Grant Dasher
Davis, California, United States
2K followers
500+ connections
View mutual connections with Grant
Grant can introduce you to 10+ people at Google
or
New to LinkedIn? Join now
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
View mutual connections with Grant
or
New to LinkedIn? Join now
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
About
I'm a Distinguished Engineer at GCP working on Cloud Security.
Previously, I…
Activity
2K followers
-
Grant Dasher reposted thisGrant Dasher reposted thisUPCOMING EVENT— “CVE in an Era of AI-Enabled Vulnerability Discovery” Join us for a free virtual conference @ how AI-enabled vulnerability discovery is affecting the CVE Program ecosystem + where current models may need to adapt Date: July 30, 2026 Time: 10:00–14:00 EDT (UTC-4) Format: Virtual Cost: Free https://lnkd.in/gt8Fw5Zc
-
Grant Dasher reposted thisGrant Dasher reposted thisHi, it's been awhile, but since I'm posting on LinkedIn you know it means one thing: hiring time again! My team, and the wider Cloud CISO Security Engineering org we're a part of, are on the frontier of defining what it means to do security engineering with all these cool AI tools we didn't have six months ago. And we're growing :) This time we're looking for a wide variety of folks to fill Security Engineer and SWE roles in Seattle/Kirkland, New York, the Bay Area, and Zurich. If you're motivated to solve security problems spanning a wide range of products alongside a team of bright folks who want to keep GCP customers secure, apply and come work with me! (this is the first set of postings I have ready - more to come. Search the Google careers page for Cloud CISO for more) https://lnkd.in/gvDxhfXw https://lnkd.in/g9X6xrsr https://lnkd.in/gM9sUpPk https://lnkd.in/g4TCm7uZ https://lnkd.in/gbjf6FQ2 https://lnkd.in/gqpHCrkF
-
Grant Dasher shared thisI went on a podcast... Thanks Anton Chuvakin and Timothy Peacock for the fun chat!Grant Dasher shared thisEpisode 274 "#AI, Zero Trust and Secure by Design Walk into a Bar..." of Cloud Security Podcast where hosts Anton Chuvakin and Timothy Peacock interview Grant Dasher from Google and ex-CISA about AI, identity, zero trust and other modern security concepts converging https://lnkd.in/gYfU-Ubc #CloudSecurityPodcast #CloudSecPodcast #GoogleCloud #CloudSecurity #Cloud #Security #Cybersecurity
-
Grant Dasher reposted thisGrant Dasher reposted thisThere’s been a lot of conversation lately about “centralization” in vulnerability data and what a more decentralized future should look like. It’s a valuable discussion – and it helps to clarify how CVE actually works today. CVE has long been a federated, decentralized system. Hundreds of CNAs worldwide assign and publish CVE Records directly, supported by regional and sector-based Roots and a global Council of Roots. This structure distributes stewardship, prevents bottlenecks, and strengthens ecosystem resilience. A common misconception centers on conflating the NVD with CVE. While NVD has historically provided CVE data enrichment and propagation, it has never been the CVE Program. Many may draw their data from NVD as a trusted downstream partner providing CVE information, and they may also choose to pull directly from CVE. CVE policy, rules, assignment, and publication are managed through a community-driven, global federation – and the system is intentionally designed so no single enrichment provider is a point of failure. This model is accelerating as the CVE Program moves deeper into its Quality Era, which emphasizes richer, more complete records produced at the source: 📢 More supplier CNAs are enriching their own CVE Records directly and consistently – in fact... this year's (upcoming 👀 ) CWE Top 25 dataset had a 14% year-over-year increase in Suppler CNA-provided CWE mappings! 🔊 New program capabilities are enabling greater automation and higher-quality metadata for downstream consumers (and more are on the way…) 🌐 Global participation continues to expand – most recently with ENISA becoming a CVE Root, strengthening European representation and further decentralizing program operations In many ways, the “future” people are imagining is already well underway: a more resilient, globally distributed, and quality-driven CVE ecosystem where accuracy at the source and broad regional involvement continue to grow.
