Patrick Toomey is a Principal Product Security Engineer with 14 years of experience, currently leading product security at GitHub where he blends hands-on vulnerability research with secure product architecture. He has deep expertise in application security, cryptography, account hardening, and threat emulation, and a track record of working closely with developers to remediate complex risks. His contributions to prominent open-source projects—like improving security header handling in github/secure_headers and hardening Rails and LXC behaviors—reflect a pragmatic, code-first approach to security. Prior roles at Google, Motorola, and a security consultancy sharpened his skills in binary analysis, embedded systems, and scaling assessment tooling, and he has even taught application security as an adjunct professor. Patrick’s background in both electrical engineering and computer science underpins a systems-level perspective that surfaces subtle attack surfaces and practical mitigations.
14 years of coding experience
17 years of employment as a software developer
Johns Hopkins University
BSEE Electrical Engineering, BSEE Electrical Engineering at Purdue University
Manages application of security headers with many safe defaults
Role in this project:
Back-end Developer
Contributions:42 commits, 3 PRs, 61 comments in 7 months
Contributions summary:Patrick primarily focused on enhancing the security headers management within the repository. Their contributions involved updating and refining the "Clear-Site-Data" header implementation, ensuring it adhered to the current specifications. They also addressed other aspects, such as distinguishing between source list directives and non-source list directives within the Content Security Policy, and refactoring code to improve consistency and remove caching. These changes suggest a focus on maintaining and improving the functionality of the project.
A static analysis security vulnerability scanner for Ruby on Rails applications
Role in this project:
Back-end Developer
Contributions:38 commits, 6 PRs, 29 comments in 2 years 1 month
Contributions summary:Patrick primarily contributed to the `brakeman` project, a static analysis security vulnerability scanner for Ruby on Rails applications, focusing on the core logic and functionality. Their contributions involved modifying the controller and model processors to accurately map methods to filenames, enabling support for namespaced models. They also worked on improving the handling of ERB files, enhancing the scanner's ability to detect vulnerabilities in Ruby on Rails applications by refining parsing capabilities.
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Patrick Toomey - Principal Product Security Engineer at GitHub