MODULE_03 | STATUS: SHIPPED & STABLE
ENV: ENTERPRISE IOT / SECURITY | LOCAL TIME --:--:--
Module 03 - IoT Security & Infrastructure

Building a faster, safer IoT security protocol, and hardening WebEx from the inside

Before product, I was the engineer in the room. This is where my technical fluency was built, and where I first led a team.

Role
Software Development Engineer
Timeline
Jan 2020 - Jul 2021
Teams Led
5-engineer + 3-engineer initiatives
Cross-Functional
8-engineer security partnership
Vulnerabilities Resolved
100+ across WebEx Calling
The Problem

IoT connections were slower and less secure than the business could accept, and WebEx carried real vulnerability exposure.

Before State
  • Existing IoT connection protocol lagged on connection time and data transfer speed
  • Security posture on IoT connections did not meet evolving enterprise standards
  • WebEx calling applications carried 100+ known security vulnerabilities
  • Calling User Portal (CUP) architecture created database connection inefficiency
Target Future State
  • An IoT protocol built on Google's QUIC with materially better security and speed
  • 100+ WebEx vulnerabilities systematically triaged and resolved
  • A redesigned CUP architecture with meaningfully better database efficiency
  • A stronger technical foundation for future product and security work
Why It Mattered

At enterprise scale, protocol-level and security debt compounds fast.

IoT connection performance directly shapes customer experience and trust in Cisco's platform; slow, less-secure connections are a competitive liability in an enterprise market where security posture is a top purchase criterion. Meanwhile, every open vulnerability in WebEx, a widely-used enterprise calling product, was both a customer risk and a reputational one.

Fixing these issues wasn't optional scope, it was foundational: any future feature work sits on top of the protocol and infrastructure layer, so weaknesses here would resurface as customer-facing problems repeatedly if left unaddressed.

Constraints

Enterprise-scale infrastructure, real security stakes, cross-team dependencies.

Zero Tolerance for RegressionsAny protocol or architecture change had to avoid breaking existing enterprise deployments.
Security-First ReviewEvery fix to the 100+ WebEx vulnerabilities required rigorous validation before release.
Cross-Functional CoordinationResolving vulnerabilities required partnering with an 8-engineer cross-functional team.
Legacy ArchitectureThe Calling User Portal's existing design constrained how much could be redesigned at once.
Performance BenchmarksImprovements had to be measurable against existing connection time and speed baselines.
Team Leadership at ScaleLeading engineers while still an early-career contributor required earning technical credibility fast.
My Role

Technical leadership across three parallel efforts.

I led a team of 5 engineers to develop an IoT security protocol using Google's QUIC, aligning the technical approach with business objectives and product vision. In parallel, I partnered with a cross-functional team of 8 engineers to resolve 100+ security vulnerabilities in WebEx calling applications.

I also owned the architecture redesign of the Webex Calling User Portal (CUP), refactoring database connection handling to improve efficiency by 25% and stabilize a high-traffic, user-facing surface for enterprise customers.

Decision Process

Which transport protocol foundation for the new IoT security layer?

The team evaluated transport-layer options for rebuilding the IoT security protocol, weighing maturity, performance ceiling, and integration effort.

OptionConnection SpeedSecurity CeilingIntegration EffortVerdict
Extend Existing Legacy ProtocolLow ceilingLimited by legacy designLowRejected, doesn't solve root cause
Custom Transport ProtocolHigh potentialHigh, but unprovenVery highRejected, too slow to harden and ship
Google's QUICHigh, proven at scaleHigh, modern security primitivesModerateSelected

Building on QUIC gave the team a mature, widely-adopted foundation, letting us focus engineering effort on IoT-specific security hardening rather than reinventing transport-layer fundamentals.

Execution

Three parallel workstreams, one technical foundation.

Workstream 01

IoT Protocol on QUIC

Led a 5-engineer team building the new IoT security protocol, benchmarking against existing connection time and transfer speed.

Workstream 02

WebEx Vulnerability Resolution

Partnered with an 8-engineer cross-functional team to triage and resolve 100+ security vulnerabilities in WebEx calling applications.

Workstream 03

CUP Architecture Redesign

Refactored the Calling User Portal's database connection handling, stabilizing a high-traffic surface for enterprise customers.

Ongoing

Release-Gate Reviews

Contributed to release-gate reviews, applying the same regression-benchmarking discipline across every workstream.

Outcomes

Faster, safer, and more efficient, by the numbers.

0%
Improvement in IoT security & speed
0
Security vulnerabilities resolved
0%
Better database connection efficiency
3
Parallel technical workstreams led
What I Learned

The technical grounding that still shapes how I scope products today.

"

Security work is never "done," it's triaged, prioritized, and continuously resolved. That mindset now shapes how I think about governance in product.

"

Leading engineers as an engineer taught me that technical credibility is earned through clear tradeoff reasoning, not authority.

"

Infrastructure-level fixes have outsized, compounding leverage, they quietly prevent dozens of future customer-facing issues.

"

Not everyone agreed QUIC was the right call - some of the team wanted a custom transport layer for tighter control. I pushed benchmarking data on connection time and security ceiling over intuition, and we aligned once the tradeoffs were quantified rather than argued qualitatively.

"

Every vulnerability fix and CUP change went through regression benchmarking against the existing performance baseline before release, this is the same "measure before you ship" discipline I now apply to product rollouts, not just code.

Artifacts

Sanitized documents from this build

๐Ÿ”
IoT Security Protocol Benchmark (QUIC)
๐Ÿ›ก๏ธ
Vulnerability Triage & Resolution Log
๐Ÿ—๏ธ
CUP Architecture Redesign Diagram