Cathy Wang

Cathy Wang

she/her

●v●

About

Hi!

I’m a third‑year Information Systems and Artificial Intelligence undergraduate at Carnegie Mellon University. Most of my work sits at the intersection of software engineering, applied machine learning, and systems.

What I enjoy most is understanding how things behave under the hood. That could mean debugging a backend service, designing a simulation model, or figuring out why a system behaves differently at scale than it does in a test environment.

I’m especially interested in:

  • backend and cloud systems
  • distributed architectures
  • data‑driven applications
  • simulation and security research

In general, I enjoy projects where software interacts with real constraints — performance limits, messy data, or complex real‑world systems.

Software Engineering Experience

I previously worked as a Software Development Intern at Erin Technologies, where I focused on backend infrastructure and production systems.

My work there involved modernizing parts of the company’s backend architecture. This included building and maintaining AWS‑based services, refactoring legacy logic into modular processors, and supporting analytics pipelines used for reporting and operational insights.

What I enjoyed most about that experience was working with real production systems. Writing code that people depend on daily changes how you think about engineering. Stability, maintainability, and clear architecture become just as important as shipping features.

Research: Cybersecurity Simulation and Detection (CASOS Lab)

I work with the CASOS Center at Carnegie Mellon University on research combining cybersecurity analytics, machine learning, and agent-based simulation.

One stream of the work focuses on machine learning–based classification of cyber attacks (from the MITRE ATT&CK framework) using network telemetry and intrusion metrics. Using features derived from network traffic signals (e.g., flow statistics, protocol usage patterns, connection timing, and packet-level indicators from NetFlow or Zeek logs), we train multilayer perceptron (MLP) models to classify activity according to MITRE ATT&CK tactics and techniques. The objective is to automatically map observed traffic behaviors to attacker activities such as command-and-control communication, lateral movement, or data exfiltration. The models learn high-dimensional representations of network behavior and allow rapid classification of attack patterns within simulated or real traffic streams.

A second component of the research examines insider threat dynamics through network analysis and agent-based modeling. In this work we construct simulations where organizational users, defenders, and adversaries are modeled as interacting agents operating over enterprise network topologies. The environment captures factors such as:

  • attacker strategy selection and escalation pathways
  • defender monitoring, response latency, and resource constraints
  • employee communication and file-sharing networks
  • privilege structures and access relationships within the organization

Network analysis techniques are used to model how compromised users or malicious insiders propagate influence or access across the system. The agent-based simulations then evaluate how different defensive strategies—such as anomaly detection thresholds, monitoring placement, or access-control policies—affect attack propagation, system resilience, and recovery time.

From an engineering perspective, this work involves implementing simulation infrastructure, designing feature pipelines for network telemetry, training neural network classifiers for ATT&CK technique identification, and integrating structured threat knowledge bases such as MITRE ATT&CK and MITRE D3FEND into the experimental environment.

Projects

See my projects here!

Technical Background

My coursework combines systems engineering with quantitative modeling.

On the systems side, I’ve studied topics such as computer systems, algorithms, databases, and robotics planning. On the quantitative side, I’ve taken courses in probability, statistical inference, regression, computer vision, and machine learning. I’m also a Teaching Assistant at CMU for probability and statistical inference and I really enjoyed working with students and helping them to learn!

That combination shapes how I approach engineering problems: balancing correctness, performance, and practical constraints.

Outside of Engineering

Outside of programming, I spend a lot of time working with audio.

I enjoy:

  • audio engineering
  • sound editing and mixing
  • recording music
  • playing music! (I play the violin in bands and orchestras)

Audio work has a surprisingly similar mindset to software engineering. Small adjustments can completely change the outcome, and careful attention to detail matters.