Nov 2020 – Mar 2026 · 5 yrs 4 mos · Сан-Хосе, CA

• Defined the vision and owned the execution of the security engineering strategy for all of TikTok's global platforms (Short Video, LIVE, Local Services, Lemon8), protecting over 1+ billion users across 150+ countries.
• Scaled a world-class, multidisciplinary, global security organization from 3 to 40 people across Product Security, Red Team, Infrastructure Security, Detection & Response, and Governance.
• Drove a secure-by-design culture shift across a X,000-person R&D organization by embedding automated security controls and tooling into the SDLC, improving developer velocity and enabling teams to build safer products faster.
• Revamped Bug Bounty program, resulting in 2x growth of valid reports. Streamlined incident response and optimized third party risk management to reduce losses for the business.
• As Security BP, improved ByteDance's security and privacy posture with regulators and external partners, addressing government concerns and enabling business deals.
• Co-authored the A2AS standard, proposing a framework for protecting agentic AI systems.

Nov 2015 – Nov 2020 · 5 yrs · Mountain View, California

• Led OSS-Fuzz adoption and external outreach, reporting 20,000 bugs in 350+ popular open source projects, including OpenSSL, TensorFlow, ffmpeg, and others.
• Built Chrome's first ever code coverage pipeline–previously deemed impossible due to the codebase complexity. Gained leadership buy-in and made complex changes across multiple codebases, including 20x optimizations in LLVM and architectural changes in Chrome. Post-launch, successfully transitioned the project to a newly funded 3-person team.
• Optimized the Chrome security review process after surveying 50+ SWE and PM colleagues. Established and enforced SLAs for reviews and expanded the pool of reviewers from 5 to 18.
• Drove fuzzing adoption in Chrome (scaled to 600 fuzzers and discovered 4,000 bugs). Mobilized 500+ SWEs across Android, Core and Cloud to write fuzzers, identify and fix security flaws.
• Collaborated with Google Project Zero on Variant Analysis for Chrome browser and research projects (e.g. the UXSS paper).
• Core developer of ClusterFuzz, a distributed fuzzing system running on 30,000 CPUs, and FuzzedDataProvider (part of Clang), a widely used interface for deterministic multi-input fuzzing.

Mar 2015 – May 2017 · 2 yrs 2 mos

• Vulnerability Research, invite-only Bug Bounty programs

Dec 2014 – Nov 2015 · 11 mos

• Identified security vulnerabilities and risks in products and networks for banks and an international media company, reporting findings to CTO-/CIO-level clients.
• Developed a secure Wi-Fi router prototype for smart homes: AVULNATOR (demo: https://vimeo.com/132646597).
• Launched a fully automated and scalable paid VPN service with 100+ monthly active users.
• Research blog: https://blog.avuln.com/
• The company is not active at the moment.

Aug 2014 – Feb 2015 · 6 mos

• QA automation
• Optimization of testing infrastructure
• Staff recruiting & training

Jun 2012 – Aug 2014 · 2 yrs 2 mos

• Multi-platform middleware for usb-tokens and smart cards
• Mobile applications and libraries (iOS, Android)
• Continuous integration tuning

Jun 2011 – Jun 2012 · 1 yr

• Development of video coding and image processing algorithms:
• H.265 (HEVC) implementation
• Performance optimization of existing video encoders
• Color space converter development

Jan 2010 – Jan 2012 · 2 yrs

• Member of Microsoft Student Partner program
• Learning Microsoft products and evangelism among students
• Imagine Cup participation
• Events organization