Lucas Garron is a product-focused engineer with 15 years of experience building secure, pragmatic web systems from browser UX to backend APIs. With roots in mathematics and MS CS from Stanford, he has driven web security initiatives at Google and GitHub—helping ship DevTools security features, HSTS preload infrastructure, and passkeys/WebAuthn—and now applies that expertise to full‑stack product engineering at Red Queen Dynamics. A prolific open-source contributor, he created and improved widely used test sites like badssl.com and permission.site and has maintained security-focused libraries such as secure_headers and a clipboard polyfill. He blends careful backend and DevOps work (API design, CI/CD, release pipelines) with progressive enhancement on the frontend, and is motivated by a clear mission: making the open web safer and more usable.
15 years of coding experience
8 years of employment as a software developer
Master of Science - MS Computer Science, Master of Science - MS Computer Science at Stanford University
:lock: Memorable site for testing clients against bad SSL configs.
Role in this project:
Full-stack Developer
Contributions:2 reviews, 352 commits, 84 PRs in 4 years 8 months
Contributions summary:Lucas primarily contributed to the front-end development of the website, enhancing its UI and user experience. They made changes to the HTML and CSS to adjust the visual appearance, including background colors and text styling, and to improve the layout. Moreover, the user worked on migrating existing content to an nginx web server and setting up various subdomains to test different SSL configurations. They also implemented minor JavaScript enhancements to the homepage.
:lock: Chromium's HSTS preload list submission website.
Role in this project:
Back-end Developer
Contributions:14 reviews, 227 commits, 41 PRs in 2 years 4 months
Contributions summary:Lucas primarily focused on back-end development and code organization within the Chromium HSTS preload list submission website. Their contributions include fixing code, refactoring file handlers and scripts, converting page.html to index.html, and implementing the API using the hstspreload package. They updated server.go to utilize a new Issues-based API and implemented datastore interactions for update and pending operations, and added a /checkdomain endpoint.
hstspreloadlocksecuritychromechromium
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Lucas Garron - Product Engineer at Red Queen Dynamics