whoami

I’m a software/security engineering director. I used to live in SFBay, but moved to Toronto in 2020.

These days I specialize in people management/operations. However I’ve worked in a variety in spaces around security, privacy, and infrastructure engineering.

work stuff

I have the following experience:

  • building and evolving multiple teams (privacy engineering, infrastructure security, product security, security engineering) within an organization
  • coaching and managing managers
  • coaching and managing software/security engineers from junior through to sr staff levels
  • creating, evaluating, and updating interview panels and rubrics
  • interviewing interns, newgrads, senior engineers, consultants, project managers, engineering managers, and directors (to date I have conducted at least 200+ interviews)
  • developing long-term technical and organizational strategy and roadmap
  • developing, evaluating, and improving team and organizational processes
  • organizing and running sprints, standups, team meetings, hackweeks, operational reviews, OKRs, etc.
  • fostering cross-team collaborations across platform, product, and legal teams, etc.
  • spreadsheets (primarily google sheets with google apps scripts)

I am fairly flexible on the tech stack, having experience in the following:

  • writing highly reliable backend services (Java payments/PKI stack)
  • scaling data pipelines (AWS EMR)
  • web/frontend development (very basic HTML/CSS/Javascript, and some React)
  • administering Linux servers/systems (Arch primarily)
  • machine learning research (custom classifiers in C, managed with python-C extensions)
  • writing operating system core software (poked at TSS stack on chromeos)
  • writing/modifying Linux drivers (mac80211 to measure channel switching speeds)
  • writing infrastructure authn/authz stacks (Flask/Python)

I have random other skills/knowledge that are specifically relevant to security and privacy:

  • vendor security assessments (including reading through SOC2 and PCI reports)
  • PCI PIN management (key manager overseeing key provisioning + audits)
  • some minor exploits (including participating in CTFs)
  • administering PKIs (certificate issuance, management, and deployment)
  • HSMs (ncipher native and PKCS11, payshield)
  • incident response and postmortems
  • deep understanding of Data Subject Requests, esp for Right to Be Forgotten, Access Requests, Consent, etc. (for GDPR, CCPA, etc.)
  • privacy reviews
  • advising privacy lawyers on privacy implementations and data/security policy

I also love conferences and meetups:

  • I have experience organizing 100-150-person LAN party events (including handling sponsors and marketing)
  • I have experience recruiting, managing, and supervising 200-300 volunteers at 2200+-participant security cons (BSidesSF)
  • I have experience running conference program operations, and as program chair, running a CFP, etc.
  • I ran a 300-person workshop on how to get involved in CTFs that was well received (Grace Hopper)
  • I have given some talks (including Grace Hopper and USENIX Enigma)
  • I frequently am in the role of MC/organizer of small events (company-internal meetups)

I still have mild research interests related to privacy and text analysis (NLP). I used to do location privacy and stylometry research (sorry, I wasn’t good enough to get papers published). I also have other civic interests/work, such as helping run federal/provincial elections.

You can see my (probably outdated) work history as a resume or (more updated) on LinkedIn.

fun stuff

I’m interested in just about anything, but to provide a more concrete list of my interests at any given time, here they are:

Green stuff:

  • cultivating herbs
  • growing a lime tree
  • general indoor plant care

Maker stuff:

  • I used to do a lot of drawing, maybe I should get back into it
  • I take lots of pictures of my cats
  • I occasionally design useful things on my 3D printer

Food:

  • I like trying new cuisines and restaurants
  • I also like cooking and am half-decent at it
  • I am always in the search of interesting ingredients to cook with

Yet more electronics/tech:

  • I have a hobbyist interest in electronics, especially embedded stuff
  • I (with my partner) maintain our homelab
  • I (with my partner) maintain our home automation
  • I play a lot of video games
  • I’m a licensed US ham radio operator (technician, KM6ADA)
    • I’ve participated in a handful of Field Days with the Post599 group (W7BSA)

contact

I may be reached at s at shh dot sh . My GPG Key is 1BE6 766C DC52 439A 5722 DCA2 BDE4 3806 8A2B D353.

I’m on both Twitter and Mastodon, but since 2020 I’ve curtailed much of my social media activity.