor Landauer, Inc., in compliance with the Harvard University Enterprise Security Policy.
- Performed a risk analysis and mitigation strategy for the EH&S Radiation Protection Office’s electronic recordkeeping system.
- Developed the Harvard EH&S Daytime and After-Hours On-Call web application to coordinate weekly emergency responders for the EH&S department and the Harvard University Operations Center.
Harvard University Department of Environmental Health & Safety (EH&S), Cambridge, MA 02139
Information Technology Support Associate, June 2002 - June 2004
- Developed two web applications to manage over 2,000 confined spaces and facility equipments (e.g., boilers, generators) at the University for regulatory compliance.
- Developed an access control web application to manage over 400 users at the University for the web applications on the University Operations Services (UOS) service organization domain.
- Trained department staff members on the fundamentals of computer security and on emerging technologies.
- Awarded third place in the 2003 Campus Safety Health and Environmental Management Association (part of the National Safety Council) Home Page Contest.
Harvard University Department of Environmental Health & Safety (EH&S), Cambridge, MA 02139
Technology Support Intern, March 2000 - May 2002
- Developed the Hazardous Waste Online Pickup Request / Services application to manage hazardous waste pickup requests, supply requests, and technical assistance. Application is still in operation and over 200 requests are submitted per month from the laboratories at Harvard. Saved the department the cost of one full-time staff assistant.
- Developed the first homegrown web application in the department, the Hazardous Waste Labeling Reference Tool to mitigate the most cited hazardous waste violation of mislabeling hazardous waste containers. This tool is still in operation and receives over 200 queries a month.
- Maintained the department’s website.
Tufts University Department of Electrical Engineering and Computer Science, Medford, MA 02155
Teaching Assistant for Computer Science 15: Data Structures, Fall 1999 - Fall 2000, Fall 2002 - Spring 2003
- Assisted students in implementing large programming assignments in C++.
- Led review sessions for assignments and examinations.
- Graded assignments and examinations.
Lycos, Inc., Waltham, MA 02451
Summer Intern for the Lycos Quality Assurance Team, Summer 1999
- Ran automated test tools to scan for defects on the Lycos web site.
- Compared the website against competing sites on usability, layout and design, and consistency of information.
- Designed test plans for Lycos’ gaming portal and safe search engine.
BSides Las Vegas Security Conference Proving Ground Track Mentor
- 2019: Joe O’ Connell
- 2018: Andrew Gish-Johnson
- 2017: Nitha Suresh
- 2016: Filip Reesalu
- 2015: Lokesh Pidawekar
- 2014: Caroline Hardin
- Databases: CouchDB, MongoDB, MySQL, Oracle, PostgreSQL, SQLite
Tufts University, Graduate School of Engineering, Medford, MA 02155
- Master of Science in Computer Science, 2004
Tufts University, School of Engineering, Medford, MA 02155
- Bachelor of Science in Computer Science, 2002, Cum Laude
- Double-Majored in Computer Science and Mathematics