For the past 2 years I've been working for the US Government at the United States Digital Service. It's been a privilege, and I'm incredibly proud of the things we've accomplished. Alas, all good things come to an end, and I'm now looking for my next job.
I'm a software engineer, and I've worked on many different things. In my career I've worked on just-in-time compilers for dynamic languages, large scale web applications, and cryptography, to name a few. The thing I would like to do next is help make the largest positive impact I can on information security for as many people as possible.
If you've got a position where that's possible, and my skills sound relevant, shoot me an email at email@example.com.
- I've been involved in open source in nearly every possible capacity. I've built a high performance Ruby VM and open sourced it (Topaz), helped to create and grow a cryptography library (pyca/cryptography), contributed substantial features and refactorings to a web framework (Django core developer), co-chaired a conference program committee (PyCon), and been a member of the Board of Directors for the Python Software Foundation.
- Advocated for and implemented improvements to the Python HTTPS/TLS stack, notably backporting significant improvements from Python 3 to Python 2 and enabling certificate validation by default.
- I'm comfortable with high stress/high ambiguity work. I've worked on projects while they were on the front page of newspapers and being investigated (e.g. the Office of Personnel Management post-compromise).
- Willing to work in, or learn, any technical stack necessary to get the job done (see the aforementioned Classic ASP).
- Participated in on-call rotation for production web applications.
- Led remediation of scores upon scores of vulnerabilities in decade old code.
- Debugged strange network protocols and found bugs in glibc.
- Interviewed O(100) engineering candidates.
In short, I've participated in just about every stage of the software development process, in a variety of different environments.
A copy of my resume is available.
Note: No single one of these is a deal breaker, but it goes without saying that the more of these that describe you the better.
- You care about security, about protecting your users.
- You're working at large scale, in some way. Maybe it's a lot of users, maybe the data is particularly sensitive, maybe you have visibility into and are contributing to many different clients.
- You recognize that security teams only get so many "because I said so"s and you prioritize UX and practices which work in the real world.
- You care about building a diverse and inclusive workplace, and you put that caring into action.
- You're committed to being really good at what you do.
- You have an office in Washington, D.C., or support remote work. I'm willing to move for the right position, but being in D.C. is a big plus.