Hoss Shafagh

Engineering Manager

Los Gatos, California, United States14 yrs 5 mos experience

Most Likely To SwitchHighly Stable

Key Highlights

Expert in cryptography and data privacy.
Led innovative cryptographic infrastructure at Netflix.
Published research on secure data processing.

Stackforce AI infers this person is a cryptography and IoT security expert with extensive experience in secure data processing.

Contact

Skills

Core Skills

CryptographyTeam LeadershipPublic Key Infrastructure (pki)Crypto AgilityPublic Key InfrastructureTls Certificate ManagementCryptographic Access ControlEncrypted Data ProcessingSecure Data ProcessingAccess ControlData ProcessingSecure CommunicationSecure Iot ApplicationsPublic-key-based AuthenticationSecurity In 6lowpan/ipv6Security Protocol Evaluation

Other Skills

Project ManagementService-to-Service AuthenticationSecure System DesignSecure Communication ProtocolsKey ManagementDecentralized AuthorizationData SharingIndustry CollaborationAutomationDTLS ProtocolProgramming in C and RubyEmbedded SystemsWireless Sensor NetworksCNetwork Security

About

I am passionate about the field of data privacy, encrypted data processing, and applied cryptography.

Experience

Netflix

3 roles

Engineering Manager, Cryptography Services

Promoted

Aug 2025 – Present · 7 mos · San Francisco Bay Area

I lead the Cryptography Services team at Netflix, where our mission is to empower teams to innovate securely by making world-class cryptography simple and accessible. I’m fortunate to work alongside an amazing group of experts who design, build, and operate the resilient cryptographic infrastructure that helps protect Netflix’s most critical assets.

CryptographyTeam LeadershipProject Management

Staff Security Software Engineer - Architect

Promoted

Jul 2022 – Oct 2025 · 3 yrs 3 mos · San Francisco Bay Area

In my cross-organizational role, I devise strategic visions and drive mid to long-term initiatives across teams in the following areas:
Crypto Agility: Ensuring our systems are designed to flexibly switch between cryptographic algorithms and parameters.
Public Key Infrastructure (PKI) and TLS: Faciliating secure connections across a diverse range of device platforms and browser population with as much as automation as possible
Service-to-Service Authentication: Developing robust authentication mechanisms that seamlessly integrate into our internal authorization ecosystem.
My team is responsible for building and maintaining critical services in areas such as managing the lifecycle of TLS certificates, provisioning identity for machines, and crypto as a service.

Crypto AgilityPublic Key Infrastructure (PKI)Service-to-Service Authentication

Senior Security Software Engineer

Dec 2018 – Aug 2022 · 3 yrs 8 mos · San Francisco Bay Area

Platform Security team.
Contributing to the following areas at Netflix:
TLS Certificate life cycle management service
Public Key Infrastructure
Secure System Design Partnerships
Encryption as a service
Cryptographic secret management
Authorization as a service
End-to-end identity propagation

TLS Certificate ManagementPublic Key InfrastructureSecure System Design

Eth zürich

2 roles

Postdoctoral Research Scientist

Promoted

May 2018 – Nov 2018 · 6 mos · Zurich, Switzerland

You can learn more about my research areas at https://hosseinsh.com/

Research Assistant

Sep 2013 – Apr 2018 · 4 yrs 7 mos · Zurich, Switzerland

Published Dissertation on "Retaining Data Ownership in the Internet of Things"
Led a team of researchers on cryptographic access control and encrpyted data processing projects and published the results in scientific conferences
Led an industry project on secure communication protocols
Student supervision and mentorship
Selected Projects:
Private Queries over Encrypted Time-Series Data
Developing a prototype of TimeCrypt, an efficient secure data processing system for time series data. Designed an efficient key management scheme to enable flexible and expressive sharing
Trustless Decentralized Authorization for IoT Data Streams
Developing a full stack prototype of Droplet for continuous data streams, such as time series data.
Designed a unified access control with crypto-based data access.
Secure Data Sharing and Processing for the IoT
Developing a full stack prototype of Talos and Pilatus.
Designed a crypto-enforced access control for encrypted data processing systems.
Secure Consumer Electronics in the IoT
Industry project with Samsung, South Korea
Knowledge transfer through workshops at Samsung

Cryptographic Access ControlEncrypted Data ProcessingSecure Communication Protocols

Stanford university

Visiting Research Scientist

Jun 2015 – Aug 2015 · 2 mos · Stanford, California, United States

In Prof. Philip Levis's group, automating the development of secure Internet of Things applications.

Secure IoT ApplicationsAutomation

Sics

Graduate Researcher

Nov 2012 – Jul 2013 · 8 mos · Stockholm, Stockholm County, Sweden

Leveraging Public-key-based Authentication for IoT devices. Implemented DTLS (Datagram transport Layer Security) protocol to provide privacy for UDP communications.

Public-key-based AuthenticationDTLS Protocol