Eric Mill

Technology and policy leader working to defend democracy, strengthen the internet, and modernize the U.S. government.

Executive Office of the President— March 2021 - Present

I serve in the White House in the Biden administration as the Senior Advisor on Technology and Cybersecurity to the Federal Chief Information Officer, Clare Martorana.

The Office of the Federal Chief Information Officer sets policy for how federal agencies use technology and manage their cybersecurity, as part of the Office of Management and Budget.

Lead author of the Federal Zero Trust Strategy, a White House policy that implements President Biden's Cybersecurity Executive Order through forward-leaning technical mandates and strategic goals that apply modern information security principles to the federal environment.
In partnership with the Office of the National Cyber Director, leading an initiative to strengthen open source software security, by coordinating action among federal agencies and listening to the open source community.

Leading other administration policy initiatives in emerging technology, such as preparing for the migration to post-quantum cryptography, and modernizing digital identity verification in government programs.
Launched a new strategy and financial structure for $1 billion of the Technology Modernization Fund, a investment fund overseen by a board of government technology leaders and chaired by the Federal Chief Information Officer.

Google, Chrome Browser— March 2020 - March 2021

As the Lead Product Manager for Chrome Security, I was responsible for the security strategy of the Chrome web browser.

I led the creation of new features in Chrome, partnered with other browsers to make the web a safer place, and represented Chrome in making security-critical decisions inside and outside of Google.

Launched security initiatives in Chrome, including stronger defenses against phishing attacks and malware.
Oversaw rollout of trailblazing security measures that eliminated silently insecure connections while submitting sensitive data and downloading programs, without causing significant breakage to the web.

Led Chrome's security engagements with the web community and other browsers, including its oversight of HTTPS certificates.
Researched simpler approaches to the display of URLs, to make it easier for users to identify deceptive websites.

U.S. Senate Committee on Rules and Administration— Feb 2019 - Dec 2019

Served as the Senior Technology Advisor to ranking member Sen. Amy Klobuchar on the Democratic staff of the Senate Rules Committee, through the TechCongress program. The Senate Rules committee is the committee of jurisdiction over federal elections and campaigns, as well as oversight of the Senate and the legislative branch.

As a senior policy aide, I handled the committee's technology portfolio, with a particular focus on election security.

Led efforts to create vulnerability disclosure programs for election systems. Convened federal and state officials, voting companies, and security researchers to create safe public channels to report security issues in election systems, resulting in first-of-their-kind policies in place during the 2020 U.S. presidential election.
Developed bipartisan legislation to strengthen the .gov internet domain.

Conducted oversight of voting companies and federal agencies involved in administering and securing federal elections.
Pressed federal agencies and technology companies to better support state and local election officials in defending against misinformation campaigns and spearphishing.

U.S. General Services Administration— May 2014 - December 2018

Served as Senior Advisor for GSA's Technology Transformation Services (Aug 2016 - Aug 2018), as Deputy Director for Login.gov (Aug 2018 - Dec 2018), and as a Software Engineer for 18F (May 2014 - Aug 2016).

In my time with GSA and 18F, I oversaw some of its key programs, led its government-wide technology and policy initiatives, and shaped its overall strategy and cybersecurity posture.

Co-authored a White House policy mandating strong encryption (HTTPS) across all federal web services. Oversaw agency implementation and established public monitoring of progress, and supported DHS implementation of their own web security directive in 2017.
Oversaw Login.gov, a single-sign-on for public government services. Assessed security and privacy risk, and helped lead the overall program and its product direction and strategy.

Led the creation of 18F's public bug bounty and vulnerability disclosure policy, the first in the U.S. government for a civilian agency, in coordination with the Department of Justice and Department of Defense.
Partnered with major web browser companies to automatically enforce encryption for new .gov domains in the executive branch, making .gov the first top-level domain on the Internet to take such an action.
Testified to the presidential Commission on Enhancing National Cybersecurity, presenting cybersecurity recommendations as an invited technology expert.

Sunlight Foundation— February 2009 - May 2014

The Sunlight Foundation is a non-partisan non-profit dedicated to increasing government transparency through technology. I was a core software engineer on Sunlight's technology team, and a program officer on its international team.

Co-authored a civil society campaign dedicated to releasing government data and software to the public domain whose recommendations were followed by the White House and various government agencies.
Represented Sunlight on relevant policy issues to the U.S. government, and developed strategic partnerships with U.S. and international NGOs.
Created a volunteer-driven system for collecting the work of the US government's oversight community and making it searchable to the public.

Created the "Congress" app for Android, which provides live updates on the people and work of Congress. The app has been used by tens of thousands of professionals and citizens, as well as staff and members of Congress.
Created the Sunlight Congress API, a free service that provided live data feeds of Congress' work to thousands of users and applications.
Created Scout, a free search engine and alert notification system for government activity from all branches of government, that served thousands of users.

Prior Roles and Education

Self-employed — Nov 2008 - Feb 2009 — Freelance consultant performing software development.
Blue State Digital — Aug 2008 - Nov 2008 — Software Engineer supporting the Obama 2008 presidential campaign.
thoughtbot, inc. — Aug 2006 - Aug 2008 — Software Engineer at a Ruby-based technology consultancy.
Tenebril, inc. — Aug 2005 - Aug 2006 — Junior Researcher at a (now defunct) anti-spyware company.
Worcester Polytechnic Institute — graduated May 2005 — Bachelor's in Computer Science.

Other Work

Accelerated the internet-wide removal of the insecure SHA-1 algorithm for certificate signing, through approachable writing and useful technical tools.

Created isitchristmas.com, an inexplicably popular service for determining the status of Christmas, used by millions of people around the world to interact with each other and to manipulate their Christmas lights.