Andrew Dunham
Member Of Technical Staff at Tailscale
Ottawa, Ontario, Canada
Summary
🤩
Rockstar🎓
Top SchoolAndrew Dunham is a Member of Technical Staff at Tailscale and a security-focused software engineer with 13 years of experience based in Ottawa. He combines deep systems and security expertise—reverse engineering, TLS/OpenSSL work, and building statically-linked *nix tooling—with backend and web development in Python and Ruby. At Tailscale and across open source he has driven networking robustness and performance (per-client TCP forward limits, ICMP handling, /healthz and fuzz tests) and contributed Rust TLS work such as SNI support and PEM RSA key handling. His long tenure on Stripe’s security team and prior consulting at Matasano reflect production-scale security practice and incident-hardened engineering. Comfortable from low-level cryptography and static binary toolchains to graph database internals and algorithm libraries, he tends to surface quiet reliability improvements that pay off at scale.
13 years of coding experience
9 years of employment as a software developer
B.Eng.Mgmt., Software Engineering and Management, B.Eng.Mgmt., Software Engineering and Management at McMaster University
Japanese, English, Italian, Russian, French
Github Skills (50)
algorithm10
finite-state-automaton10
algorithms10
iteration10
ss10
ssl10
statemachines10
cross-build10
datastructure10
sslv310
bash10
datastructures10
graph-database10
data-structure10
iterable10
Programming languages (19)
Github contributions (5)
andrew-d/static-binaries
Feb 2015 - Apr 2020
Various *nix tools built as statically-linked binaries
Role in this project:
DevOps Engineer & System Administrator
DevOps Engineer & System AdministratorContributions:70 commits, 3 PRs, 67 pushes in 5 years 3 months
Contributions summary:Andrew primarily focused on building and configuring static binaries for various *nix tools within the repository. Their contributions involved creating build scripts using Bash, integrating dependencies such as musl, ncurses, readline, and OpenSSL. Furthermore, they added and upgraded binaries for multiple tools, including socat, nmap, p0f, binutils, yasm, and others, along with some Windows versions and OS X support.
dotfilesnixosas-builtbinaries
tailscale/tailscale
Jul 2022 - Jan 2023
The easiest, most secure way to use WireGuard and 2FA.
Role in this project:Back-end Developer & DevOps Engineer
Back-end Developer & DevOps EngineerContributions:793 reviews, 92 commits, 499 PRs in 6 months
Contributions summary:Andrew primarily contributed to the core functionality of the Tailscale project by adding unit tests and fuzzer tests for the resolver and for ICMP handling. They also worked on improving the overall performance of the project by implementing a per-client limit on in-flight TCP forwards, and by optimizing the structure of the code to avoid re-allocating maps. Moreover, the user worked on improving the robustness of the project by adding error handling and by handling cases where the openresolv commands fail. They also added a /healthz endpoint for monitoring the project and exposed gVisor metrics through expvar.
secureprivacysecurityvpnwireguard
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.