I’m a senior software security engineer based in Waterloo, Canada. I work at Carta where I build security features for customers, including identity, access management, and authentication systems. Previously at Sourcegraph, Dropbox, and Yelp.

I believe open-source levels the playing field in security. That’s why I build Code Pathfinder, a static code analysis engine designed for modern security teams. I also created SecureFlow CLI, an AI-powered tool for hunting vulnerabilities at scale.

I write about shipping security at scale, building static analysis infrastructure, and the engineering decisions behind production security systems. I’m also listed on the Google BugBounty Hall of Fame and contribute to responsible disclosure via HackerOne.

Experience

May 2025 - present Carta, Senior Software Engineer
May 2023 - Apr 2025 Sourcegraph, Security Engineer
Jun 2022 - May 2023 Dropbox, Security Software Engineer
Jun 2021 - Jun 2022 Yelp, Software Engineer
May 2017 - Aug 2019 Zoho Corporation, Member of Technical Staff

Education

2019 - 2021 University of Waterloo, MMath, Computer Science. Thesis: Detecting Exploitable Vulnerabilities in Android Applications

Beyond code

Bikes long distances, reads on Kindle, and embraces value investing. Always looking for the next great trail or book recommendation.