Application Security Engineer – Meta (formerly Facebook)

I joined Meta (formerly Facebook) as an Application Security Engineer in early 2019. I was hired onto the Product Security team, a central team that handles the security of all of Facebook’s products.

Upon joining the team, I immediately focused on Pysa, our Open Source Python Static Analysis tool. I built out rules covering known vulnerabilities, ensuring that we could detect and prevent them from ever being introduced into Instagram or other Python codebases. As Pysa has matured and gained adoption, I’ve spent more time focusing on teaching new users and helping people apply it to new use cases.

To support the usage of Pysa in Open Source projects, I expanded our documentation, created a tutorial which I presented at DEF CON 28, and published a Facebook Engineering Blog post. I also applied Pysa to open source projects to catch vulnerabilities such as remote code execution and open redirects (CVE-2019-19775). I’ve spoken about security topics related to Pysa at PyCon 2021 and USENIX Enigma 2022.

Beyond Pysa, I’ve expanded my role to focus on Python security more holistically. I’ve developed in depth training programs, written linters for common anti-patterns, designed libraries to provide safer alternatives to standard library functions, and completed security reviews of upcoming products written in Python.