-
Grant Dasher shared thisThis is worth reading! I agree with all of his recommendations here. I'd only add that the NTSB analogy offers another solution to the "gap" problem (which is an enormous obstacle to developing the technical muscle for something like the CSRB to really work). The NTSB also conducts a number of lower-grade staff level investigations for less significant incidents (4 in August!). There is plenty going on in the cyber domain to keep an investigative staff busy full time to build on that analogy. Figuring out the difference between a post-response investigation by a government organization and private sector IR firms would be key, but I believe there is a role for independent government evaluation of incidents not tied to intelligence or law enforcement to build an objective body of knowledge to move towards safer system design. Full disclosure: I worked with Jeff Greene extensively on the Exchange Online report as a technical staffer. These are my personal views and do not represent those of anyone else. https://lnkd.in/gWz38rd8
-
Grant Dasher shared thisYou love to see it!Grant Dasher shared thisFired up! 🔥 https://lnkd.in/g-zvNmGECISA ‘fired up’ to chart new vision for CVE programCISA ‘fired up’ to chart new vision for CVE program
-
Grant Dasher reposted thisGrant Dasher reposted thisAs summer comes to a close and new opportunities are on the horizon, I’m sharing a decision I made earlier this season—to wrap up my federal service and begin the next chapter of my career. Over the past decade, I’ve been privileged to serve in executive leadership roles at DHS and CISA—leading large-scale product engineering teams, advancing applied AI/ML tools and analytics, modernizing cloud platforms, and driving innovative research to protect the nation’s critical infrastructure. I’m grateful to the leaders who entrusted me with challenging missions, and to the colleagues and partners whose expertise, dedication, and purpose made our successes possible. As I close this chapter, I look forward to reconnecting with former colleagues, collaborating with new partners, and pursuing opportunities at the intersection of product engineering, AI/ML innovation, and cybersecurity. If you see a way we might work together or I can help you, let’s connect. #Leadership #AI #Cybersecurity #ProductEngineering #Innovation #CareerTransition #NationalSecurity #publicservice #nextchapter #veteran
-
Grant Dasher shared thisAs they say, some news... Today, I started a new position as Distinguished Engineer (Senior Director), Cloud Security Platform at Google Cloud. In this new role, I will help the GCP team realize the vision of a secure by design cloud through shared fate. I'm excited to get to work! But first I want to take a moment to reflect. My time at CISA was the most rewarding and impactful stretch of my career to date. It was certainly quite a ride. I learned so much from Christopher Butera and Matt Hartman among many many others. While I'm excited to return to a more hands on technical role, I will miss dearly the family that makes up the CISA and USG community. To all of our partners in the USG and private sector community, I want to thank you for all time you put into helping us reduce risk to critical infrastructure. I am confident that, together, we can all carry the mission forward. I'm not going that far, so don't be a stranger. (oh, and on the picture: IYKYK)
-
Grant Dasher reposted thisGrant Dasher reposted thisTo all of our partners: CISA is deeply committed to the sustainment and evolution of the CVE Program. We understand the angst in the community. We will work collaboratively and transparently in the weeks, months, and years ahead to ensure this critical public resource is appropriately governed and evolved. Most importantly, we recognize we can’t do this alone. We need our industry and international partners to join us as we collectively forge the next chapter. https://lnkd.in/eG_7tERc
-
Grant Dasher liked thisGrant Dasher liked thisNew Role! CoreWeave has opened a new Senior Threat Intelligence Specialist role focused on protective and geopolitical intelligence. We’re looking for someone with protective intelligence experience who can also operate credibly in the geopolitical space—someone who can assess threats to executives, employees, facilities, and operations, while understanding the context shaping those threats. This is not a role where geopolitical analysis ends with a written product. The intelligence needs to translate into decisions across community engagement, executive protection, travel security, data center security, global security operations, and market expansion. The right person will be equally comfortable producing an executive briefing, supporting a fast-moving protective requirement, improving collection and alerting workflows, and turning complex global developments into clear operational recommendations. If you combine rigorous analysis, strong judgment, and a protective-intelligence mindset—and want to help build and scale an intelligence program supporting critical AI infrastructure globally—I’d encourage you to apply. 📍 Hiring in Washington DC, Bellevue, Livingston, New York, San Francisco, Sunnyvale, and Remotely in the US. 🔗 https://lnkd.in/eRgX5FvT #ThreatIntelligence #ProtectiveIntelligence #GeopoliticalRisk #GlobalSecurity #ExecutiveProtection #SecurityJobs #RiskIntelligence #IntelligenceJobs Megan O'Dwyer Brandon S. Farley
-
Grant Dasher reacted on thisGrant Dasher reacted on thisWe've been referring to NotebookLM internally as Notebook since I joined. Today we made that officially the name. A big thanks to all our users who have been passionate supporters of the product so far. We know a lot of you have attachments to the name NotebookLM even if it never really rolled off the tongue. We promise we're going to stay the same product team focused on building a great tool for research and learning focused on letting you make sense of the information you want to understand. The only change is we won't cause so many people to struggle to remember if we're NotebookLM or NotebookLLM :).
