Privacy/security people at PathCheck

Owned by Diarmid Mackenzie
Aug 19, 2020
2 min read

For people working on Privacy / Security at PathCheck, here’s a list of people who are either working directly on privacy/security, or in adjacent areas.

  • Thomas Donelly - has experience as a CSIO - helping us shape overall strategy & positioning on Privacy & Security + delivering some individual items.

  • Ananya Gangavarapu - Technical expert on privacy. Authored our DPIA & a bunch of other stuff.

  • Brook Schoenfield - Security expert volunteer, but with limited time available on the project. Created an inital threat model for GAEN solution, but has not been involved much since June.

  • Lina Martensson - Project volunteer with security expertise, but mostly focussed on GAEN risk algorithms and analytics.

  • Sam Zimmerman - PathCheck CTO

  • Mahdi Fahda - PathCheck IT systems

  • John Schoeman - Tech lead GAEN Mobile App

  • Sherif Kozman - Tech lead GAEN Servers - also responsible for hosting these in Google Cloud & therefore related security.

  • Dave Runkle - Test Lead for GAEN

  • Stella Nelson - Test Lead for GPS

  • Art Gibson - Implementation team. Helping to support set-up of pen testing environment at Guam (using a secondary non-production GAEN server), for use by Cobalt.io, BugCrowd etc.

  • Adam Leon Smith - Was very engaged for a few months on Privacy/Security (April to July). Mostly worked on the GPS app. Currently much less involved with the project, but still handling interface to Immuniweb pen testing.

 

External organizations

  • PagerDuty

    • Incident response system, used as part of our process for monitoring

    • Vinay Gidwaney (at PathCheck) has been helping with this.

    • See slack channel tf_pager_duty

  • Cobalt.io - Pen testing. They have offered to pen test the GAEN app + server pro bono.

  • BugCrowd - Crowdsourced pen testing.

    • 90d pen testing of GPS solution from 4 August

    • 90d pen testing of GAEN solution also offered, but not yet started. Waiting for set-up at Guam to do this.

    • Contact: michael.perry@bugcrowd.com

  • Whitesource - Composition analysis

    • Sales Contact: Jehonathan Madsen <jehonathan.madsen@whitesourcesoftware.com>

    • They offered us free access to their paid version in exchange for some PR.

    • But we are currently just using their free version (Whitesource Bolt) to scan GAEN repos.

  • Immuniweb

    • Have a free online tool for security scans of iOS & Android mobile apps, which we have used for both GPS & GAEN apps.

    • Also volunteered to pen test our GPS Mobile app for us for pro bono. As of 19 Aug 2020, this has still not been scheduled yet.

    • Contact - not known - was being run through Adam Leon Smith (see above).

  • Open Security Summit

    • Back in May/June, they did a lot of work with us on Contact Tracing.

    • They encouraged us to stay engaged with them, but we didn’t manage to keep this up

    • Adam Leon Smith was the main contact on our side.

    • Dinis Cruz was the main contact on their side. He may be open to re-engaging.

  • Daniel Oates-Lee

    • Recommended by Jonathon Wright as someone who can help us with security

    • As of 19 August, I’m trying to get a conversation going with him…

  • If you scroll back through the history of the fn_security channel, you’ll find various other organizations that offered to help with security analysis & testing in various ways, but we didn’t get much substance back from most of these…

Â