Hey, I'm Ryan

I’m a senior software engineer on Slack's Product Security Foundations team. I like weird music, modern board games, podcasts, and oxford commas. In other news, I live in Brooklyn.

Recent posts

Around the web

  • Catching Compromised Cookies

    We developed a system to detect compromised session cookies, protecting user data from unauthorized access. The approach uses a last access timestamp mechanism to identify cookie theft and employs sophisticated techniques to reduce false positives while maintaining performance at Slack's scale.

    Post published on: Slack Engineering Blog
  • Canary in the Datamines: Using Log Canary to find PII

    Why does sensitive data always seem to end up places it shouldn't? We won't answer that, but we will tell you how we combat the problem. Log Canary probes our product for places where PII might leak into logs, so that we can resolve the issue before real data is written. Join us as we explain the concept and lessons learned in development and deployment.

    Talk given at: LocoMocoSec 2020
  • 10,000 Dependencies Under the Sea

    Come on our journey of creating scalable tooling and processes to automatically identify vulnerabilities in third-party libraries and handle the question of “ok we found this, who’s going to fix it?”

    Talk given at: DEF CON 28: AppSec Village