Free Wortley

Staff Security Engineer · Builder · YC Founder

View or Download PDF

About Me

YC Founder (LunaSec, S19), ex-Scale AI, ex-Figma, ex-Uber, ex-Snapchat.

Best known for coining the term "Log4Shell" for the Log4j vulnerability.

Pushing the limits of AI and currently building the tools to decrease the security risks they pose.

Contact Information

  • Location: Seattle, WA
  • Email: me@freeqaz.com

Skills & Expertise

S-Tier

  • Security (AppSec, DataSec, recently AISec)
  • LLMs/AI
  • Shipping Software
  • All Things Web (TypeScript, React, etc)
  • Linux (Arch btw)

A-Tier

  • Microservice Architecture
  • 3D Printing (slinkies mostly)
  • Music Production

B-Tier

  • Cryptography
  • Linear Algebra
  • Graphic Design

Professional Experience

Scale AI

  • Head of Security / Architecture
    September 2025May 2026

Senior-most security leader (12+ ICs), splitting time between hands-on architecture and cross-functional execution.

  • Drove response to many high-severity incidents, up to execs and across all orgs
  • Championed rollout of AI dev tools (Claude) and gave company-wide talks/trainings
  • Codified 'Ownership' for services to ensure CVEs are patched within Compliance SLAs
  • Lead GDPR compliance with Legal; rewrote deletion pipeline and data inventory

Figma

  • Staff Security Engineer
    April 2024May 2025

Staff IC on the AI Security team, after ProdSec/AppSec.

  • Designed security foundations (requirements + infrastructure) for AI/ML model training and inference
  • Rolled out Smokescreen (HTTP egress proxy) to reduce model exfiltration risk
  • Hardened Snowflake infrastructure and the data pipeline/vendor surface

LunaSec (YC S19)

  • CEO & Founder
    April 2019March 2024

Built a VC-backed open-source security company spanning Supply Chain Security, Data Security, and a Heroku-like AWS platform.

  • Designed and shipped products from zero; raised $1.7mm and hired a team of 6+
  • Coined "Log4Shell" and led the public-facing response that shaped industry framing of the Log4j vulnerability

Snap Inc (Snapchat)

  • Sr. Security Software Engineer
    November 2018April 2019
  • Helped build a secrets management platform for the org
  • Led the effort to roll out an eng-wide RFC review process

Uber

  • Security Software Engineer
    August 2014November 2018

Joined as an early engineer and worked across many teams through hypergrowth.

  • Built "secure by default" full-stack web framework (Node/React) adopted org-wide
  • Shipped uber.com v1 from scratch, working directly with the CEO
  • Scaled AppSec program to "Let Builders Build" and ship faster via automation/process
  • Created an org-wide security training program for engineers

Airware (YC W13)

  • Software Engineer
    February 2013August 2014

Built a C#/WPF desktop app to generate flight plans for drones. Joined pre-funding; Airware went on to raise $120m.

Achievements

Alumni

Y Combinator (S19)

Worked my butt off, raised $ from VCs, and learned how billion dollar startups are built.

Hobbies & Interests

Designing 3d printed slinkies, Designing PCBs for fancy LEDs, Mushroom Foraging, Music Production, and Dog Dad.

Résumé | Free Wortley