# Lucas Garron

> Web security and full stack engineer by day | Mathematician, speedcuber, and dancer by night

Location: San Francisco Bay Area, United States
Profile: https://flows.cv/lucasgarron

I want the open web to win.
I grew up as a mathematician, and I'm currently focusing my career on web security.

- Expertise: cross-platform web apps, web security, HTML+CSS, JavaScript/TypeScript, Rust, git,
code repository organization, shell coding, sysadmin, web standards
- Extensive experience: Go, Java, Python, C, C++, PHP, Mathematica, 3D modeling, UX/accessibility
- Excited about working on:
  - Websites that are rock-solid without relying on JS.
  - PWAs written in modern TypeScript (when JS is truly necessary).
  - Backend and systems code written in Rust.

I'm very good at keeping codebases maintainable, especially at creating prototypes that can scale to full apps.

I am professionally skeptical of a few technologies, particularly React and almost all current applications of LLMs. I believe there are responsible ways to develop and use these, but the my bar for this responsibility is higher than almost any company meets. I do not build *whatever*: https://eev.ee/blog/2025/07/03/the-rise-of-whatever/
If you contact me with opportunities about AI, I will not be interested unless the technology and licensing is guaranteed to empower people in the long-term even if the AI bubble bursts. Hopefully that's understandable.

## Work Experience
### Product Engineer @ Red Queen Dynamics
Jan 2023 – Jan 2025 | Red Queen Dynamics
• Full-stack development (Django, Python + HTML/CSS/JS)
• Frontend package management and bundling (npm, esbuild)
• Progressive enhancement (HTML/CSS, custom elements, Catalyst)
• Code environment configuration (GitPod, GitHub Codespaces)
• CI/CD pipeline (testing, linting, deployment)

### Security Engineer @ GitHub
Jan 2018 – Jan 2023 | San Francisco Bay Area
• Maintained and performed security reviews for various web security and account authentication code.
• Implemented WebAuthn and passkeys for two-factor authentication.
• Maintained an internal key management system, and its migration to a library in Ruby and Go.
• Maintained several open-source libraries and created `@github/webauthn-json`

### Security Engineer @ Google
Jan 2014 – Jan 2017 | Mountain View, CA
I worked on the Usable Security ("Enamel") team on Google Chrome, moving the web to HTTPS:

• Introduced the DevTools security panel (2015)
• Maintained and developed the HSTS security preload list (2015-2017)
• Contributions to moving the web to HTTPS (2014-2017)
• Started and maintained widely used test sites: badssl.com and permission.site


## Education
### Master of Science - MS in Computer Science
Stanford University
Jan 2012 – Jan 2014

### Bachelor of Science - BS in Mathematics
Stanford University
Jan 2008 – Jan 2012


## Contact & Social
- LinkedIn: https://linkedin.com/in/lucas-garron

---
Source: https://flows.cv/lucasgarron
JSON Resume: https://flows.cv/lucasgarron/resume.json
Last updated: 2026-03-20