Engineer at Facebook
San Francisco, CA
I'm an engineer living in San Francisco Bay Area. I work at Facebook, focusing on authentication, authorization, and use of cryptography. Previously, I worked at Twitter, Cloudflare, and StumbleUpon, focusing on traffic, resiliency, and security. I offer office hours on wide range of information security topics, large scale internet service delivery, and distributed systems resiliency.
Ask me about
Aug 2016 - Present
Authentication, authorization, and use of cryptography. Previously: – Web Foundation: facebook.com availability and resiliency – Traffic Foundation: global scale optimal service delivery
Nov 2012 - Aug 2016
Sr Staff Site Reliability Engineer
Availability, performance, and reliability. Complex Incident Response. Traffic Engineering.
Sep 2012 - Oct 2012
Oct 2009 - Aug 2012
Availability, latency and security. • Infrastructural Components - Near real time MySQL to HBase replication. (Java) - ZooKeeper based service discovery. (Python) - Kafka based messaging system with an HTTP gateway. (Scala) - Content addressable storage for binary large objects on top of HBase used as a CDN origin. (Scala) - K-ordered, multi datacenter capable, distributed ID generator. (Scala) - Time series collectors for kernel, JVM, SNMP, and proprietary APIs of appliances. (C, Python) • Service Delivery - Frontend serving, caching and load balancing. - TLS termination. • Networking - Data center networking. - Move from Layer 2 (VLANs) to Layer 3 (IP) leaf and spine with OSPF in the core. - Diversifying upstream connectivity by becoming multi-homed and establishing MLPEs with BGP at the border. - OpenBSD based packet filtering and direct server return load balancing. • Advisory Engineer - OpenTSDB: An open source, scalable, high performance time series database built on top of HBase and written with Java. - An N+2 system to serve StumbleUpon badges (around 70% of the all HTTP requests StumbleUpon gets) with very low latency and high availability. Written with Scala.
Aug 2005 - Sep 2009
Solution Architect (Integration, Scalability, Security)
• Scalability - Bottleneck analysis and refactoring of Java, .NET, and LAMP stack applications. - RDBMS performance work for MySQL and Oracle via engine tuning, sharding, and query refactoring. - Migration of aging conventional OLAP systems to Hadoop and HBase. - Anycast CDNs • Integration - Peddler of Service Oriented Architecture. SOAP, XML-RPC, and RESTful web services. - Enterprise Service Buses with Oracle Fusion, BEA AquaLogic and Apache ServiceMix. - Message Queue, Business Process Mgmt. and Data Services Platform integrations to ESB. • Security - Security engineer for software product line and customer proprietary information security projects. - Black box and white box vulnerability assessment, penetration testing, and audit automation. - MSSP operations lead for homeland security, law enforcement, and finance sector customers. • Business Continuity and Disaster Recovery Planning & Compliance (2006-2007) - BCP and DRP for government information systems. - ISMS auditor for ISO 27000 and PCI-DSS. • Product Development (2004-2006) - DDoS Mitigation Appliances, Load Balancers with SSL offload. - Kernel development for OpenBSD based network security appliances.
Jul 2003 - Aug 2005
Internet Systems Engineer
• Planning, deployment and administration of large scale Internet services in an ISP environment. - Operations on OpenBSD, Solaris, and Linux based systems. - Veritas and Red Hat Cluster Server based high availability clusters. • Planning, deployment, and administration of customer premises network security devices. - Checkpoint, OpenBSD, and Linux based firewall, VPN, and detection systems. - Design and implementation of OpenBSD and Linux based embedded security appliances. • Web services for ISP infrastructure management and monitoring. - XML-RPC and SOAP services implemented in C and Python. • Integration of open source software to create high performance, scalable Internet services.
Oct 1999 - Jun 2003
Systems and Security Consultant
• Contract agent with Andersen Consulting. • Enterprise risk assessments, penetration tests, incident handling, computer forensics. • Unix migrations. HPC, and high availability clusters.
Aug 1996 - Jun 1999
birNET Information Systems Ltd.
Network and UNIX Systems Administrator
• Day-to-day administration of ISP services on Unix and Windows NT based systems. • Technical support for WAN connectivity with Cisco and Nokia network active devices. • End-user technical support for dial-up customers.
2004 - 2009
M.Sc. Candidate, Software Engineering
2000 - 2003
B. Sc., Computer Engineering
1999 - 2000
B. Sc., Electrical and Electronics Engineering