Luke James Farchione

PhD Student, Computer Science — Cybersecurity

lfarchio@uccs.edu720-879-2642github.com/lukefarch

Education

University of Colorado Colorado Springs

Fall 2025 – Present

PhD in Computer Science — Cybersecurity, Xu Lab

GPA: 4.0 · Advisor: Dr. Shouhuai Xu · Focus: Large Language Models in Cybersecurity

Metropolitan State University of Denver

Spring 2025

B.S. Computer Science, Minor in Mathematics

GPA: 3.8

Research

PhD Researcher

June 2025 – Present

University of Colorado Colorado Springs, Xu Lab

  • Built CASSANDRA, the new state-of-the-art model for CTI NLP and automated TTP extraction from cyber threat intelligence reports; outperforms the USENIX Security 2025 benchmark. Submitted to ACM CCS.
  • Designed Aegis, a cybersecurity visualization tool with an 18-attribute competency framework benchmarked against 12 open-source tools. Submitted to IEEE VIS 2026.
  • Building vulnerability scoring system to address limitations in CVSS methodology.
  • Built CVE-LLM using data from NIST NVD, MITRE, and Exploit-DB with vector retrieval for real-time vulnerability querying.

Lead Researcher, ML and Data Team

Nov 2023 – May 2025

MSU Denver (NSF Funded)

  • Built Bili, an open-source framework for evaluating LLMs across cybersecurity and sustainability domains.
  • Created AI interface for querying security and environmental datasets using vector databases.
  • Evaluated PHI-2, Gemini-Pro, Llama 2, and Mixtral architectures for domain-specific tasks.
  • Coordinated data validation across 1,243 community organizations.

Professional Experience

Independent Security Researcher

2026
  • Discovered cross-user IDOR vulnerability (CVSS 7.5) in Meta AI allowing anonymous read access to private Facebook-authenticated conversations via GraphQL. Awarded $5,000 through Meta Bug Bounty.

Penetration Tester

Aug 2023 – Aug 2025

Devil Dog Cyber Security, Denver, CO

  • Performed penetration testing for oil and gas clients targeting SOC 2 and ISO 27001 compliance.
  • Developed custom payloads and exploit chains for internal red-team engagements.
  • Conducted post-exploitation analysis and delivered executive and technical reports.
  • Built Python/Bash automation for reconnaissance, credential testing, and report generation.

System Administrator

Dec 2022 – Present

Itasca Lakewood (Contractor), Lakewood, CO

  • Manage 70+ TB across Synology NAS devices using SMB, NFS, and rsync workflows.
  • Administer all endpoints, Entra ID, Active Directory, Group Policy, and VPN infrastructure.
  • Implement backup and recovery pipelines using Backblaze B2 and AWS S3.
  • Deploy PowerShell and Bash scripts for patching, system audits, and uptime monitoring.

Mentorship & Leadership

VICEROY Cyber Competition Coach

Fall 2025 – Present

UCCS, Xu Lab

  • Coach and mentor undergraduate VICEROY Fellows in offensive and defensive cybersecurity.
  • Teams placed top 5 in every competition over the past year; qualified for the in-person competition at the 2026 VICEROY Symposium in Washington, DC.

Founder & President, CyberBridge Club

2023 – 2025

MSU Denver

  • Founded and grew cybersecurity club to 100+ members, the largest at MSU Denver.
  • Organized industry speaker events, technical workshops, and hands-on CTF training.

Technical Skills

Programming
Python, C/C++, Rust, Bash, SQL, JavaScript, Java
ML / NLP
PyTorch, Hugging Face Transformers, BERT fine-tuning, RAG pipelines, vector databases
Security
Penetration testing, vulnerability assessment, MITRE ATT&CK, CTI analysis, STIX/TAXII
Infrastructure
Linux, Windows Server, Active Directory, Entra ID, Docker, AWS

Publications & Conferences

  • Aegis: Cybersecurity visualization tool and competency framework. Submitted to IEEE VIS 2026.
  • CASSANDRA: State-of-the-art CTI NLP model for automated TTP extraction from CTI reports. Submitted to ACM CCS 2026.

NSA CodeBreaker Challenge 2023 Finalist (8/9 tasks) · NAIRR Pilot (Feb 2025, Washington DC) · Mountain West Cyber Consortium (April 2025)