About

Professional background

I’ve spent over two decades in software engineering, the last decade specialized in PKI, inside commercial CA operations where compliance and reliability are non-negotiable.

What this solves for you: You’re not buying slideware from someone who left the trenches a decade ago. I’ve operated production CA infrastructure under real commercial and audit pressure, so my recommendations account for operational reality, not just the spec on paper.

Standards participation

CA/Browser Forum (CABF)

I’ve proposed and endorsed ballots across four working groups and served as Validation Subcommittee Chair for over 4 years.

What this solves for you: When a ballot threatens to break your issuance pipeline or reshape your validation requirements, I can read the change the way its authors intended, tell you what it actually means for your implementation, and help you respond before it’s ratified rather than scramble after. My experience has given me deep, current command of the rules that most often trip up CA operators.

IETF

I’m an author and contributor to published RFCs and active drafts, a Security Directorate (secdir) reviewer, and I have been actively participating in the post-quantum cryptography (PQC) hackathon since the very first one in 2022.

What this solves for you: PQC migration and evolving certificate standards are coming whether you’re ready or not. I’ve authored the specifications and built working tooling against them. I can help you plan migrations against where the standards are heading, not just where they are today.

Other ecosystems

I contributed to the Matter specification by defining the certificate profile and Certificate Policy (CP). Additionally, I served on the tiger team that architected the revocation infrastructure for the Matter ecosystem.

What this solves for you: If you’re building PKI for connected devices or IoT, I’ve already solved revocation at ecosystem scale and helped define the CP your devices must comply with. This shortens your path from design to a spec-conformant, field-deployable system.