Jan 2025 – Dec 2025 · 11 mos

• Privacy, censorship, and internet availability research.

Apr 2024 – Present · 2 yrs 1 mo

Jul 2023 – Jan 2024 · 6 mos

Aug 2019 – Jul 2023 · 3 yrs 11 mos

• I founded and lead Cloudflare Research, a group within Cloudflare focused on helping build a better Internet through R&D efforts in the following areas:
• Security and privacy-enhancing technologies
• Cryptography
• Internet measurement
• Low-level networking and operating systems
• Emerging networking paradigms

Dec 2015 – Aug 2019 · 3 yrs 8 mos

• Reporting directly to the CTO, I am responsible for all aspects of Cloudflare that relate to cryptography or cryptographic protocols. I lead a full-lifecycle R&D team that develops novel cryptographic technologies (security protocols, algorithms, etc.) from idea to fully commercialized product.

Jul 2013 – Dec 2015 · 2 yrs 5 mos

• At Cloudflare I wear many hats. I was hired as the first security-focused engineer when the company was under fifty employees. As the company grew, I recruited a world-class team of developers and security researchers. Until December 2015, I ran the Security Engineering team. This included leading software development, managing security product priorities, recruiting talent, and providing architectural guidance.
• Security Engineering
• Designed and built a novel key management system for protecting customer TLS keys and internal services.
• Spearheaded a campaign to build trusted computing elements into Cloudflare’s bare metal CDN platform.
• Designed, coded and open sourced projects including Red October and CFSSL. Became one of the authors of the Go programming language during this work.
• Contributed to the design of Keyless SSL, allowing CloudFlare to provide HTTPS content delivery without having possession of the private key.
• Implemented DNSSEC live signing prototype for an internally developed DNS server in Go.
• Designed a secret management scheme for Docker containers managed by Mesos.
• Leadership
• Presented at RSA, Infiltrate, Summercon, O'Reilly OSCON, Real World Cryptography, Virus Bulletin, NANOG, DEF CON C&P Village, botconf, CCC, ACSAC, NCC Open Forum, IEEE Trustcom, USENIX Enigma, GothamGo and more.
• Created the Heartbleed Challenge in response to the Heartbleed vulnerability, resulting in a better understanding of the vulnerability and fostering community discussion.
• Created Cloudflare's developer application security training program.
• Represented Cloudflare in the media, making on-camera appearances on CNBC, CNN, ABC, and in-print for The Wall Street Journal, The New York Times, Forbes, Bloomberg, Wired, Le Monde and many more.
• Awarded “Most innovative employee” award in 2014.
• Prolific technical writer for the respected Cloudflare blog.

Nov 2022 – Present · 3 yrs 6 mos

• Bringing searchable encryption to the masses.
• Advisor: November 2022 - October 2023
• Head of Research (part-time): October 2023 - March 2026
• Advisor: March 2026 - onward

Mar 2020 – Present · 6 yrs 2 mos

• I’m a strategic and technical advisor and a private market investor focused primarily on innovative early-stage companies, including: Open Policy, Quadratic, Identity Solutions, Ozeki, Germ DM, BringYour, Roadmap.net, Formal, Nadrama, Crowdalert, Tinfoil, Neurophos, Corridor Security, RunReveal, Silence Laboratories, Qpoint, and more.
• Exits: Runebook (acquired by Keycard), Limitless (acquired by Meta), InfoSec Global (acquired by Keyfactor), Groq (acquired by Nvidia)

May 2019 – Present · 7 yrs

• The Crypto Forum Research Group (CFRG) is a general forum for discussing and reviewing uses of cryptographic mechanisms, both for network security in general and for the IETF in particular.

Jan 2019 – Present · 7 yrs 4 mos · New York City Metropolitan Area

• Boutique consultancy and advisory services focused on early-stage security products, cryptography engineering, post-quantum cryptography, and protocol design/evaluation.

Jul 2007 – Jul 2013 · 6 yrs

• I led the development of key aspects of Apple's Digital Rights Management (DRM) technology. I worked cross-functionally across every level of the organization to ensure the security of Apple's multi-billion dollar media and app businesses.
• Core Development and Design
• I built the core DRM technology behind such features as iTunes Movie Rentals and Purchases, iBooks (iOS and OS X), App Store Receipts and iTunes Radio. This involved everything from designing custom cryptographic protocols, coordinating the build and release process on multiple platforms, integrating software over a dozen teams across the company. I also wrote and maintained both client and server code for these projects (mostly in C). This included low-level optimization of extremely high-traffic Internet services (over a trillion transactions per day) resulting in improvements of over 90% in bandwidth usage and performance.
• Fraud and Abuse
• Part of my responsibilities included developing software solutions to help prevent iTunes account fraud. In this capacity, I helped design and build a secure account creation flow in the iTunes application using JavaScript bindings to custom-built authentication primitives.
• Intellectual Property
• Co-authored over a dozen patents on cryptography, rights enforcement, authentication, compiler optimization and software integrity.

Dec 2006 – Jul 2007 · 7 mos

• I worked in Symantec's Security Intelligence group as a security analyst and researcher, taking huge amounts of raw data and extracting meaningful insights.
• I co-authored the Internet Security Threat Report (ISTR), Volumes XI and XII, the regionally focused EMEA and APJ ISTR Volume XII, and the Government ISTR Volume XII. Topics covered include trends in malicious code, spam, phishing, geographical distribution of malicious behavior and political/legal trends in computer security.
• My research was published on the Symantec Security Response Weblog and regularly quoted by international news organizations.

May 2004 – Dec 2006 · 2 yrs 7 mos

• My research focused on Algebraic Cryptography, Number Theory, Elliptic, Hyperelliptic, and Superelliptic curves. I worked on various projects including developing a superelliptic curve toolkit in C++ using GMP and on contract with a local startup performing a comparative performance analysis of various cryptographic key exchange mechanisms.