• Drove PKI credential hardening program protecting billions of production credentials, increasing IP binding enforcement for nearly all TLS connections and deploying TPM-signed delegated credentials across Meta's fleet. Presented findings at the 34th USENIX Security Symposium.

• Led the migration of 15 Android apps (including WhatsApp, Facebook, Instagram, and Messenger) to Google Play App Signing, resolving a 4-year execution gap and enabling rotation to cryptographically secure signing keys.

• Led a cross-functional security program to harden access controls on Meta's core social graph data store, reducing direct access risk, eliminating unreviewed code access paths, and cutting database read/write grants.

• Drove XFN alignment and developed a Crypto Maturity metric, migrating cryptographic keys to recommended algorithms, tightening open ACLs, rotating keys, and usage of secure wrapper keys.

• Defined specifications for key rotation with change safety, automatic rotation, and key deactivation and deletion, foundational lifecycle capabilities adopted across Meta's key management service serving all cryptographic operations.

• Founded Meta's Crypto Advisory Group, recruiting cryptographers across the organization and completing multiple design reviews of cryptographic implementations, including Messenger's encrypted storage protocol.

• Defined Autograph's long-term vision and drove 0→1 delivery of notarization (artifact provenance verification) and code signing guidelines for a platform handling millions of daily signing operations.

• Secured executive approval for Meta's encryption-at-rest strategy, enabling the team to execute encryption-at-rest efforts across Meta’s warm and cold storage offerings.

• Established OKR framework, planning processes, and roadmaps for Cryptography (5 pods, 30+ engineers).

• Designed features for Intune App Protection Policies and mobile apps (e.g., managing restricted web sites in Edge for iOS and Android, notification restrictions in Outlook for iOS and Android, protecting sync scenarios from Outlook to native apps).

• Designed and led team on the implementation of AAD Shared Device Mode in Outlook for iOS and Android.

• Designed and led v-team on the implementation of mobile security frameworks for App Protection Policies, iOS devices, and Android Enterprise devices.

• Led v-team in the growth of Outlook for iOS and Android adoption with App Protection Policies increasing MAU from 2M to 15M.

• Led v-team in the growth of Edge for iOS and Android adoption with App Protection Policies increasing MAU from .5M to 4M.

• Authored numerous articles on how to properly deploy app protection policies, conditional access, and app configuration policies to protect data within Microsoft mobile apps.

• Authored and presented Intune App Protection Policies technical content at various internal and external conferences.

• Designed Outlook for iOS and Android's implementation of mobile device access policies.

• Developed FastTrack's motion for Outlook for iOS and Android which grew MAU by tens of millions of devices.

• Managed Outlook for iOS and Android's hybrid modern authentication private preview program, which included 20 customers and identified/resolved 26 critical issues.

• Defined and managed the creation of technical content related to Outlook for iOS and Android which were published to docs.microsoft.com.

• Authored and presented Outlook for iOS and Android technical content at various internal and external conferences.

• Developed the Replay Lag Manager feature that provides point-in-time backups, which shipped in Office 365 and Exchange 2013.

• Developed the Metacache database architecture that improves search query performance, which shipped in Office 365 and Exchange 2019.

• Developed capacity planning functional specification for unlimited archives and PST ingestion in Exchange Online.

• Designed Exchange 2016 on-premises architecture for Microsoft’s dogfood environment.

• Developed comprehensive dogfood plan for all Office server wave 15 products.

• Developed functional specification outlining a new workflow that should be used to automate and obtain client activity and message tracking reports for global criminal compliance related requests

• Developed OWA Cross-Site Silent Redirection feature in Exchange 2010.

• Developed calendar and task retention policy support and improving the retention policy experience in Exchange 2010

• Developed and released the Exchange 2010 Pre-Deployment Analyzer.

• Developed the Exchange Preferred Architecture.

• Developed the Exchange Mailbox Requirements Calculator used by all on-premises customers in planning their Exchange deployments.

• Led v-team on the server role architecture changes in Exchange 2013 and communicated changes internally and externally.

• Led v-teams on numerous Exchange escalations, working closely with engineering and providing action plans, communications to customers and executive teams.

• Authored and presented Exchange technical content at various internal and external conferences, receiving high scores.

• Led the Exchange 2007 subject matter expert risks and best practice guidance IP development of the Exchange Risk Assessment Program (ExRAP) program for customer consumption.

• Led the ECoE's effort on reviewing the Exchange 2003 and Exchange 2007 Operations Improvement Framework (OIF) IP, driving the team to review and provide insight to other operational tasks for which OIF should focus.

• Evangelized Microsoft IT and Exchange Product Group best practices both internally and externally (with customers and Microsoft partners).

• Assisted account teams on strategic customer accounts where Exchange issues affected customer satisfaction.

• Assisted account teams on strategic customer accounts in defining and gathering requirements for envisioning and planning phases of Exchange designs.

• Developed in-depth Exchange training content and testing curricula for the Exchange Certified Master program.

• Developed the Exchange 2007 model engine for the System Center Capacity Planner tool.

• Developed the Exchange 2007 Mailbox Role Storage Requirements Calculator.

• Co-developed and released Exchange 2007 Continuous Replication Deep Dive article on TechNet.

• Co-developed the internal workings of AutoDiscover and published the article to TechNet.

• Authored and presented Exchange technical content at various internal and external conferences, receiving high scores.