Arkadiy Tetelman A security blog


My name is Arkadiy Tetelman - I live in San Francisco and work as Head of Application & Infrastructure Security at Chime. Previously I worked as:

  • Head of Security at Lob
  • Application Security at Airbnb
  • Application Security at Twitter
  • Backend Engineer at CardSpring (acquired by Twitter)

I graduated from UC Berkeley with degrees in Computer Science and Applied Mathematics.

Conference Talks:

  • SecuriTEA & Crumpets Podcast, 4/29/2022 (video)
  • Accel Scholars: How to Grow Your Engineering Career, UC Berkeley, 4/13/2022
  • Comparative Prodsec Programs, Enigma, 2/2/2021 (video)
  • Security Culture, Tech Trek podcast, 11/24/2020 (audio)
  • Non-Political Security Learnings from the Mueller Report
    • BSides San Francisco, 2/23/2020 (slides, video)
    • BSides Dallas, 11/2/2019 (slides)
    • Appsec Global DC, 9/12/2019 (slides)
  • Concrete Steps to Create a Security Culture, BSides San Francisco, 3/4/2019 (slides, video)
  • Enlisting Ethical Hackers to Solve Cyber Risk, RIMS Cyber Risk Forum, 10/4/2018
  • Data Driven Bug Bounty, BSides San Francisco, 4/15/2018 (slides, video)


Some of my currently active open source projects include:

  • bounty-targets-data: an hourly-updated repo containing a list of all Hackerone/Bugcrowd in-scope domains

  • aws_public_ips: a tool for fetching all public IP addresses tied to an AWS account
  • zoom-redirector: a browser extension to open Zoom meetings using their hidden web client
  • ssrf_filter: a ruby gem for protecting against server side request forgery vulnerabilities
  • chrome-extension-downloader: a command line utility for downloading and unpacking chrome extensions from the Chrome Web Store
  • free-ft: a Chrome extension to give free access to unlimited articles on the Financial Times
  • dftest: a small command line utility for testing server responses to domain-fronting requests

I also maintain a vulnerability disclosure program on Hackerone for my projects.


I’m available for security consulting and other inquiries. You can email me at:

  • hello{at} [PGP]

Or message me on Wire (@arkadiyt).