Staff Software Engineer -- Tech Lead and Manager for Google Trust Services' Software team.

Professional Background

In 2009, as an undergraduate student, I discovered that I could read anyone's email on campus, and it absolutely terrified me. The problem was that websites were not securing their communications with HTTPS, so it was easy to perform session hijacking by sniffing users' unencrypted session cookies over Wi-Fi. The problem motivated me to change my career trajectory and pursue a doctorate in computer science and engineering at the University of Michigan focusing on security. At Michigan, I was privileged to work with J. Alex Halderman as my advisor and several exceptional colleagues where my primary research narrowed on TLS and the CA ecosystem. The problem that really stuck out to me though was roughly the same issue that drove me to graduate school: general HTTPS adoption. Alex required that every member of his group set up HTTPS on their own website before he would link to it from his, and I learned just how complex, time-consuming, and ultimately, how expensive it was, even when you understood all of the underlying concepts. That pain stuck with me. The whole process of deploying HTTPS needed to be much easier and cheaper. To this end, I co-authored the ACME protocol (RFC 8555) to automate the issuance of certificates and was a founding team member of Let's Encrypt, a certificate authority which issues publicly-trusted certificates for free.

After graduation, I joined Google where I was tasked with automating their own certificate issuance flows at Google Trust Services (GTS). We created an ACME-based CA for internal use and then opened up the CA to the public for free as well. I have transitioned from a software engineering team member, to a tech lead, and finally to a tech lead manager of GTS' software team. In June 2022, I additionally accepted a role on GTS' Policy Authority and took a larger role in our compliance program.

The web PKI has grown tremendously over the years. When I began measuring the problem, less than 12% of the Alexa Top 1 million supported HTTPS, and as of May 2024, 99% of pages loaded via Chrome on ChromeOS are via HTTPS. HTTPS has become the default protocol on the web. The problem of adoption has been largely solved.

Professional Interests

I am interested in security and PKI in general. I enjoy finding novel solutions in highly regulated industries, and I am motivated to enable safe communications and commerce.