grosse@gmail.com
n2vi.com, github.com/n2vi
1574 Siesta Dr Los Altos CA 94024
37.353 -122.075 9W3F+5X
biosketch, affiliations, cv, papers
N2VI radio callsign allocated to me by the FCC

I'm pursuing infosec through simple, yet still general purpose, systems. I recognize modern computing has moved in a different direction, but the widescale breaches and systemic risks convince me that for resiliency it is worth personally pursuing a different approach.

This was motivated by working with people in strategic risk reduction, the diplomacy term for trying to avoid world war three. Under the umbrella of the CATALINK project, I argued for building a multi-lateral open-source version of the classic Moscow - Washington hotline, so that national leaders have fewer misunderstandings. But the geopolitical situation has turned unfavorable for non-proliferation.

I retired in 2017 from the role of Google's VP Security & Privacy Engineering, after ten wonderful years working with a team of passionate and talented people committed to being good stewards of our users' data. There is a workshop keynote that reflects on some of that experience and recently I wrote a screed on our experience with authentication.

We refused to accept the status quo of crime and espionage and helped move industry best practices from a "fire code" model of checklists to a "red team" model of testing against adversaries, focusing on defense, detection, and response:
1. FIDO U2F Security Key authentication,
2. whitelisting of active content, driven by malware reverse engineering
3. pervasive crypto (SSL with Certificate Transparency; e2email and Upspin)
4. robust apps by design
5. looking through logs for bad actors

But life is short and I wanted to spend more of it with Brenda, exploring our beautiful country by air in a Cessna 182, N945G. As they say, "responsibility of the pilot is to fulfill the dreams of the countless millions of earthbound ancestors who could only stare skyward ...and wish." (Unfortunately Brenda's autoimmune treatment and the covid pandemic and MAGA intervened and I had to abandon that dream.) For my public service component, I'll be submitting patches upstream to harden open source systems.

Earlier as a Bell Labs Fellow, I worked on algorithms for numerical approximation, simulation, domain decomposition, floating point, visualization, and networked computing and tried to make the netlib collection a useful aid for scientific computing.