Work
Internet Society
1551 Emancipation Highway #1506
Fredericksburg, VA. 22401
U.S.A
-
Squeezing the Balloon: Why Securing the Open Source Build Process is Only the Beginning
We finally killed the long-lived developer API key, a massive victory for open-source security. But as NDSS 2026 and USENIX Enigma '25 revealed, attackers haven't given up—they've just moved to our build pipelines and flooded our vulnerability data. Here is what we must do next.
security supply-chain infrastructure policy -
Hacking Time: Spoofing Atomic Clocks with Audio Harmonics
I take a look at the history of measuring time—from sand glasses to atomic clocks—and explain the clever physics behind using a smartphone speaker to force a digital wall clock to sync with the Internet's exact time.
timekeeping hardware physics networking infrastructure -
Ghosts in the Silicon: Fixing Memory Safety and Surviving Hardware Decay
At NDSS 2026, Dan Wallach outlined DARPA's ambitious plan to eradicate memory safety bugs using AI. He then talked about what happens after we solve memory safety and then need to secure hardware against physical decay. I take a look at how election security principles are scaling to protect the global Internet. (corrected on 8 May to recognize Dr. Shauna Sweet manages COOP.)
security hardware rust policy darpa -
The Space Debris Climate Paradox: a Cooler Thermosphere is Bad News
Climate change warms the Earth's surface, but it actually cools the upper atmosphere. This paradox is quietly making the space debris problem in Low Earth Orbit much worse.
space physics climate security -
The 2040 Cryptography Wager: Quantum Computers vs. Lattices
I've officially joined a long-term wager on the future of Internet security: will quantum computers break current encryption before mathematicians break new quantum defenses?
cryptography quantum security
Curated Updates
-
update2025 IP3 Internet Protocol Award
I was honored to receive the 2025 IP3 Internet Protocol Award from Public Knowledge, alongside fellow honorees Dr. Alondra Nelson, Sarah Jeong, Alvaro Bedoya, and Rebecca Kelly Slaughter.
-
-
-
-
milestoneDistinguished Technologist, Security Portfolio Lead
Internet Society
Strategic individual contributor at the senior executive level whose work lies at the intersection of computer science, law, and policy. Lead two major strategic portfolios: the Open and Trustworthy Internet program, empowering policymakers and courts with technical expertise to defend Internet openness, and the Online Trust and Safety program, co-creating safety initiatives to protect marginalized and newly connected populations. The broader security portfolio includes managing the Internet Society Amicus Program, driving advocacy at the United Nations, defending end-to-end encryption, and overseeing the Networked and Distributed System Security (NDSS) Symposium. Jointly responsible for leading a diverse, global staff of about 30 subject matter experts, under ISOC's Managing Director.
-
-
milestoneSenior Vice President, Strong Internet
Internet Society
Senior executive responsible for 5 of 8 ISOC projects. The Strong Internet portofolio includes work that seeks to strengthen the Internet, including time security, routing security, open standards, encryption policy, and Internet infrastructure policy. Responsible for a diverse, global staff of ~40 subject matter experts
-
-
-
updateTaking the Pulse of Hacking: A Risk Basis for Security Research
Stan Adams and I released a paper describing qualitative interview research of world-class hackers to "take the pulse" of potential chilling effects they may face (work performed at the Center for Democracy & Technology).