👋 Hey there- I'm Derek!

Engineering leader & technology attorney

I lead Security Engineering at Plaid, and am a licensed attorney and patent agent in California. I am passionate about complex problems at the intersection of law and technology. Let's connect!

LinkedIn GitHub Stack Overflow

Engineering Experience

Plaid

Head of Security Engineering

Report to the CISO. Responsible for driving company-wide security strategy, strengthening risk posture, and aligning security programs with business goals.
Lead a cross-functional team delivering identity, network, and platform security capabilities at scale.

Security Compliance Risk Strategy Zero Trust

Plaid

Tech Lead, Service & Network Foundation

Oversaw foundational infrastructure and service framework strategy.
Developed ergonomic interfaces and common abstractions, enabling product engineers to build services efficiently and reliably.
Partnered across engineering to improve resilience, efficiency, and security.

Kubernetes Service Mesh Incident Management

Lacework

Senior Staff Site Reliability Engineer

Led initiatives to build novel, scalable data infrastructure.
Iterated on Lacework's service infrastructure to meet urgent product needs.

Cloud Infrastructure Security Operations

Publications

IETF | Phishing-Resistant Phone Number Attestation for MFA

IETF Internet-Draft | November 3, 2025

An IETF Internet-Draft proposing a phishing-resistant phone number attestation mechanism for multi-factor authentication. Using origin-bound cryptographic challenges similar to WebAuthn, this protocol ensures users only attest phone number ownership to legitimate applications, mitigating SMS-based phishing attacks.

Read Draft

SEV0 SF 2025 | SEV me the trouble: Pre-incidents at Plaid

SEV0 Conference talk | September 23, 2025

In my 2025 SEV0 talk, I describe how Plaid implemented a pre-incident framework to de-risk major changes, both by catching mistakes early, and increasing responder effectiveness when incidents do happen.

Watch Talk

SEV0 SF 2024 | Stop, Drop, and SEV4: Why small incidents are a big deal

SEV0 Conference Talk | September 24, 2024

In my 2024 SEV0 talk, I explain my philosophy on making small incidents a big deal; this decreases inhibitions to report anomalous symptoms, creates better investigation processes, and helps spot larger patterns before they become larger incidents.

Watch Talk

Amazon Web Services | Deploying Batch Workloads on EKS with Spark

Amazon Web Services | October 25, 2023

I was able to leverage EKS to deploy Spark applications at scale to support Lacework's security analysis workloads. My collaboration with the EKS team resulted in a significant cost savings and reliability improvement for Lacework's batch architecture.

SSRN | Canada’s Proposed Artificial Intelligence and Data Act (AIDA): A Critical Review

SSRN | July 24, 2023

An analysis of Canada's proposed AI Act from the perspective of an AI engineer. Ranked in SSRN's Top-10 lists for Innovation & Regulatory Law & Policy and Innovation & Cyberlaw & Policy articles.

Investing and Consulting

I like to work with, invest in, and advise companies that are building the next generation of infrastructure, AI technology, and compliance systems. My focus is on teams shaping how software is built, secured, and governed — not just today, but in the years ahead:

Technological Glue
Integrating technologies easier to enable faster development.
CURRENT INVESTMENTS

Agentic Labs Ternary ...

AI Hardware
Technologies to increase the speed, decrease the cost, and reduce the environmental footprint of AI.
CURRENT INVESTMENTS

Lightmatter Neurophos Xona Space Systems ...

Compliance Tech
Technologies at the intersection of technology and the law: privacy, security, AI policy, and compliance.
CURRENT INVESTMENTS

Greenboard PointOne ...

Let's work together!

If you're interested in collaborating or just want to connect, feel free to reach out.