About Chris Allsman

Please see my resume here for a complete list of my experience. I have some projects listed here, but at the moment they are mostly an archive of my undergraduate course projects.

Security

Since September 2020, I have worked as a Software Engineer for OpenText's Static Application Security Testing (SAST) product. Primarily, I work on various frontend components which entail utilizing techniques from compiler construction to generate an intermediate representation (IR) of the source program for use in downstream analysis to identify security vulnerabilities.

Increasingly, I have done work that interacts with program analysis algorithms (primarily related to dataflow analysis/abstract interpretation). Most recently, I've been working closely with security researchers on a new API for defining security rules which allows rule writers to cleanly and transparently introduce language-specific notions for how analysis should be conducted.

Some resume-style bullet points:

  • Own frontend modules for Solidity, PL/SQL, and the JavaScript frameworks SAPUI5, Handlebars, and Vue
  • Augmented higher-order analysis for JavaScript/TypeScript by bundling and leveraging type information to optimize IRs
  • Oversaw the migration of legacy modules to a next-generation analysis pipeline, including the migration of approximately 500 rules

A collection of logos for programming languages

An illustration of a likelihood statistic computed by an attacker and how it fails under significant genetic admixture.

Privacy

From 2022-2025 I pursued a Master's degree in Biomedical Informatics at Columbia University. My thesis research, under Dr. Gamze Gürsoy was titled "Evaluating Privacy-Preserving GWAS Summary Statistic Release", where I explored the utility and protection offered by differential privacy (DP) in the context of genetic association studies.

This research builds on seminal research on membership inference attacks in the context of genome-wide association studies (GWAS). A GWAS identifies associations between genetic variants and a characteristic like disease status. Because genetic variants are highly identifying, often only summary-level statistics are released. Prior work has shown that this is sufficient for an attacker to determine if an individual took part in the study.

This work is in preparation for submission, so in lieu of linking my thesis I will summarize my contributions:

  • Perform membership inference attacks under a variety of distributional assumptions (e.g., for statistics computed in the presence of genetic admixture) to characterize scenarios in which they are successful
  • Augment existing DP mechanisms by utilizing public reference statistics to reduce the variance of noise added to preserve privacy
  • Generate tighter bounds on the privacy protection of DP mechanisms under specific distributional assumptions, leading to actionable guidance for genetic data scientists deciding how to release statistics.

More broadly, I am interested in privacy-preserving systems across various applied areas and identifying privacy norms relevant to those contexts.


Just Technology

Justice-Oriented Research Practices

While at Columbia, I was involved with the Justice Informatics Collaborative - a student-led group created to explore the sociopolitical and historical context of informatics research and identifying resources for conducting justice-oriented research. In this capacity, I was involved in two major lines of work:

  1. In 2022, a workshop was held to engage biomedical informatics practitioners in identifying gaps, priorities, and opportunities for conducting justice-oriented research. I became involved in a qualitative (thematic) analysis of workshop transcripts and written artifacts to synthesize principles of justice applicable across biomedical informatics disciplines.

    A paper titled Contextualizing key principles to promote a justice-oriented informatics research agenda: proceedings and reflections from an American Medical Informatics Association workshop is in press at the Journal of the American Medical Informatics Association.

  2. Building off of this work, I authored two abstracts accepted as podium talks at the 2023 and 2024 AMIA Annual Symposia. Notes for the latter talk, which I co-presented, are available online. These talks included a discussion on how to operationalize principles of justice and our perspectives on starting and expanding a grassroots, trainee-led group committed to principles of justice, equity, and anti-racism.
A figure titled 'Principles for justice-oriented research' with five columns, each containing an icon and the title of the principle.

Teaching

I view education as a way to empower practitioners to conduct work that embodies their values and as a mechanism by which students can begin to envision themselves as practitioners. From 2017-2019, I was involved with undergraduate education at UC Berkeley and continued to teach as a volunteer teacher for the 2021-2022 school year through the Microsoft TEALS Program.

Though my experience has primarily been in introductory (CS0/CS1) courses, I am interested in opportunities to explore privacy/security education and justice-centered computing education at any level.

Some accomplishments:

  • Taught CS 61A at UC Berkeley for 6 semesters, including 2 semesters as a Head TA and a summer as a co-instructor where I was given a teaching effectiveness rating of 6.2/7
  • Recognized as an Outstanding GSI and for Outstanding Undergraduate Teaching and Leadership
  • Developed and piloted a new project, presented at SIGSCE 2020 and still used in the course 6 years later
  • Served with Computer Science Mentors for 6 semesters, including as a course coordinator and Internal Vice President. The organization provided small-group, personalized teaching for ~1,000 students each semester. I'm especially proud that I was able to mentor dozens of very talented junior teachers (and maintained the infrastructure to train hundreds more).

An image of me lecturing on stage