Director of Product Management for Identity, Google
Goal: Eliminate Internet passwords
How to contact me:
- I prefer to be reached via email at work (firstname.lastname@example.org) or personal (email@example.com)
- I am not a heavy user of social networks, but you can find me on Linked In and Facebook. I do have a personal Google+ profile but I don't use it for work. So email me instead.
- Google's Internet Identity Research website contains information on much of my recent work.
My career is focused on getting more technology moved into a "software as a service" model, both for enterprises and end users. I generally find that identity/security/trust issues are large barriers for that goal, and so historically I have mostly focused on those issues.
I started my first company in 1992 during my senior year of getting a bachelor's degree in Computer Science at Rice University. That company was the first major corporate e-mail hosting service leveraging the Internet, and even older communication networks. The popular email software at that time was Lotus Notes, cc:mail, and eventually Microsoft Exchange. We built an identity system around those software products to enable a multi-tenant architecture hosted in what we now refer to as "the cloud." The company quickly became recognized as the leader in this field, and we signed very large deals with both IBM/Lotus and Microsoft to formally develop software extensions to their platforms to make it easier to host them on the Internet. The company did extremely well, and I left in 1999 after the company had gone public.
After joining and selling another company, I joined Google in 2003. In my first few years I ran Google's consumer identity system (Google Accounts). I also used my corporate e-mail hosting experience to start Google's enterprise e-mail hosting service (Google Apps).
The most interesting project I ran in those first few years was Google's first social network, orkut.com. While it was quickly refocused to the BRIC's (Brazil, Russia, India, China) the service gave me much deeper exposure to complex consumer identity issues. In particular there was a huge demand to turn the service into a platform for 3rd party applications, but there was no known model at the time for the identity/security/trust mechanism of a consumer API platform dealing with private user data. The legal issues in particular were quite daunting.
We started seeing a similar demand to build platforms in other areas, and many web players started building proprietary equivalents of what has now become the industry standard OAuth. One specific market was that of personal health care records, so that led me to start the Google Health project. Most of my work on the project involved working with the privacy community, lawyers, and government officials to evaluate the OAuth model. We eventually showed that the user consent model of OAuth type techniques was sufficient to move even highly sensitive information such as health records.
In 2007 I decided to focus on growing the use of these identity techniques on the Internet. I took a role as Google's first product manager on the Security team, as well as Google's initial privacy council. This role enabled me to start working on identity/security standards such as OAuth, OpenID, OpenSocial, Caja, strong authentication, etc.
In 2009 I also took a role as Google's first product manager for our CIO organization. This was a perfect fit for my passions because the goal was an aggressive migration of Google's IT systems to cloud computing. That required solving a huge host of identity/security challenges for Enterprise use of the cloud by leveraging techniques such as OAuth and OpenID. I also used that work to start the Google Apps Marketplace which was based on the co-development work I did with IBM and Microsoft in the 90s for similar offerings.
In 2010 I transferred most of my responsibilities to focus on "trying to get rid of passwords." While the industry had been failing in that goal for over a decade, I started to see the "light at the end of the tunnel." I recruited a number of Internet Identity experts to join Google, and we now have a very strong team working on a range of identity issues at Google.
I do believe we are close to getting rid of passwords. If you want to follow our work, you can keep an eye on Google's Internet Identity Research website.
**This is my personal homepage. The views expressed on these pages are mine alone and not those of my employer.**