Chongyang Shi

Security Engineer · London, UK · [email protected] · GPG Key

I am currently a Staff Engineer at Google DeepMind, focusing on the security of agentic AI models and systems in untrusted evironments.

Previously I worked on infrastructure security and site reliability engineering on AWS, GCP, and Kubernetes.

Full CV available on request.


Employment History

Staff Software Engineer, Security (2024 - Present)
Senior Software Engineer, Security (2023 - 2024)
Software Engineer, Security (2022 - 2023)

I tech lead the adversarial evaluation and mitigations effort on generative agentic AI within the Google DeepMind Privacy & Security Team, working with Gemini, Bard, Workspace, and other AI efforts at Google to help them stay secure under adversarial interactions in untrusted environments.

June 2022 - Present

Senior Infrastructure Engineer, Security (2021 - 2022)
Backend Engineer, Security (2018 - 2020)

As a senior individual contributor for the security of Monzo's banking infrastructure, I designed and built security infrastructure and applications for the AWS and Kubernetes-based platform, improving its resiliency to external and internal threats. I designed and implemented extensive automations to enforce least privilege, minimise human access to sensitive data, and enable effective auditing at all levels of the infrastructure. Additionally, I provided routine DevSecOps coverage for the platform, and contributed to its long-term security and compliance strategies.

Blog Post: How we secure Monzo’s banking platform

Blog Post: Controlling outbound traffic from Kubernetes

June 2021 - June 2022
August 2018 - July 2020

Security Engineer

As a senior security engineer for OVO’s energy technology subsidiary Kaluza, I worked to protect the energy retail platform. My primary focus was the infrastructure security of this cloud-native energy retail platform built on both AWS and GCP; building security tooling and defensive & detective controls for Kubernetes clusters, CI/CD pipelines, managed services. Additionally, I acted as a mentor to junior security engineers on infrastructure security and DevOps; and advised and contributed to platform-level projects from security and compliance perspectives.

Blog Post: Building a secure CI/CD pipeline for Terraform Infrastructure as Code

Blog Post: Kubernetes security monitoring on a decentralised, multi-cluster platform

July 2020 - June 2021

Web Developer Intern

Full-stack web development for a property management system in PHP on Zend, MySQL, and jQuery. I also worked on tools to reduce back-office cost, and improved the codebase’s security.

June 2016 - August 2016

Education

Christ's College, University of Cambridge

Master of Philosophy

Passed with Distinction

September 2017 - June 2018

University of York

Bachelor of Engineering

First Class Honours, with Distinction

September 2014 - June 2017

Miscellaneous

I work on a range of personal and open-source projects related to security, DevOps, or just hobby; which can be found via my GitHub profile.

I also operate a personal, cost-optimised Kubernetes cluster to host many of these projects. This personal page you are reading is in fact served from within the cluster!

In addition to speaking English and Chinese (Mandarin) at a native or near-native level, I also speak German at an elementary level.