Email [email protected]
Github github.com/lilyannehall
I'm a software engineer and security researcher with a background in distributed systems, digital privacy and applied cryptography. I have conducted security audits for organizations including Zcash, MetaMask, and Ethereum Foundation. I have authored security critical software for companies including BitPay and Storj. I am a contributor to many open source projects and conduct independent research on peer-to-peer networks and privacy technology.
Assist news organizations and journalists in migrating to the SecureDrop Workstation, including hardware selection, OS installation, SecureDrop Workstation setup, and onboarding.
Develop security tools, code reviews, audits, pen tests and system design reviews while consulting for private clientele.
Acted as a technical advisor and engineering manager to a team of six engineers responsible for Sign-in-with-Ethereum (SIWE). Established testing practices and security best practices.
Managed the consumer engineering department which included the web, mobile, and payments teams. Developed hiring rubrics, progression criteria and operational practices. Led the security working group -- a cross-functional team responsible for organizational and application security practices.
Conducted dozens of security audits for an ensemble of privacy focused technology projects. Authored reports and blog posts. Worked directly with clients to remediate vulnerabilities.
Implemented the Storj protocol per its initial prototype specification. Co-authored the protocol specification for its first major stable release. Acted as the open-source project's core developer and community liaison.
Co-authored the second major release of the Merchant API and the first major release of the Payroll API -- both designed with a capabilities-based security model. Led the research and development team to build internal tools and contribute to open source projects Bitcore, Bitauth and Copay
Kadence 2019
Complete implementation of the Kademlia distributed hash table that aims to effectively mitigate all vulnerabilities described in the S/Kademlia paper.
Granax 2017
Complete client implementation of the Tor Control Protocol enabling developers to control a running Tor instance from Node.js.
Diglet 2017
Fully encrypted reverse HTTPS tunnel server and client, enabling secure access to HTTP(S) servers running behind a restrictive NAT or firewall accessible from the internet.
- KFS: a LevelDB sharding algorithm based on the XOR metric (Author -- Storj, 2016)
- Tezoz TezBox Wallet Audit (Author -- Least Authority, 2018)
- Storj: a peer-to-peer cloud storage network (Contributor -- Storj, 2016)
- Capnode Permissions System (Contributor -- Least Authority, 2019)
- MetaMast Mobile Wallet (Contributor -- Least Authority, 2019)
- ProgPow Algorithm (Contributor -- Least Authority, 2019)
- Zcash Sapling Implementation (Contributor -- Least Authority, 2019)
- Zcash Overwinter Specification and Implementation (Contributor -- Least Authority, 2018)
- Tezos Galleon Wallet Audit (Contributor -- Least Authority, 2018)
- Tezos Protocol Audit (Contributor -- Least Authority, 2019)
Exhaustive list of published research, papers, and security audits at lilyanne.me/research
Co-founded a hackerspace in Atlanta, GA. Managed operational logistics, curriculum, and hosted a weekly counter-surveillance and threat modeling workshop.
Consulted during the early design phase to identify potential attack vectors related to the overlay network structure, incentive model and scalability concerns.
Awarded a research grant to fund a third party security audit of my open source privacy software project, Onion Routed Cloud (ORC).
Participated in a panel interview with representatives from Sia and Tahoe-LAFS about the state and future of decentralized cloud storage.
Spoke about the ecological impact of proof-of-work systems and made an appeal for various alternatives.
Spoke at NodeSummit about Storj and gave a live demonstration of one of the first decentralized cloud systems using distributed ledger technology.
Spoke at a conference for JS developers about using server-side JavaScript to implement a peer-to-peer consensus algorithm.
Professional references available upon request