Thai Duong is a seasoned software leader and security-focused engineer with 14 years of experience building and hardening large-scale systems, most recently serving as Chief at Calif after a long tenure as a Senior Staff Software Engineer at Google. Born in Saigon and raised on the Internet, he blends deep cryptography and secure engineering expertise—demonstrated by contributions to high-profile open-source projects like Google’s Tink crypto library and Project Wycheproof—with product and organizational leadership. He has a track record of refactoring core APIs, improving build integrity, and uncovering signature-forgery vectors, reflecting both hands-on coding and threat-aware design. Based in Mountain View, he also serves on VNPAY’s board, bringing technical rigor to strategic decisions across security and payments. Notably, his background spans applied security roles from banks to boutique consultancy and a decade-plus at a major cloud company, giving him rare perspective on both legacy and cloud-native risk.
Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
Role in this project:
Back-end Developer
Contributions:12 releases, 33 reviews, 796 commits in 5 years 2 months
Contributions summary:Thai's contributions primarily focused on refactoring the Golang implementation, updating APIs, and code structure to align with the latest Java APIs. They replaced `tink.Registry().Blah()` with `tink.Blah()`, indicating a refactoring to the codebase's core API. This was complemented by efforts to ensure the compatibility and operation of the system's code using the "go get" command. This work involved addressing naming and style issues as well.
Project Wycheproof tests crypto libraries against known attacks.
Role in this project:
Security Engineer
Contributions:37 commits, 33 PRs, 134 pushes in 3 years 6 months
Contributions summary:Thai primarily contributed to enhancing the security testing of cryptographic libraries. They focused on generating and validating test vectors for RSA signatures, identifying and fixing potential vulnerabilities related to signature forgery. Additionally, the user worked on addressing build errors and suppressing warnings, indicating involvement in maintaining code quality and build integrity within the project. These contributions demonstrate expertise in security testing, cryptography, and the application of security best practices.
hmaccryptographyattackscrypto
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.