I fell in love with security and privacy as a teenager through videogames. 15+ years later, I'm at Google leading Agentic AI for the Threat Intelligence engineering team, making the world's threat intelligence actionable at scale. Published in Nature. Runner with 24 marathons. Father of two.
Leading Agentic AI for the Google Threat Intelligence engineering team. Focused on organizing the world's threat intelligence and making it actionable at scale to tackle the most critical cybersecurity challenges of the AI era.
Teaching and research in cybersecurity and cryptography.
Leading business unit growth and strategy in cryptographic management, non-human identity management and AI security. Built and scaled AQtive Guard from inception to enterprise adoption. Secured multi-million USD contracts with Fortune 100 banks, governments, and tech companies.
Joined Google to be part of Sandbox@Alphabet group within Google X, to own the cybersecurity area. Spun out at the end of 2021 into SandboxAQ, raising $950M+ USD.
Supervised multiple R&D teams delivering secure cryptographic libraries and protocols. Advanced research in Post-Quantum Cryptography, Lightweight Cryptography, and ML-driven cryptanalysis. Built international collaborations with academia and governments.
Developed cryptographic libraries and secure e-voting systems.
A practical playbook for moving large organizations off RSA and elliptic-curve cryptography before quantum computers can break them. It sets out realistic transition timelines, weighs security against performance and ease of implementation, and argues for hybrid schemes that run classical and post-quantum algorithms together to de-risk the switch. It also flags the "harvest now, decrypt later" problem and points to the standards worth piloting today.
An evaluation of whether post-quantum key establishment is actually practical during Bluetooth Classic pairing, on the kind of cheap, battery-powered hardware that has little memory or compute to spare. It benchmarks what quantum-resistant algorithms cost in that setting and weighs the resulting overhead against the limits of the protocol.
A broad survey of fully homomorphic encryption — the long-sought ability to compute directly on encrypted data without ever decrypting it. It builds up from the lattice math the schemes rest on to their security properties, then gets practical: where FHE fits in privacy-preserving machine learning and cloud and fog computing, and how the main software and hardware libraries actually perform. A useful map of the field from Gentry's 2009 breakthrough to today's toolchain.
Network robustness had been measured a dozen different ways, with no clean way to combine or compare them. This work pulls those metrics together with principal component analysis, defines a single R*-value, and introduces the "robustness surface" — a way to see at a glance how a network's resilience holds up across different failure scenarios. Tested on real infrastructure like power grids and railways, it shows the same network can look very different depending on how it's attacked.
System and method for implementing secure cryptographic communication between legacy applications and external services through a crypto-service layer.
Method for protecting cryptographic keys by splitting them into multiple shares distributed across remote servers and local devices.
Time-based data shard distribution scheme for securing communications data with anonymous addressing across remote servers.
University of Girona — Cum Laude
University of Girona — GPA 9.3/10
University of Girona — GPA 8.9/10
Interested in cryptography, security and privacy, or just want to talk about running and Roman history? Let's connect.