I am a Senior Staff Privacy Engineer at Google.

Previously: I was the Director of Privacy and Data Security at Cruise in San Francisco; I filled a number of Privacy Engineering roles at Apple in Cupertino; and I solved computer crimes at Stroz Friedberg in New York and Chicago.

My full CV is available on request if you are so inclined.

Below are some career highlights.

Google

2021 - Present

Google organizes the world’s information and makes it accessible from Mountain View, CA.

I work with product, policy, legal, and infrastructure teams across the company to protect user data and defend user privacy.

This includes: developing and enforcing policy governing Google employees' use of Generative AI; operating and improving two privacy controls under Google’s FTC consent decree; and providing guidance and building tooling to ensure Google’s first party apps were consistent in their privacy disclosures on Play Safety Labels.

Cruise

2019 – 2021

Cruise is a self-driving car company in San Francisco, CA.

As Director of Privacy and Data Security, I established and led Cruise’s cross-functional privacy program, and was responsible for our incident detection and response efforts.

In privacy matters, my team merged engineering, compliance, and legal to give holistic privacy advice to the business and its engineering teams. On the product side, I led efforts to protect the privacy of our passengers, delivery recipients, and the public.

Across the company, my team was responsible for detecting anomalous accesses to Cruise’s data and responding in time to mitigate the risk of and contain data spills, leaks, and breaches.

Apple Inc.

2013 – 2019

Apple designs bicycles of the mind in Cupertino, CA.

At Apple, I led and grew multiple engineering teams within its User Privacy group to ensure the privacy of users. My work included being the lead Privacy Engineer on efforts to randomize Wi-Fi MAC addresses so your phone couldn’t be used to track you as you walked down the street and on efforts to have Safari provide Intelligent Tracking Prevention so your web browser couldn’t be used to track you online.

My team and I worked on a number of cross-functional features to preserve and enhance user privacy and we filed patents privacy preserving technology in a number of fields including: anonymous attribution of ads, protecting device identity during Wi-Fi Calling, and privacy preserving reading recommendations.

I also represented Apple in a host of domestic and international standards organizations including W3C (web standards), 3GPP (cellular standards), SC27 (ISO security standards) , and PC 317 (ISO privacy by design standard). In this work I served as co-editor for the W3C’s Security and Privacy questionnaire and as an editor on Private Click Measurement.

Stroz Friedberg

2007–2013

Stroz Friedberg was a digital risk management consultancy headquartered in New York City that was acquired by Aon plc.

I conducted a broad range of digital forensic and incident response analyses to prove spoliation of evidence, theft of intellectual property, forgery of documents, unauthorized system access, and data breach by various parties, from malicious employees to state actors.

This included analyzing media in Ceglia v. Zuckerberg to identify evidence of backdating, spoliation, and document forgery on digital media belonging to plaintiff in lawsuit over ownership of Facebook.

I also audited the source code of gstumbler, Google’s Wi-Fi router mapping software and interfaced directly with domestic and multiple international regulators to address concerns and questions regarding the software, including the privacy impact of gstumbler and the data collected by it.

At DEFCON 20, I co-presented tooling developed to help identify data exfiltrated as part of SQL injection attacks.

I studied the intersection of politics and technology and graduated with an Honors B.A. in Political Science and a Minor in Computer Science.