I’m excited to announce that I’ve joined Dropbox as their new Head of Security. Truth be told, I’ve been here a little while and I’ve been enjoying on-boarding too much to make the announcement. If you were wondering why my blog has been quiet for a while, now you know why!
I exited a fun period of semi-retirement to take up this challenge. What attracted me to Dropbox enough to make the switch? Many things but briefly:
- Scale and sensitivity of the data. Half a billion users storing sensitive files is a worthy stash to protect.
- The excellent caliber and decent size of the existing security team. Working with strong leaders and team members is a big draw.
- Perhaps above all else, the warmth of the people and the culture. This is the friendliest, most collaborative company I’ve worked at. I fully expect to become less of a jerk by imbibing the vibe! :)
The assertion about the warmth of the people and culture deserves some supporting evidence. This is a little story from before I joined. As you may recall, I was researching server-side usage of ImageMagick and one of my discoveries affected Dropbox in a fairly minor way. The response was spectacular -- and warm, and competent. Of course, the foundations you expect from a solid security program were present: a public bug bounty program with a fast response time. Beyond that, upon submission of what was considered an interesting bug, I was…. invited up to Dropbox HQ for chai(!), a snack, and a chat with Dev (@frgx) plus the author of the sandboxing for this area. What a great experience.
It would be remiss of me to not mention that Dropbox is hiring for all types of security roles. The team is already a decent size, but we are growing. This job req is what you are looking for.
On a social note, this move means that I’m now up in SF city a lot of the time. Hit me up if you want to grab a drink and talk about security.