30 years of security innovation. Standards that shaped the internet. When outcomes are too important to trust to just vibes.
I'm Brad Hill, and I've spent three decades building security technologies and standards that billions of people use every day. From leading working groups at the W3C to security architecture at Meta, from pioneering FIDO authentication to inventing protocols that protect how you recover your accounts — I've seen firsthand what it takes to build security products that actually work.
I'm available for full-time and part-time engagements in the Seattle area or remotely. Whether you're ideating a new product, refining requirements, architecting security, managing execution, or verifying pre-launch — I can help you build something that actually matters.
Help found and co-led the working group that created Content Security Policy, Subresource Integrity, and Credential Management, now fundamental to web security.
Key technical contributor to the FIDO Alliance v1 specifications that laid the foundation for the Passkeys standard that's replacing passwords.
Led Facebook Login's response during the Cambridge Analytica crisis. Rebuilt product privacy posture in weeks while maintaining team stability and trust.
Architected security for products serving billions. Led GDPR rollout, HTTPS-only migration, incident response, and innovation during major platform transitions.
When Apple's privacy changes threatened to shut down Facebook Login, I invented a new technical approach that saved the product and evolved with market demands.
Built high-performing teams from the ground up. Mentored dozens of engineers to senior levels. Known for developing talent through complex, high-stakes projects.
Every engagement is tailored to your specific needs. I work across the full product lifecycle:
Help you think through what's actually worth building. Identify how to deliver customer value. Integrate the economics and incentives of multi-party markets with the technical possibilities for your product.
Define what secure, compliant, and user-friendly actually means for your product. Real threat modeling, not checklist security.
Write the blueprints that engineers and agents can build from. Make security requirements testable and clear.
Navigate W3C, FIDO Alliance, IETF, CA/Browser Forum, GDPR, and emerging regulations. I've been part of these conversations for decades.
Help you scope the work, manage timelines, handle dependencies across teams, and keep projects on track through complexity.
Take on technical leadership roles. Build teams, mentor senior engineers, set technical direction under pressure.
Make your security posture, threat model, and architecture understandable to everyone who needs it.
Security review before launch, incident response planning, and post-launch support.
Location: Based in Seattle, available for in-person engagement in the Pacific Northwest or fully remote work. Let's talk about what works best for you.
If you're working on security, privacy, authentication, identity, or standards-driven products—and you want someone who's actually shaped the landscape—let's talk.
Email: hillbrad@notanotherpadlock.com
LinkedIn: linkedin.com/in/brad-hill-00a2891
Location: Seattle, WA | Remote-friendly