|
Head of Security and Compliance |
Oct. 2020 - Feb. 2022
|
|
Skillz |
|
Deployed 3rd party software to automate dynamic and static analysis of applications and source code |
|
Helped maintain a culture of security with guidance, best practices, design reviews, SSDLC, and trainings |
|
Joined as first security hire and grew team to 4 |
|
Created and maintained security roadmap |
|
Managed team of 3 direct reports |
|
Interviewed and screened hundreds of candidates |
|
Oversaw penetration testing engagements |
|
Worked closely with legal and IT on compliance efforts |
Senior Security Engineer |
Nov. 2016 - Jun. 2020
|
|
Uber |
|
Deployed 3rd party software to automate dynamic and static analysis of mobile applications |
|
Designed and built an attestation library for mobile apps (iOS/Android) |
|
Designed and built mobile library for trusted versioning to enforce upgrade requirements (iOS/Android) |
|
Designed and built mobile library for generating and using hardware backed key pair (for strong user identity) |
|
Helped with Bug Bounty reports validation/reproduction |
|
Performed code audits (both individual commits and full product stack) |
|
Helped maintain a culture of security with guidance, best practices, design reviews, SSDLC, and trainings |
|
Gave several organization wide talks on team projects |
Principal Software Engineer |
June 2015 - Nov. 2016
|
|
Bluebox Security (Now part of Lookout) |
|
Participated in the reverse engineering of Pegasus malware |
|
Integrated F5 VPN sdk for application level VPN policy (iOS/Android) |
|
Wrote ELF interposition library for Android |
|
Designed/Wrote Application lifecycle proxy to delay application startup (iOS) |
|
Added MITM detection policy (iOS/Android) |
|
Modified SSL/TLS pinning policy to use SPKI pins (iOS/Android) |
|
Refactored policy parser to use shared code and JSON (iOS/Android) |
|
Researched and created POC hooking mechanism to overcome new iOS9 dyld shared cache binding |
Principal Engineer/Team Lead |
Sept. 2011 - May 2015
|
|
Mocana Corporation |
|
Participated in the development of Mocana Mobile App Protection |
|
Desiged and implemented "Data at Rest" (DAR) injection policy for MAP (Android & iOS) |
|
Implemented "Copy and Paste Protection" injection policy for MAP (Android) |
|
Developed native function interposing library for (Android & iOS) |
|
Primarily responsible for the development of the Mocana Secure Enterprise Browser (Compass) |
Senior Software Engineer |
Jun. 2003 - Sept. 2011
|
|
PGP Corporation (Now part of Symantec) |
|
Led the design, development, and test planning for several major features of PGP Whole Disk Encryption |
|
Updated and maintained tablet PC support in the WDE pre-boot environment |
|
Participated in the development and maintenance of an EFI preboot environment |
|
Wrote interrupt 13h handler for whole disk encryption using MASM and MSVC 1.52c |
|
Participated in the design and development of multiple major releases |
|
Primary developer and maintainer of several major components of PGP Desktop |
|
Designed and implemented AOL Instant Messenger encryption proxy |
|
Rewrote preference system to be XML based (using libxml2) |
|
Participated in update and maintenance cycle of existing PGP products |
|
Designed custom themeable win32 controls |
|
OPEN SOURCE/PERSONAL PROJECTS |
|
mini68k (mc68008 Single Board Computer) |
Jun. 2018 - Present
|
|
|
Prototyped on breadboards |
|
Built schematic & layed out PCB in KiCad |
|
Translated BIOS to gasm syntax |
teensy-nextkb (Teensy AVR code to interface/emulate a NeXT non-ADB keyboard/mouse) |
Jan. 2012 - Jan. 2013
|
|
|
Using a logic analyzer, reverse-engineered the NeXT kb/mouse protocol |
|
Used existing open-source PS2 kb/mouse libraries to translate/emulate the NeXT kb/mouse protocol |
|
Prototyped a PS2 to NeXT non-ADB kb/mouse adapter using a Teensy-2.0 |
rideSF.com (San Francisco bicycle trip planner *Currently inactive*) |
Aug. 2009 - Mar. 2010
|
|
|
Combined publicly available data to form a database of linestrings and meta-data |
|
Wrote several small utilities to sort, combine, and pre-process data set |
|
Designed and implemented web front-end in PHP, Javascript, and CSS |
|
Implemented iPhone/iPod touch compatible front-end |
|
Wrote flexible back-end that returns route data in multiple standard formats (GPX, KML, JML, WKT, & JSON) |
|
Provided public web API for external use (Used by Baytripper iPhone app) |
|
|
Displays CPU/MEM usage |
|
Enumerates Storage and User information |
|
|
Game Center integration |
|
Auto completion and predictive moves |
Scannerly (an iOS app to scan the local network) |
Jan. 2016
|
|
|
Written in Swift |
|
Scans local network using UDP and ARP requests |
Rokumote (an iPhone/iTouch app that allowed remote control of the Roku DVP) |
Mar. 2009 - Jan. 2016
|
|
|
Rewritten in Swift |
|
Wrote iOS app using Xcode and iPhone SDK |
|
Published three versions to App store |
|
Searches local network using SSDP to find Roku Devices |
|
Controls Roku Device via TCP commands |
Pidgin Currenttrack (Pidgin IM plugin that interfaces with multiple Media players) |
Aug. 2005 - Aug. 2007
|
|
|
Wrote GTK+ options UI |
|
Builds in Windows, Linux, and OSX |
|
Fetches Album art from iTunes or Amazon.com |
|
Interfaces with 12 Media players in multiple operating systems |
Linux4.be (Project to port Linux to the Casio BE-300) |
Jun. 2002 - Jun. 2003
|
|
|
Developed serial console driver and kgdb stub |
|
Contributed to development of serial driver |
|
Wrote non-interrupt driven button based scanning keyboard driver |
|
Wrote several tutorials for creating ramdisks |
|
|