I’m a software/security engineering manager. I used to live in SFBay, but moved to Toronto in 2020.
These days I specialize in people management/operations. However I’ve worked in a variety in spaces around security, privacy, and more broadly infrastructure engineering.
I am a senior engineering manager, and so have the following experience:
- managing software/security engineers from junior through to staff levels
- coaching and career growth towards subsequent promotions
- creating, evaluating, and updating interview panels and rubrics
- interviewing interns, newgrads, senior engineers, consultants, project managers, engineering managers, and directors (to date I have conducted at least 200+ interviews)
- developing long-term engineering/technical strategy and roadmap
- developing, evaluating, and improving team and organizational processes
- organizing and running sprints, standups, team meetings, hackweeks, operational reviews, OKRs, etc.
- fostering cross-team collaborations across platform, product, and legal teams, etc.
- spreadsheets (primarily google sheets with google apps scripts)
I am fairly flexible on the tech stack, having experience in the following:
- writing highly reliable backend services (Java payments/PKI stack)
- scaling data pipelines (AWS EMR)
- administering Linux servers/systems (Arch primarily)
- machine learning research (custom classifiers in C, managed with python-C extensions)
- writing operating system core software (poked at TSS stack on chromeos)
- writing/modifying Linux drivers (mac80211 to measure channel switching speeds)
- writing infrastructure authn/authz stacks (Flask/Python)
I have random other skills/knowledge that are specifically relevant to security and privacy:
- vendor security assessments (including reading through SOC2 and PCI reports)
- PCI PIN management (key manager overseeing key provisioning + audits)
- some minor exploits (including participating in CTFs)
- administering PKIs (certificate issuance, management, and deployment)
- HSMs (ncipher native and PKCS11, payshield)
- incident response and postmortems
- deep understanding of Data Subject Requests, esp for Right to Be Forgotten, Access Requests, Consent, etc. (for GDPR, CCPA, etc.)
- privacy reviews
- advising privacy lawyers on privacy implementations and data policy
I also love conferences and meetups:
- I have experience organizing 100-150-person LAN party events (including handling sponsors and marketing)
- I have experience recruiting, managing, and supervising 200-300 volunteers at 2200+-participant security cons (BSidesSF)
- I ran a 300-person workshop on how to get involved in CTFs that was well received (Grace Hopper)
- I have given some talks (including Grace Hopper and USENIX Enigma)
- I frequently am in the role of MC/organizer of small events (company-internal meetups)
I still have mild research interests related to privacy and text analysis (NLP). I used to do location privacy and stylometry research (sorry, I wasn’t good enough to get papers published). I also have other civic interests/work, such as helping run federal/provincial elections.
I’m interested in just about anything, but to provide a more concrete list of my interests at any given time, here they are:
- cultivating herbs
- growing a lime tree
- general indoor plant care
- I used to do a lot of drawing, maybe I should get back into it
- I take lots of pictures of my cats
- I occasionally design useful things on my 3D printer
- I like trying new cuisines and restaurants
- I also like cooking and am half-decent at it
- I am always in the search of interesting ingredients to cook with
Yet more computers:
- I have a hobbyist interest in electronics, especially embedded stuff
- I (with my partner) maintain our homelab
- I (with my partner) maintain our home automation
- I play a lot of video games
I may be reached at s at shh dot sh . My GPG Key is 1BE6 766C DC52 439A 5722 DCA2 BDE4 3806 8A2B D353.
You can also interact with me on Twitter.