π Qualifications
- Over a decade of software project management experience.
- Formerly head of engineering for largest paid VPN provider in the world ($4MM monthly revenue, 1+ million active users).
- Passionate about diving deep into systems and understanding top-to-bottom complexity.
- Rapid application prototyping experience across mobile, desktop, and backend API platforms.
- Systems architecture and implementation experience.
π» Work Experience
-
March 2010 – Present
Pilvy LLC
San Francisco, CAFounderManaging a software consulting agency, leading product development, engineering, and managing third-party contractors. Currently specializing in DevOps, IaC, and cybersecurity, but have worked on a diverse set of projects, including:
- ExecAPI - A distributed WebAssembly edge functions and workers platform. Built with Elixir/Erlang, Rust, Wasmtime.
- KVdb - A NoSQL key-value database as a service and serverless developer platform for prototyping, metrics collection, web crawling, analytics applications, and more.
- Business VPN - A cybersecurity solution and VPN service for SMBs based on our VPN Client/Server Toolkit product. Acquired by London Trust Media (makers of Private Internet Access VPN service) in 2018.
- Pilvy VPN Server - A modern VPN server solution with extensive customizability and plugin support. Offered as an on-premise license or a hosted service.
- PIA VPN for iOS - Client app for Private Internet Access VPN service. Uses generated iOS configuration profiles to deliver an easy-to-use VPN experience, instead of having users manually configure PPTP or L2TP/IPsec settings.
- IVPN Client for Mac & Windows - Developed a custom OpenVPN client for IVPN that includes critical privacy and security features like insecure WiFi detection, DNS leak prevention, and firewall blocking.
- VMware End User Computing Demo Portal - A turnkey Desktop as a Service (DaaS) that lets VMware's sales teams easily demonstrate the Horizon product suite to high-value customers.
- CloudPlay - A Mac app that lets people quickly find and play music from a variety of sources.
-
May 2023 – August 2024
Laguna Games, Inc.
San Francisco, CAPrincipal Security ArchitectBuilding backend infrastructure for Laguna Games, makers of Crypto Unicorns, a web3 farming game with its own token economy and NFTs.
- Implemented AWS Well-Architected Framework security best practices, including use of CloudTrail, Security Hub, GuardDuty, Systems Manager Session Manager (SSM), VPC flow logs, etc. to ensure audited and controlled access to production services with minimal to no use of IAM access keys or SSH keys.
- Built and managed DevOps workflows using GitHub Actions, Infrastructure as Code (IaC) using Terraform across a variety of AWS services, regions, and accounts, using the latest security best practices like OpenID Connect (OIDC).
- Deployed and managed Kubernetes (EKS) clusters for blockchain nodes and optimized EBS volumes for random high-throughput I/O workloads.
- Instrumented critical node.js services used for web3 blockchain transaction signing with OpenTelemetry distributed spans, metrics, logs, and traces.
- Developed in-house Slack bot for DevOps visibility into various AWS systems.
-
December 2019 – December 2023
SISU Ltd. / μμ(μ )
Seoul, KoreaCEODesigning and developing endpoint protection, password and identity management, and VPN solutions for customers around the world.
- LoginWith - Authentication as a Service that lets websites add login with crypto web3 wallets using the LoginWith SDK. Supports Ethereum and Solana in the same API.
-
August 2021 – February 2022
WithUno Inc.
San Francisco, CASoftware EngineerUno is an identity manager that is a new take on password management and making authentication across the web easier and faster.
- Developed the original prototype of the Uno iOS app in 2020 using React Native.
- Created generic web automation engine that executes JSON "scripts" on web pages and single-page apps to support Uno's one-click sign-in experience. Like Puppeteer but with scripts written in JSON and running on mobile webviews and in-page browser extension content scripts. Interesting challenges in state persistence, HTML element detection using CSS selectors, XPath, etc.
- Implemented browser extension UI and components.
-
August 2020 – March 2021
Letter Technology, Inc. (YC S20)
San Diego, CAPrincipal Software EngineerLetter is a new private bank and wealth management platform recently launched in the U.S.
Design and development of core functionality in Letter's Event Sourcing microservices architecture prior to public launch, including:
- Led development of internal admin tool that integrates Twilio Flex to provide a simple interface for customer support agents to access relevant information about customer accounts. Implemented security controls to require agents to request access to view customers' data by integrating push notifications in the mobile app.
- Implemented secure storage of secrets and third-party tokens as a microservice backed by HashiCorp Vault.
- Implemented notifications microservice, which consumes events from across the system, and sends out emails, SMS, and push notifications, depending on each user's notification settings. Corresponding functionality also implemented in the React Native-based mobile app.
- Researched and prototyped debit card activation strategies in the mobile app, like embedding custom NDEF data in NFC tag at time of card manufacture/personalization.
- Implemented workflow engine to allow use of business process modeling tools to more easily develop future products and services.
-
July 2018 – September 2019
London Trust Media, Inc.
Denver, COHead of Private Business NetworkProduct owner and technical team lead for a next-gen cybersecurity web filtering and endpoint protection product. Developed custom VPN client/server framework, IP packet filtering plugin architecture, DNS packet inspection and rewriting technology, and Single Sign-On (SSO). Designed end-to-end least-privilege event auditing framework with customer-controlled encryption keys.
-
April 2015 – February 2016
London Trust Media, Inc.
Los Angeles, CAChief Technology OfficerAs CTO, created and managed technology strategy for Private Internet Access, the leading paid VPN service provider in the world, as well as other initiatives in the company.
- Managed remote developer team across 3 times zones with minimal process.
- Reduced customer support costs and workload by improving diagnostics reporting and building internal tools.
- Handled technical recruitment, sourcing, interviewing candidates, negotiating offers, and onboarding.
- Triaged and evaluated security vulnerabilities from researchers as part of PIA's Whitehat Alert Security Program.
- Managed technical relationships with vendors, service providers, and B2B partners.
- Prototyped new product ideas to help executives plan future roadmap.
- Performed technical due diligence on potential startup investments and other M&A activity.
π₯ Awards & Acknowledgements
-
7 January, 2014
Apparatus, system, and method for SOAP access to data source procedures
U.S. Patent - US 8,627,345An invention that dynamically exposes user-defined database functions (stored procedures) through a web service (e.g., REST API) without requiring the schema of the underlying data to be defined beforehand. Although the initial implementation used the XML-based Simple Object Access Protocol (SOAP) as was popular in the late 2000s, the invention is applicable to any network transport protocol.
π Education
2003 – 2007
University of California, Santa Cruz
B.S. Computer EngineeringPresented senior design project paper βUniversal Real-Time Navigational Assistance (URNA): An Urban Bluetooth Beacon for the Blindβ at HealthNet 2007 workshop at ACM MobiSys 2007.