Garrett Robinson is a seasoned software engineer with 14 years of experience building security- and privacy-focused systems in C++, C, Python, and JavaScript from San Francisco. He led small engineering teams and open-source projects, including driving App Privacy Report and TCC work at Apple and contributing to password/passkey sharing features. Garrett has deep applied security experience across high-impact projects—SecureDrop, OnionShare, Certbot, and domain-scan—where he implemented cryptographic fixes, anonymity-preserving features, and HTTPS/HSTS/STARTTLS scanning. He blends systems-level engineering with product-minded design, shipping usable privacy controls that met regulatory and user-facing requirements. Equally comfortable in DevOps and backend roles, he improves developer workflows, testing, and deployment while keeping performance and constant-time security considerations in mind. His career reflects a rare mix of production-grade OS security, browser and server tooling, and long-term stewardship of privacy-first open source software.
14 years of coding experience
12 years of employment as a software developer
Bachelor of Arts (B.A.) Computer Science, Bachelor of Arts (B.A.) Computer Science at Oberlin College
GitHub repository for the SecureDrop whistleblower platform. Do not submit tips here!
Role in this project:
Back-end Developer & Security Engineer
Contributions:1077 commits, 321 PRs, 344 pushes in 6 years 2 months
Contributions summary:Garrett primarily focused on improving the security and functionality of the SecureDrop application. Their commits included fixing GPG parameter issues, which updated the application's cryptographic libraries, and adding features like generating a security slider in the Tor Browser. The contributions involved refactoring code, patching security vulnerabilities, and adding new features to further enhance the anonymity of SecureDrop sources. This user also worked on the source interface and documented security-focused features, and performed code review and refactoring on these changes.
A lightweight pipeline, locally or in Lambda, for scanning things like HTTPS, third party service use, and web accessibility.
Role in this project:
Back-end & Security Engineer
Contributions:9 commits, 7 PRs, 23 comments in 1 year
Contributions summary:Garrett contributed several features related to domain scanning and security analysis. They implemented a page load scanner using Phantomas, incorporating metrics for performance evaluation. Furthermore, they added a scanner to check if domains are in the Chrome HSTS preload list, and also implemented a STARTTLS scanner. These additions enhanced the repository's ability to assess the security posture and performance of web domains.
third-partypartypipelineserverlesslocally
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.