Free Wortley

Security Software Engineer & Founder

View or Download PDF

About Me

Founder of LunaSec (YC S19), ex-Figma, ex-Uber, ex-Snapchat.


Best known for coining the term "Log4Shell" for the Log4j vulnerability.


Currently reading AI papers, building AI tools, and dabbling in 3d printing.

Contact Information

  • Location: Seattle, WA
  • Email: me@freeqaz.com

Skills & Expertise

Mastery

  • Security (AppSec, DataSec, recently AISec)
  • Shipping Software
  • All Things Web (TypeScript, React, etc)
  • Linux (Arch btw)
  • Mushroom Foraging

Pretty Solid

  • LLMs/AI
  • Microservice Architecture
  • 3D Printing (slinkies mostly)
  • Music Production

Mostly Okay

  • Cryptography
  • Linear Algebra
  • Graphic Design

Professional Experience

Staff Security Engineer at Figma

April 2024Current

Currently working on the 'AI Security' team, originally on ProdSec/AppSec.

  • Hardened Snowflake infrastructure and various data pipelines/vendors
  • Rolled out Smokescreen (HTTP Egress Proxy) to help reduce model exfiltration risk
  • Security requirements + infrastructure for AI/ML model training + inference
  • Reduced org-wide toil of patching CVEs via onboarding new vendor (Socket.dev)

CEO & Founder at LunaSec (YC S19)

April 2019March 2024

Spent many years building a VC-backed startup in the security space.

  • Built a few products, raised some money ($1.7mm), and learned a lot along the way
  • Supply Chain Security, Data Security, and Low-Code, Heroku-like platform using AWS
  • Hired a team of 6+ people, ran sales, marketing, and engineering
  • Our work was featured in TechCrunch, Wired, and other outlets
  • Code on GitHub: https://github.com/lunasec-io

Security Software Engineer at Snap Inc (Snapchat)

November 2018April 2019

Left to start my own company when we got into YC. Helped with a few projects:

  • Helped build a "secrets management" platform for the organization
  • Worked on the GCP-to-AWS migration
  • Lead the effort to implement an eng-wide review ("RFC") process

Security Software Engineer at Uber

August 2014November 2018

I joined as an early member of the engineering team and worked across several different teams as Uber experienced hypergrowth.

  • Built "secure by default" web framework for engineers (full-stack Node/React)
  • Scaled out the AppSec reviews to 'Let Builders Build' and ship faster
  • Security automation platform to detect sketchy code (like Semgrep/CodeQL)
  • Created an org-wide security training program for engineers
  • Built "uber.com" from the ground up (working directly under CEO)

Software Engineer at Airware (YC W13)

February 2013August 2014

Built a desktop app using C# and WPF to generate flight plans for drones.

Joined pre-funding, and Airware went on to raise $120m.

Achievements

Alumni

Y Combinator (S19)

Worked my butt off, raised $ from VCs, and learned how billion dollar startups are built.

Hobbies & Interests

Designing 3d printed slinkies, Designing PCBs for fancy LEDs, Mushroom Foraging, Music Production, and Dog Dad.