Decided to go from spending 10% of my time on AI (solving my own problems) to 100%, helping 2000+ engineers get their jobs done via AI. I am accountable for outcomes, not effort. Work includes: AI agents in the CLI, IDE experiences, MCPs for internal services, automating common tasks with workflows. In a few months, we've already changed how the company approaches migrations, thanks to AI (something previously thought impossible).
Solving company wide problems (internal access management, secrets management, service-to-service communication).
Security infrastructure (rolled out authorization to ~100s of internal services, drove TLS1.3 adoption for compliance, improved mTLS support, RPC layer validations to prevent DoS),
Security features in the product (TLS encryption in Spark, storage layer key management),
Application Security (Wrote secure frameworks and static analysis checks, co-drove company wide effort to kill security/privacy incidents, fixing X00s of callsites),
Incident management: DRI for specific secrets management improvements,
Misc security work (design reviews, encryption in transit, fuzzing, taint analysis, dead code cleanup, secrets detection, internal access management).
Side quests: AI agents for large scale migrations, co-lead a company wide better-engineering effort, building static analyses/frameworks/dashboards.
Tech lead for the dynamic analysis team. Defined and drove a multi-year strategy for fuzzing; adopted by multiple teams. Defined and implemented metrics, worked with teams to adopt fuzzing, built and scaled infrastructure, simplified our onboarding experience, and achieved better results. During this time, the team had its best year in terms of usage (teams and engineers across the company) and bugs found. Explored other ways to apply dynamic analysis to security / privacy applications to solve critical problems (e.g. dynamic taint analysis for Hack code).
Tech lead manager, grew the team from 1->7 engineers as we built out a new fuzzing platform to meet growing demand from both security and engineering teams. Primarily focused on the team: supporting people (and their career growth), hiring, resolving conflicts, defining the team charter; spent the rest of my time on technical direction and collaboration across multiple organizations; ensuring we had lots of happy engineers. Lots of side quests, e.g. building a service and code dependency graph for security + reliability use cases. Built the team I always dreamed of working on as an engineer, so I transitioned back.
First engineer on the Dynamic Analysis team; maintaining an internal auditing and alerting system. Primary engineer responsible for Invariant Detector (IVD), which automatically learnt privacy rules and enforced them on every single write to TAO (many millions/s). Lead a small team to make it a product, vastly increasing adoption by security engineers. Worked with Instagram's security team to apply IVD to their codebase; unblocking a company-wide critical migration to secure user data - the team received an IG-wide award for this work.
Delivered real time insights to advertisers, focusing on large scale data migrations, scaling challenges, and disaster recovery.