Hi, I'm

Jonathan Lo [he • him]
Software Engineer
Security

I build cryptographic infrastructure at Apple — PKI systems, X.509 certificate pipelines, and the encryption and signing services that protect sensitive data across Apple's platforms.

My experience GitHub LinkedIn

// about

What I focus on

Cryptography & PKI

From X.509 certificate issuance at scale to encryption and signing primitives, I work across the full lifecycle of cryptographic services Apple's platforms depend on.

Key Management

Designing secure key derivation and lifecycle systems — including hardware-backed storage with the Secure Enclave — so keys are generated, used, and retired safely.

Post-Quantum Readiness

Evaluating NIST post-quantum standards like ML-KEM for integration into existing cryptographic stacks, before quantum threats become practical.

Misuse-Resistant APIs

Security should be the path of least resistance. I design interfaces that make the right thing easy and the wrong thing hard — for services and developer-facing SDKs alike.

// experience

Places I've Worked

Apple
Apple Security Software Engineer
IBM
IBM Software Developer
Cloud Foundry
Cloud Foundry Open-source Contributor
Vectra AI
Vectra AI Engineering Intern
UC Berkeley
UC Berkeley EECS Instructional Support
Taiwan Space Agency
Taiwan Space Agency Research Assistant

// skills

Technologies & tools

Languages

Java Python Go JavaScript Swift C C++

Cryptography

PKI X.509 TLS AES-GCM ECC RSA HKDF HPKE Post-Quantum

Identity & Auth

OAuth 2.0 OpenID Connect SAML LDAP

Platforms

iOS macOS Secure Enclave Linux

Frameworks

Spring Framework Dropwizard Bootstrap Backbone

Tools & Infrastructure

Git Jenkins Maven JUnit MySQL Elasticsearch Concourse CI BOSH

// projects

Areas of focus

Certificate Infrastructure at Scale

Part of the team behind Apple's PKI systems — including the pipeline that issues hundreds of thousands of SSL/TLS X.509 certificates every week, spanning lifecycle management, validation, and backend reliability.

PKI X.509 TLS Certificate Management

Encryption & Signing Services

Contributed to the cryptographic services layer responsible for encryption and signing operations protecting sensitive data across Apple. Focus on correctness, auditability, and misuse-resistant abstractions.

AES-GCM ECC RSA Signing Key Derivation

Secure Key Management

Design and implementation of key derivation and lifecycle primitives, including hardware-backed storage integrated with the Secure Enclave for tamper-resistant guarantees on Apple devices.

Secure Enclave HKDF HPKE Key Lifecycle

Post-Quantum Readiness

Evaluating NIST post-quantum algorithms — including ML-KEM — for integration into Apple's cryptographic stack, with a focus on performance, migration strategies, and hybrid transition paths.

Post-Quantum ML-KEM NIST PQC Research

// education & certifications

Background

University of California, Berkeley
Bachelor's in Computer Science
GIAC Web Application Penetration Tester GWAPT
GIAC / SANS Institute
GIAC Advisory Board
GIAC / SANS Institute
IBM Cloud Garage Method Developer
IBM

// contact

Get in touch

Interested in cryptography, security engineering, or open source? I'm always happy to connect.

// you found something

jon@loconsumption.com — bash
Last login: on ttys000
Type help to see what's here.
jon@loconsumption.com ~ $