mo khan - software developer

Built custom roles system for fine-grained permission management across GitLab.com and enterprise instances
Designed and implemented authorization infrastructure using Ruby on Rails and GraphQL
Developed low-privilege job tokens system to reduce security attack surface in CI/CD pipelines
Integrated Envoy Proxy with OAuth2, JWT authentication, and external authorization filters
Collaborated with principal and distinguished engineers on authorization patterns and security architecture

Ensure secure API access by building an API gateway secured by JWTs, Casbin policies and OpenID Connect
Enable backend teams to prototype quickly by building REST API endpoints to manage user permissions and membership
Collaborate with frontend developers by providing API endpoints to retrieve session/profile data

Unblocked a large customer acquisition (Twilio) by working on a project to manage team authorization via an external identity provider
Unify the HCP and Terraform Cloud authn and authz strategy by collaborating in a working group to identify possible solutions

Secured enterprise software supply chains by porting automated dependency updates (Dependabot) to GitHub Enterprise Server
Provided deeper insight into software supply chains by extending public API endpoints
Routinely resolved and improved product quality by triaging issues, fixing defects, and releasing new features

Built full-stack subscription platform features for merchants using Ruby on Rails
Developed APIs for subscription management and billing workflows
Collaborated with product teams to improve subscription onboarding experience

Provided software license detection by maintaining the GitLab license analyzer
Detected software licenses for high sensitivity organizations by developing support for limited network connectivity environments
Increased the # of supported package managers by adding support for Conan, Mono, Pipenv and more.
Sped up CI pipelines for license scanning users by shrinking Docker images and maintaining Debian packages for multiple package managers and versions
Improved developer loyalty by reviewing and releasing community contributions

Secured 14M enterprise devices for 100+ Fortune 500 companies and governments across the world
Unified customer login experience across all Cisco Security products by building a single sign on system
Supported peers by routinely resolving difficult technical issues, through hands-on support and pairing with engineering, operations and support
Fostered a culture of continuous improvement by mentoring colleagues through pair programming, presentations and leading small project teams

saml-kit: Ruby toolkit for implementing SAML 2.0 authentication with support for metadata generation, assertion validation, and IdP/SP implementations (200K+ downloads)
scim-kit: RFC-7643 compliant user provisioning toolkit for enterprise identity management integration (30K+ downloads)
xml-kit: XML processing library with cryptographic verification and canonicalization for security-critical applications
spandx: CLI tool to detect software licenses in codebases, supporting compliance workflows for enterprise development (90K+ downloads)

Created a marketplace for Makers by developing the original version of Fairgoods.com
Developed Confab.co to facilitate better communication at work
Equipped Health & Safety Auditors by building the initial version of eCompliance audit software
Supported multiple departments of an energy producer by developing software for compensation planning, production planning, and guest check-in software
Helped small businesses build customer loyalty by developing loyalty and gift card applications for multiple point of sale terminals (Ingenico, Hypercom, TechTrex, Verifone)