-
Grant Dasher liked thisGrant Dasher liked thisIn the last 5 years, many legislatures have introduced bills that require the use of .gov. The targets vary: state agencies, election orgs, municipalities. Not all of these have become law, but some have! We didn't have a consolidated list of these, so we made one. It includes all known U.S. state/territory bills and laws, a citation to the state code, the year enacted and date effective, a link to the legislative history, and a summary. Issues and PRs are welcome. https://lnkd.in/g5w8eE8mdotgov-data/state-laws.md at main · cisagov/dotgov-datadotgov-data/state-laws.md at main · cisagov/dotgov-data
-
Grant Dasher liked thisGrant Dasher liked thisI've been on this incredible journey learning about eVPN, including its signalling with BGP and its transport with MPLS and VxLAN. As you may know, I'm working on FD.io's Vector Packet Processing, which is a super fast dataplane that runs on comodity hardware and does easily 500Mpps+ and 1Tbps+ of throughput. In this mode, combining hardware switches (with small CAM but very fast east-west traffic), and feature rich VPP routers, has been an ongoing project for me. Originally posted on https://lnkd.in/ez2eR2Z7 I wanted to share how I am constructing a VPP eVPN/VxLAN controlplane which marries the two disciplines: hardware raw switch throughput with software-based VPP routers at 1Tbps+
-
Grant Dasher liked thisGrant Dasher liked thisI apologize if I'm not responsive on LinkedIn, but my doctor advised me to limit the intake of thought leadership
-
Grant Dasher reacted on thisYou know you did something right when you get to be a part of the NYT crossword! I am so proud of our .gov team. They are truly building something special. (And I thank Cameron D. for letting me be a little part of it.)Grant Dasher reacted on thisPretty cool to see, in Tuesday's NYT crossword! Though as I'm sure as the team will be quick to mention, .gov domains are available to state and local governments as well—not just DC/federal agencies. cc Cameron D., Erin Song, Kristina Y., Kimmie Aralar, Jaxon Silva
-
Grant Dasher liked thisGrant Dasher liked thisLarry and Sergey built Google’s early culture with a college campus feel. I loved it. Keep structure loose, let smart people follow their curiosity, and trust that talent density would produce more value than hierarchy. It worked well for attracting talent. The best people wanted to be somewhere that treated them like researchers rather than employees, and that reputation became self-reinforcing. But the same design introduced real entropy. A company built on loose structure doesn’t organize itself just because the people in it are brilliant. It fragments into strong sub-cultures and beliefs. The dissent inside that culture had a clear shape. Disagreement over the company’s external positions, policy stances, and public dimension, was visible and loud. People organized, wrote memos that circulated widely, and pushed back openly when they thought the company was wrong about something facing the outside world. Internal conformity was different, and it had its own name: being Googley. That word described a way of arguing, a style of collaboration, a set of unstated norms about behave. Deviating from it wasn’t punished outwardly, but it was noticed! It shaped who got traction for their ideas. So the culture split in two. Bold dissent was ok when pointed outward or at leadership. Dissent aimed at projects was mostly deemed un-Googley. It stayed quiet, showing up as slow-walking a project, building a quiet alternative, or asking questions that everyone understood as objections. Everyone held pocket veto. Working across groups was the clearest cost of that entropy. Every team built its own norms and its own sense of ownership. Crossing those boundaries took real effort, usually a personal relationship rather than formal process. The org chart said one thing, but influence ran through informal networks you had to build deliberately. Eric called it “a family business.” At the same time, that design gave individuals real agency. If you could articulate an idea clearly and convince the right people, you could move something, even without formal authority. Movements often started from a single person’s conviction rather than a mandate from above, and the bet was that enough of those convictions would add up to progress. It usually did, unevenly. Innovation was encouraged, and the company backed enormous numbers of experiments, but there was no strong forcing function to push most into a finished state. A lot of promising work reached an impressive stage and then quietly stalled. That’s the tradeoff Larry and Sergey chose, consciously or not. Freedom and talent density on one side, entropy and a two-track culture of dissent on the other. I think this origin still imprints on them 20 years later.
