Hello! I’m a software engineer and manager working on the Google Chrome web browser. I lead Chrome’s Secure Web and Network team, responsible for web platform and transport security. Some current areas of focus for my team include the Chrome Root Program and certificate verification, Chrome’s underlying TLS and cryptography library (BoringSSL), post-quantum cryptography, mitigating cross-site leaks, and expanding the cryptographic capabilities of web applications. I also lead a cross-functional virtual team of usable security experts who provide consulting and security reviews across Chrome. Throughout my time working on Chrome, I have promoted adoption and secure configuration of HTTPS, built new detection heuristics and warnings for spoofy domains, improved security UX more broadly, and participated in or led various field research and measurement projects.
I received my bachelor’s degree from Stanford University and master’s degree from MIT (both in computer science). As a student, most of my research centered on deploying client-side cryptography in web applications. I still stay involved in the academic research community by publishing papers about my work on Chrome and serving on program committees.
Other places on the web you can find me:
- Chromium commits
- GitHub (mostly used for web standards work these days)
- Mastodon
- Stack Overflow
You can read popular press about my work here, here, and here.
Outside of work, I live with my spouse and two sons in the San Francisco Bay Area. I enjoy baking, reading, yoga, and hiking in my free time.