I fell in love with security and privacy as a teenager through videogames. 15+ years later, I'm at SandboxAQ, securing the AI economy through cryptographic modernization and non-human identity management. Published in Nature. Runner with 24 marathons. Father of two.
Leading business unit growth and strategy in cryptographic management, non-human identity management and AI security. Built and scaled AQtive Guard from inception to enterprise adoption. Secured multi-million USD contracts with Fortune 100 banks, governments, and tech companies.
Teaching and research in cybersecurity and cryptography.
Joined Google to be part of Sandbox@Alphabet group within Google X, to own the cybersecurity area. Spun out at the end of 2021 into SandboxAQ, raising $950M+ USD.
Supervised multiple R&D teams delivering secure cryptographic libraries and protocols. Advanced research in Post-Quantum Cryptography, Lightweight Cryptography, and ML-driven cryptanalysis. Built international collaborations with academia and governments.
Developed cryptographic libraries and secure e-voting systems.
A practical playbook for moving large organizations off RSA and elliptic-curve cryptography before quantum computers can break them. It sets out realistic transition timelines, weighs security against performance and ease of implementation, and argues for hybrid schemes that run classical and post-quantum algorithms together to de-risk the switch. It also flags the "harvest now, decrypt later" problem and points to the standards worth piloting today.
An evaluation of whether post-quantum key establishment is actually practical during Bluetooth Classic pairing, on the kind of cheap, battery-powered hardware that has little memory or compute to spare. It benchmarks what quantum-resistant algorithms cost in that setting and weighs the resulting overhead against the limits of the protocol.
A broad survey of fully homomorphic encryption — the long-sought ability to compute directly on encrypted data without ever decrypting it. It builds up from the lattice math the schemes rest on to their security properties, then gets practical: where FHE fits in privacy-preserving machine learning and cloud and fog computing, and how the main software and hardware libraries actually perform. A useful map of the field from Gentry's 2009 breakthrough to today's toolchain.
Network robustness had been measured a dozen different ways, with no clean way to combine or compare them. This work pulls those metrics together with principal component analysis, defines a single R*-value, and introduces the "robustness surface" — a way to see at a glance how a network's resilience holds up across different failure scenarios. Tested on real infrastructure like power grids and railways, it shows the same network can look very different depending on how it's attacked.
System and method for implementing secure cryptographic communication between legacy applications and external services through a crypto-service layer.
Method for protecting cryptographic keys by splitting them into multiple shares distributed across remote servers and local devices.
Time-based data shard distribution scheme for securing communications data with anonymous addressing across remote servers.
University of Girona — Cum Laude
University of Girona — GPA 9.3/10
University of Girona — GPA 8.9/10
Interested in cryptography, security and privacy, or just want to talk about running and Roman history? Let's connect.