-
Grant Dasher liked thisToday marks the start of my 23rd year at Microsoft... and also the moment I share that I have accepted the Microsoft Voluntary Retirement package. My Microsoft career has been the privilege of a lifetime. I’ve been fortunate to work on challenging, identity‑focused programs alongside some of the brightest people in the company. I started as an “orange badger” on the Directory Services support team, learning from mentors who shaped everything that followed: technical depth, customer focus, and a belief that identity sits at the center of security. In 2004, I moved into the Rapid Response Engineer (RRE) role, a new model built around being onsite with customers during their most challenging moments. During that time, we were able to fundamentally shift the support experience from reactive to proactive. I’m proud to have helped build and grow the Active Directory Health Check / Risk Assessment Program with an incredible group of engineers. After Premier, I moved into Microsoft Consulting Services (MCS/ISD) exclusively working onsite with Department of War customers. Here I helped build and deliver the Enhanced Security Administrative Environment (ESAE) offering designing hardened administrative environments and privileged access strategies for some of the most sensitive missions in the world. During COVID, I had the opportunity to move into the Identity product group. My initial goal was simple: stop requiring US Government customers to stand up federation servers just to support PIV/CAC authentication. That work ultimately brought Certificate‑Based Authentication into the platform as a core capability for our federal customers. Shortly after, the White House issued Executive Order 14028, followed by OMB M‑22‑09 — both signaling the need for stronger identity capabilities across government. We translated those requirements into product work, helping drive features that are now foundational to Entra ID. I’m also proud to have delivered to US Government and Defense Industrial Base customers, focused identity and Zero Trust guidance across areas like FedRAMP, the DoD Zero Trust Strategy, CMMC, and the CISA Zero Trust Maturity Model and the identity journey to the cloud. This work only happened because of deep collaboration across Microsoft’s security teams. Microsoft has been my professional home for more than 22 years. The people, the mission, and the impact have meant everything to me. I’m deeply grateful for the teams, customers, and opportunities that shaped this journey. And none of it would have been possible without the support of my family. Thank you, Carla Brewer, for carrying so much of the load over the years of long hours and crazy travel. While this Microsoft chapter is closing, I’m excited for what comes next. More to share soon.
-
Grant Dasher liked this“Bundling distinct vulnerabilities undermines the purpose of CVE.” 🔥 “A software update may remediate many vulnerabilities. An advisory may describe many vulnerabilities. A coordinated release may include many fixes. But the CVE IDs associated with those fixes must continue to identify the underlying vulnerabilities, not merely the release vehicle used to deliver remediation.”Grant Dasher liked thisThe CVE Program’s latest blog is worth a close read — because scaling disclosure should not mean losing clarity. Check out the blog here: https://lnkd.in/giknP68M As vulnerability disclosure volume increases, the ecosystem needs practical ways to scale coordination, publication, and remediation workflows. But bundling multiple distinct vulnerabilities under one CVE ID can create ambiguity for defenders trying to determine what is affected, what is exploitable, and what action is appropriate. #CVE #VulnerabilityManagement #Cybersecurity #VulnerabilityDisclosure #CyberRisk
Experience
Education
View Grant’s full profile
-
See who you know in common
-
Get introduced
-
Contact Grant directly
Other similar profiles
Explore more posts
-
Scott Scheferman
myoos • 7K followers
Sig Murphy nailed it below. When framing risk in general, it's crucial to not cubby-hole it too narrowly. Linear thinking is the enemy here. Another risk that hasn't been talked about enough, is the INTEGRITY portion of the CIA triad. If long term damage is a motive, application (and the applications data exhaust) INTEGRITY impacts stand to do as much or more harm than either availability or confidentiality impacts. Especially true in medical, research, defense, manufacturing and AI industries. "Ignore the details, and you're missing half the picture" - someone wiser than myself. Check out his technical publication the recent NPM supply chain attack campaign....
3
-
Olga V. Mack
TermScout • 44K followers
Edge cases used to live in footnotes. Now they define the outcome. I wrote this piece after watching how quickly a rare scenario can become an everyday problem once technology moves into the physical world. When systems operate at scale, the unexpected is no longer optional. It is inevitable. The Waymo incident in San Francisco is not really about autonomous vehicles. It is about the limits of legal forecasting when we assume that “normal operations” will hold. They rarely do. Legal teams are being asked to advise on products that interact with infrastructure, people, and public trust in real time. Static risk registers and historical assumptions are not enough. We need to plan for stress, ambiguity, and failure before they happen. I explore this in the article here: https://lnkd.in/ggRiNQXF If you want to go deeper, we built a full Decision Lab that lets legal teams work through these scenarios as live judgment calls, not hypotheticals: https://lnkd.in/gRcERJB9 And if you want to experiment with this approach directly, we are opening a public beta of Coach Frankie. It is designed to teach legal judgment, not provide canned answers. https://lnkd.in/gkPe4CYP The core shift is simple but uncomfortable: the edge case is no longer at the edge. It is the work. — Olga V. Mack I build legal systems for real life.
26
6 Comments
Explore top content on LinkedIn
Find curated posts and insights for relevant topics all in one place.
View top content