Sumanth Rao

Email: svrao@ucsd.edu
Google Scholar
LinkedIn
GitHub

Education:
Ph.D. in Computer Science (expected 2027)
University of California, San Diego

M.S. in Computer Science (2021 - 2025)
University of California, San Diego

More personal:
Some photos I've taken across the US 📸

I am a PhD student at the Department of Computer Science and Engineering at the University of California, San Diego. My advisors are Stefan Savage and Geoff Voelker.

My work centers on empirical analysis of real-world threats, including ransomware attacks on hospitals, large-scale email abuse, automotive security, and broader threats to critical infrastructure. I am also a part of the Sysnet and CryptoSec research groups. My hometown is Bangalore (ಬೆಂಗಳೂರು), India.

Education:
Ph.D. in Computer Science
(expected 2027)
University of California, San Diego M.S. in Computer Science
(2021 - 2025)
University of California, San Diego

Recent Publications

Paper under embargo
Jerry Yu^*, Yibo Wei^*, Sumanth Rao, Mohak Vaswani, Jefferson Chien, Christian Dameff, Nishant Bhaskar, Aaron Schulman.
To appear at USENIX Security, Baltimore, MD, August 2026

Lost in Translation: Text Message Spoofing via Email
Sumanth Rao, Ye Shu, Stefan Savage, Aaron Schulman, Geoffrey M. Voelker, Enze Liu.
To appear at IEEE Symposium on Security and Privacy (Oakland), San Francisco, May 2026

Patient Care Technology Disruptions Associated With the CrowdStrike Outage
Jeffrey L. Tully^*, Sumanth Rao^*, Isabel Straw, Rodney A. Gabriel, Chris Longhurst, Stefan Savage, Geoffrey M. Voelker, Christian J. Dameff.
JAMA Network Open, July 2025

[pdf] - News: Wired, Forbes

Unfiltered: Measuring Cloud-based Email Filtering Bypasses
Sumanth Rao, Enze Liu, Grant Ho, Geoffrey M. Voelker, Stefan Savage.
ACM Web Conference (WWW), Singapore, May 2024

[pdf] - [talk] - [poster] - News: DarkReading, ACM TechNews, TL;DR Sec

(^* denotes equal contribution)
See all publications

Industry Experience

Corelight
Research Intern (Jun 2025 - Sep 2025)
Corelight Labs. Mentors: Yacin Nadji, Vern Paxson. Fingerprinted malicious domain controllers in E/W traffic from Zeek logs.

Google
Software Engineering Intern (Jun 2022 - Sep 2022)
Virtual Cluster, Google Cloud Platforms. Improved user experience when spawning new Borg clusters.

Citrix
Software Engineer (Aug 2020 - Aug 2021)
Citrix Licensing team. Designed a Docker-based automation framework deployed via a hybrid cloud model.

Awards

- 2024. Finalists, NatSec Hackathon (Stanford DEFCON and Shield Capital)
- 2021-2022. Receipent of JN Tata Scholarship.

Services

- Program Committee, Research in Attacks, Intrusions and Defenses (RAID) 2026
- Academic Integrity Review Board (AIRB), UC San Diego (2026-2027)
- GradWIC Board Member, UCSD Graduate Women in Computing (2024).

Talks

- [Feb 2025] CAIDA AIMS-5, Measuring hospital ransomware Attacks
- [May 2024] WWW'24, Unfiltered: Measuring Cloud-based Email Filtering Bypasses
- [March 2024] FTC PrivacyCon 2024, Panel 6: Mobile Device Security
- [Nov 2022] Google Open Source YouTube, Having a great GSoC as an Open Source Newbie!

Open Source

I'm a big advocate for Open Source and have been involved in Google Summer of Code (GSoC) for a few years now. I've mentored five GSoCers (2020 (1), 2020 (2), 2021, 2024) during this time. In fact, I was myself a GSoC student in 2019 with the Zulip Open Source Project.