Luke James Farchione

PhD, Cybersecurity · Xu Lab, advised by Dr. Shouhuai Xu

GPA: 4.0 · Colorado Springs, CO

B.S. Computer Science, Minor in Mathematics

GPA: 3.8 · Denver, CO

University of Colorado Colorado Springs, Xu Lab · Colorado Springs, CO

• Built CASSANDRA, a model-training method for extracting MITRE ATT&CK techniques from cyber threat intelligence reports; SOTA result at 75× smaller model size.
• Developed Aegis, an open-source cybersecurity visualization tool, and an 18-attribute framework for comparing attack, defense, system, and analyst-support capabilities across 12 tools.

MSU Denver, NSF-Funded Sustainability Hub · Denver, CO

• Led data and ML work for Bili, an open-source framework for evaluating LLMs across sustainability tasks using Python, RAG workflows, vector search, etc.

Bug Bounty Research · Meta, DoorDash, Airbnb

• Reported a CVSS 7.5 cross-user IDOR in Meta AI that exposed private Facebook conversation history through a GraphQL endpoint; awarded $5,000.
• Reported a CVSS 9.1 / P1 unauthenticated DoorDash delivery-data exposure involving customer addresses, GPS coordinates, delivery instructions, entry codes, dasher names, and dasher phone numbers. Also a CVSS 7.5 against their Sendbird database, leaking all users.

Devil Dog Cyber Security · Denver, CO

• Performed penetration testing and red-team work for oil and gas clients, including web testing, payload development, exploit chaining, Active Directory review, and remediation writeups.

Itasca Lakewood · Lakewood, CO

• Administered identity, endpoints, VPN, backups, and storage for a small engineering office; managed Entra ID, Active Directory, Group Policy, Synology NAS, Backblaze B2, AWS S3, PowerShell, and Bash.

UCCS, Xu Lab · Colorado Springs, CO

• Coached undergraduate VICEROY Fellows in CTF-style offensive and defensive security; teams placed top 5 across the season and finished 2nd at the 2026 VICEROY Symposium. Military-focused CTFs, including disarming cruise-missile swarms within a time limit.

MSU Denver · Denver, CO

• Founded and grew MSU Denver's cybersecurity club to 100+ members; organized CTF training, guest talks, technical workshops, and hands-on security events.