Yan Cao
Engineering Manager in Bay Area
Tell me your security challenge.
About
As a seasoned engineering and product leader, my expertise lies in the Security and Risk/Integrity domain. I enjoy working on Security & Risk not only because it's both fascinating and challenging, but what truly drives me is the moral responsibility to safeguard the security and well-being of those we serve.
Work Experience
• Supporting the AAA(Authentication and Authorization) team, including AuthZ Service, Zero-Trust Infrastructure(ZTI) team and FIDO2 team.
• Scaling the team from 5 to 20+ engineers (with 20+ XFNs). We are responsible for building critical security systems that ensures Bytedance can operate in U.S meeting rigorous compliance and regulatory requirements.
• Engineering lead for Novi Security SWE team. We are responsible for building infra security systems and security toolings.
• 2018 ~ 2019 - Engineering Manager for IG Well-being Experience Team.
- We are responsible for building product and experiences around account security, meaningful usage, reporting and appealing.
• 2017 ~ 2018 - Engineering Manager for Account Security Team.
• 2014 ~ 2017 - IC for Account Security Team.
- Our daily job is to fight against all kinds of hacking activities on the platform to protect our community.
• As a full-stack engineer, I built Navisite's cloud service sales application from design to completion.
Projects
Collaborated with TikTok product team launched Passkey authentication, so TikTok users can login with either Touch ID or Face ID and avoid the hassle of remembering passwords.
We are building ZTI with SPIFFE and SPIRE framework, and in fact, Bytedance has the largest number SPIRE agent deployment in production environment(over 1M machines).
We adopted a defense-in-depth approach to build access controls that hold strong commitment to our customers.
Worked on designing the initial version of our crypto wallet custody service, which ensures the security of our funds.