May 2022 – May 2024 · 2 yrs · San Francisco, CA

• Led product security, privacy and cybersecurity. The company had a compelling 0->1 wearable AI product vision but was let down by a number of factors. We worked with OpenAI, integrating local LLMs into an AI first product before ChatGPT launched. The product was bleeding edge with a Sci-Fi inspired UX, where the display was a monochromatic green projection in the palm of your hand using a bespoke laser. Beyond the obvious bleeding edge UX, several aspects of the security and privacy rivaled that of any other device at the time. We designed voice print and vein pattern device biometrics, leveraging local LLMs. We defined the next generation of user-centric privacy, with built-in local awareness of state and national privacy implications to the user. Private and secure by design was not an empty mantra but a fully supported design philosophy with buy-in from the entire company. Security infused the product: from leveraging ARM TrustZone security in the hardware to the world-class key management and privacy services in the cloud. We utilized the OPAQUE PAKE to protect users' privacy even in locales with laws working against such privacy. We designed a pro- consumer privacy approach, aligned with the implications of GDPR & CCPA before any case law for LLMs existed.

Jan 2012 – Apr 2018 · 6 yrs 3 mos

• Accomplishments
• Responsible for best in class modern security protocol, Message Security Layer (MSL), used by hundreds of millions of people worldwide to stream Netflix.
• Led initial design of the best streaming service in the world.
• Put security into Netflix’ product DNA by making security integral to product design.
• Instituted a market driven security design review and consulting approach manned by industry experts, helping device partners build more secure devices on their terms.
• Architected strategic initiatives with key industry partners to advance hardware and software design for streaming media and security.
• Cultivated content partner relationships to drastically ease technical negotiations for content licensing.
• Abilities
• Holistic cross-functional approach to product and systems design
• Deep understanding of security coupled with breadth of business context allows me to make the best risk / reward judgement calls
• Able to attract and hire the best talent as individual contributors and leaders
• Key Facts
• Helped define the design and security of a video streaming system that is used by hundreds of millions of subscribers worldwide and uses fully a third of peak Internet traffic in the US.
• Built key relationships with studio counterparts and negotiated countless content licensing contracts, valued at billions of dollars.
• Built the product security organization at Netflix, responsible for product (not just security) design, device and content partner security engagements and content security.
• The Unusual Bits
• Specialist in applying the tool of comedy to bring teams together, ease tension and brighten mood.
• Born-again physical fitness nut, recovering from years of cubical induced atrophy.
• Usually the only guy in the room who knows how to edit DNA in addition to code.

Apr 2009 – Feb 2012 · 2 yrs 10 mos

• Responsible for security & architecture of the Netflix streaming service, protocol design, contract negotiations with Hollywood studios, system security design of consumer electronics devices, console streaming application security & design, etc.
• Manage a team of world class engineers working on security and streaming architecture for the Netflix service.

Jul 2007 – Apr 2009 · 1 yr 9 mos

• Device hardware and software security design.
• Security analysis and design.
• Protocol definition.
• Technical partnerships.

Nov 2000 – Jun 2007 · 6 yrs 7 mos

• Worked on VoIP, VoIP security, network transport protocols, SSH, SSL, PKI, Certificate Authorities, X.509, SSL, TLS, VPN, etc.

Feb 2000 – Nov 2000 · 9 mos

• VoIP startup, acquired by Cisco Systems in November 2000.
• Worked on SIP VoIP client software, documented in the book "Practical VoIP Using VOCAL".