vsftpd is a securely architected and written FTP server. It powers some of the largest FTP sites on the internet. It is the primary FTP server shipped with RedHat and SuSE Linux. vsftpd pioneered what is now called "privsep" or "privilege separation" technology, which is now considered best practice. For example, the (much more important!) OpenSSH software now uses privsep.

I'll try not to cause too much mischief, I promise. Hit me up for a coffee chat.

Running the usual grind, but with amazing teams and team members to work the magic. We're hiring -- across every single security sub-team and security function you can think of.

On a career break of duration somewhere between "indefinite" and "permanent", depending on where life takes the family. Will likely still undertake occasional pro bono security research. Want to stay in touch with the security community. May be interested in contracts or positions that are unusually intriguing.

Reporting to the CTO, responsible for all digital security at Tesla including the security of products, infrastructure, IT and information. Hired a world class security team. Looked after a bunch of stuff I really enjoyed but can't really talk about. This was a fun year+ :)

I created "Project Zero", generously housed at Google, which is a team of the best attack-oriented security researchers in the world. They publish leading research on their blog: https://googleprojectzero.blogspot.com/, and are responsible for squashing many hundreds of vulnerabilities in some of the most important and widely used software. The team focuses on both Google and non-Google software. Love this team :)

I created, built and hired my way to a large world-class security team, who are recognized as leading the way in modern browser security. Google Chrome is broadly recognized across the industry as being the most secure of the common browsers. Aside from leading and having overall responsibility for the team, I also undertook some significant technical initiatives. This includes "certificate pinning", which is well-known for detecting the DigiNotar compromise. I also launched the Chromium, Google Web, and Pwnium bug bounty programs. Considered highly unusual and progressive when launched, they are now largely considered industry best practice.

Providing leadership to a talented team of security professionals. Finding vulnerabilities in Google's products and services to secure Google against hackers. WE ARE ALWAYS HIRING ALL TYPES OF SECURITY STAFF AND INTERNS! Contact me.

Ethical hacking, application security assessment, penetration testing, vulnerability research, source code auditing, development of fuzzers and other security testing tools, secure architecture recommendations and security education.