
Staff Software Engineer focused on Identity and Access Management for large-scale infrastructure, backend services, and products. Experienced across the IAM stack, including authentication users and employees, services, and agents; identity management for human and non-human identities; and authorization systems serving 40B+ checks/sec.
Currently, the AI Agent Identity & Access Management tech lead within Meta's Central Security organization. Focused on building the authentication, authorization, and identity mananagement primitives which make agentic systems safe to operate in production.
- Defined and led Meta’s 2025 IAM strategy for AI agents, establishing the company-wide access model adopted by internal and third-party agents across Meta’s infrastructure.
- Architected Meta’s identity attributes primitive for agent authentication, allowing backend services to distinguish direct human actions from agent-mediated actions using the same human identity; adopted across Meta’s infrastructure for audibility, access control, and agent-specific policy enforcement.
- Removed memory bottlenecks in Meta’s Authorization backend (handling 40B+ QPS) which capped the system at ~2.5M unique access-control policies. Eliminating OOMs as a recurring problem, enabling continued policy growth, and reducing memory utilization by ~45%.
- Built Meta’s Identity Management Service, the authoritative registry for internal human and non-human identities and identity attributes, consolidating 15+ fragmented datastores and powering 1M+ roles and dynamic access policies across Meta’s infrastructure.
- Delivered new Mandatory Access Control product, enabling central security governance teams to enforce population-based guardrails over sensitive permissions.
- Served as long-term technical owner for CATs, Meta’s core authentication token. Used to authenticate services, workloads, agents, external users, and employees. Drove its adoption and scaled the system to 3B+ token creation and verification events/sec and 99.999% availability.
- Backend service done in C++. Client-side library support in C++, Hack, Python, and Java.
- Implemented ElectrumX client node in C#, allowing the trading application to consume cryptographically verifiable information from Bitcoin, Litecoin or Ethereum without having to download ~150GB worth of on-chain transaction information.
- Developed a prototype of a cryptographic scheme to enable anonymous on-chain transactions in C++ using the Libsnark and Sodium cryptographic libraries.