Secure Service Mesh from the ground up: https://kccncna2025.sched.com/event/27FdO

I worked on the open source project Istio (https://istio.io) focusing on the security area (Identity, Authentication, Authorization and Vulnerabilities).

• Maintainer of the Istio security work group

• Co-authored and implemented the Authorization API end-to-end (Istio and Envoy) with full (unit, integration, e2e and fuzzy) tests coverage

• Designed and developed many security features and improvements including AuthZ deny policy, dry-run policy, External Authorization (OPA, OAuth, etc.), JWT validation and mTLS

• Developed the Envoy RBAC network filter and continuously contributed to the Envoy project (JWT filter, CEL in RBAC, CVE handling, etc.)

• Co-established the Istio Product Security Committee, discovered, fixed and coordinated multiple CVEs across companies

• Spoke at open source conferences (IstionCon 20, EnvoyCon 19) for advocating security features and best practices.

I also worked on the design and development of security features in Anthos Service Mesh (ASM, Google's managed Istio) and Traffic Director (Google's fully managed service mesh).

I worked on the serving backends (C++, Java) for Google Maps iOS/Android clients.

• Migrated the serving flow to a semantic format to support flexible and fast client-side rendering

• Completed the migration of live traffic for billions of mobile clients without compatibility issues