Eric Mill

Technology and policy leader working for over 15 years on making the internet a better and safer place, and keeping our democratic institutions secure and aligned with the public's interest.

Biden Administration, Multiple Roles— Mar 2021 - Jan 2025

White House, Office of Management and Budget — Senior Advisor — 2021-2023

U.S. General Services Administration — Executive Director for Cloud Strategy — 2024-2025

I was appointed by President Biden to serve as a senior advisor on technology and cybersecurity to the Federal Chief Information Officer, and in an executive role at GSA focused on overhauling the government's cloud security review process, FedRAMP.

From the White House OMB, partnered closely with the National Cyber Director to create what became the Open-Source Software Security Initiative (OS3I).
Led the initial work, in the wake of Log4shell, to convene federal agencies and the open source software community around strengthening and funding open source security and memory safety. This work served as an early foundation for the National Cyber Director's broader "Back to the Building Blocks" initiative to drive improvements in memory safety and measurable software security.

Lead author of the federal zero trust strategy, a component of the President's executive order on cybersecurity that set technical mandates and strategic goals that apply modern information security principles to the federal environment.
Negotiated the FedRAMP Authorization Act, then led development of what became new White House policy on FedRAMP that implemented that law. In 2024, I directly oversaw FedRAMP and its federal and contract staff at GSA. With an excited and growing team, I established its first public roadmap, hired key technology leaders, and put the program on new footing for 2025.

Google, Chrome Browser— Mar 2020 - Mar 2021

As the Lead Product Manager for Chrome Security, I was responsible for the security strategy of the Chrome web browser.

I led the creation of new features in Chrome, partnered with other browsers to make the web a safer place, and represented Chrome in making security-critical decisions inside and outside of Google.

Launched security initiatives in Chrome, including stronger defenses against phishing attacks and malware.
Oversaw rollout of trailblazing security measures that eliminated silently insecure connections while submitting sensitive data and downloading programs, without causing significant breakage to the web.

Developed the user research and early product case for what later became the removal of the lock icon in 2023, a major milestone for the web and user safety.
Led Chrome's security engagements with the web community and other browsers, including its oversight of HTTPS certificates.

U.S. Senate Committee on Rules and Administration— Feb 2019 - Dec 2019

As Senior Technology Advisor on the Senate Committee on Rules and Administration's Democratic staff, I led the committee's work on establishing the .gov domain in law, and introducing modern vulnerability disclosure policies into U.S. election administration.

The Senate Committee on Rules and Administration is the committee of jurisdiction over federal elections and campaigns, as well as oversight of the Senate and the legislative branch. I supported then-Ranking Member Sen. Amy Klobuchar, serving on the committee through the TechCongress program.

A principal staff author of the DOTGOV Act, a bipartisan law that strengthened the .gov internet domain and made .gov domains free and easy to use for public institutions throughout the United States.

Led efforts to create vulnerability disclosure programs for election systems, resulting in first-of-their-kind policies in place ahead of the 2020 U.S. presidential election.

U.S. General Services Administration— May 2014 - Dec 2018

Over multiple roles at GSA and 18F, I aligned the U.S. government around encrypting the web with HTTPS, introduced vulnerability disclosure policies and bug bounties to the civilian government, and helped launch Login.gov.

Served as Senior Advisor for GSA's Technology Transformation Services (Aug 2016 - Aug 2018), as Deputy Director for Login.gov (Aug 2018 - Dec 2018), and as a Software Engineer for 18F (May 2014 - Aug 2016).

Co-authored the White House policy mandating strong encryption (HTTPS) across all federal web services. Oversaw agency implementation and established public monitoring of progress, and supported DHS implementation of their own web security directive in 2017.
Oversaw Login.gov, a single user account for public government services. Assessed security and privacy risk, and helped lead the overall program and its product direction and strategy.

Led the creation of 18F's public bug bounty and vulnerability disclosure policy, the first in the U.S. government for a civilian agency, coordinating with the Department of Justice and Department of Defense.
Partnered with major web browsers to automatically enforce encryption for new .gov domains in the executive branch, making .gov the first top-level domain on the internet to take such an action.

Sunlight Foundation— Feb 2009 - May 2014

The Sunlight Foundation was a non-partisan non-profit dedicated to increasing government transparency through technology. I was a core software engineer on Sunlight's technology team, and a program officer on its international team.

Co-authored a civil society campaign dedicated to releasing government data and software to the public domain whose recommendations were followed by the White House and various government agencies.
Represented Sunlight on relevant policy issues to the U.S. government, and developed strategic partnerships with U.S. and international NGOs.

Created the "Congress" app for Android, which provides live updates on the people and work of Congress. The app has been used by tens of thousands of professionals and citizens, as well as staff and members of Congress.
Created the Sunlight Congress API, a free service that provided live data feeds of Congress' work to thousands of users and applications.

Prior Roles and Education

Self-employed — Nov 2008 - Feb 2009 — Freelance consultant performing software development.
Blue State Digital — Aug 2008 - Nov 2008 — Software Engineer supporting the Obama 2008 presidential campaign.
thoughtbot, inc. — Aug 2006 - Aug 2008 — Software Engineer at a Ruby-based technology consultancy.
Tenebril, inc. — Aug 2005 - Aug 2006 — Junior Researcher at a (now defunct) anti-spyware company.
Worcester Polytechnic Institute — graduated May 2005 — Bachelor's in Computer Science.

Other Work

Accelerated the internet-wide removal of the insecure SHA-1 algorithm for certificate signing, through approachable writing and useful technical tools.

Created isitchristmas.com, an inexplicably popular service for determining the status of Christmas, used by millions of people around the world to interact with each other and to manipulate their Christmas lights.