Ross Snider Email and Phone Number

Notable projects:- Built program to identify, prioritize, address and report on Alexa's top organization wide security risks to Senior Vice President level. During my time this resulted in mitigating 4 of Alexa's top risks.- Built the Alexa Red Team, now incorporated into a Red Team that serves the entire Amazon Devices and Services Organization- Created organization structure and prioritization strategy for Alexa's internal security team- Created a flexible internal enterprise-wide Data Loss Prevention system, spanning 22k corporate workstations and >100k cloud accounts. The cloud based system scales against a confidence score, and is used by Alexa to keep a high confidence list of critical data at rest locations across an enormous cloud footprint. The corporate workstation system maintained a P99 CPU and memory footprint of <0.5% and covered all files read/written to disk on MacOS X and Windows.- Created two watermarking systems: (1) embed forensic metadata into audio streams with a guarantee that modified bytes will not bias machine learning model training or inference (2) visual watermark with no human perceived distortion capable of being detected at arbitrary angles from EXTERNAL cameras. The first watermark was deployed by Alexa to protect hundreds of millions of critical audio streams per hour. The second watermark is being evaluated by Alexa to protect all sensitive internal webpages. Additionally invented a vector search based data tracing algorithm, allowing asychronous tracing of files even when they are altered (e.g. cropped, amplified, noised, transcoded).- Found and fixed critical flaws with an internal "secure browser" designed to prevent exfiltrations of critical data being viewed through its rendering system.- Created a "tripwire" security system for cloud applications that triggers when application logs differ from application credential use. Deployed this system for the highest blast radius cloud services in Alexa.

Directed Red Team contributions to the Oracle Cloud security profile. Managed strategic partnership with security operations team, simulation of adversaries for the rapid maturation of technical controls and processes, and cross-organizational coordination.

Co-founded Oracle Cloud's Security Organization and the architecture of Oracle Cloud's infrastructure and operational security. Lead Security Engineer responsible for the planning and design of security pillars of Oracle Cloud Infrastructure. Advised business risk decisions, set organization-wide standards, bootstrapped security teams, designed critical technology.

Simulated Advanced Persistent Threats and advocated “assume breach” engineering culture. Co-founder of the Red Team, which grew to staff simultaneous red team operations. Developed and supported proprietary hacking tools, planned engagements and operated them, reported for Microsoft Executives.

Reverse engineered, reproduced, and fixed security vulnerabilities in Microsoft's Windows Operating System ("Patch Tuesday"). Local expert in reproducing security vulnerabilities in hard disk encryption (Bitlocker), TPM, PKI infrastructure, UEFI and trusted OS boot.

Wrote Windows kernel bootstrapping prologue and epilogue functions that enable pre-boot stack debugging. Developed and implemented a combinatorial approach to scheduling software tests using static analysis and integer programming, now core MS build infrastructure.

One of three devops in charge of continuously running streaming services, web application logic, user facing experience, backend data management for an education, test, and assignment management system for thousands of students and teachers.