From NFC Startups to Confidential Computing: My Journey Through the World of Trusted Service Providers

Back when mobile payments were still in their infancy—long before Apple Pay became a household name—I found myself captivated by the possibilities of NFC technology. As a grad student at Dalhousie University, I started tinkering with NFC and co-founded a small startup called Alfred NFC, where we experimented with peer-to-peer transactions. That was my first real taste of what would become a lifelong fascination with secure technology ecosystems.

As graduation approached and the reality set in that Alfred NFC wouldn't become the next big thing, I faced a crossroads. I applied to countless Canadian companies and banks for NFC-related work—anything that would let me stay in this space I was so passionate about. But the callbacks never came. So I pivoted: I interviewed for several Java developer roles and received multiple offers. It was a safe, predictable path forward.

But something in me wasn't ready to let go. In what felt like a last-ditch effort, I sent a cold LinkedIn message to the CTO of Bell ID, a Dutch company I'd been following that was doing cutting-edge work in mobile payments.

By some miracle, he responded. And he gave me an opportunity that would completely change the trajectory of my career.

Discovering Trusted Service Providers: My Time with Bell ID

What came next was a deep dive into the world of trusted service providers (or TSPs). At the time, this Dutch company was pioneering how secure elements and payment credentials were managed, and they introduced me to a complex ecosystem where controlling the keys to the secure element was the name of the game. It was here that I began to understand the intricate dance between banks, telecoms, and technology providers—all competing to own the mobile payment experience.

Pioneering Host Card Emulation at RBC

Of course, this was all before Apple Pay standardized tokenization for the masses. Back then, banks, telecoms, and all sorts of players were vying to figure out how to get their piece of the mobile payment pie. That's when I joined the Royal Bank of Canada and worked with a team to launch the first major implementation of Host Card Emulation (HCE) in North America. Instead of relying on a physical secure element inside the phone, HCE allowed us to emulate that functionality in software. We even innovated a system where a limited number of derived keys could be used for transactions, ensuring security even without hardware-based tamper-proof elements.

But my work at RBC went beyond payments. While building a platform for data collaboration involving sensitive data, I had another pivotal realization: privacy was much more than security. This insight was profound enough that I pursued and earned my Certified Information Privacy Technologist (CIPT) certification. Our work wasn't just about protecting transactions—it was about thinking holistically about fraud, identity, data governance, and the entire privacy and security journey.

Meeting Dan Boneh and the Leap to Confidential Computing

As part of that innovation journey, I had a pivotal meeting with Dan Boneh, one of the leading cryptographers in the world. He introduced me to Intel SGX, and it absolutely blew my mind. Suddenly, the concepts of secure elements—hardware-based trusted execution environments—could be applied at a much larger scale on the server side. That was my introduction to what we now call confidential computing—a term that came later, but a concept that immediately hooked me. It felt like the natural evolution of everything I'd been working on—a way to bring the same level of security we once relied on in hardware into the cloud.

I was fortunate enough to meet not only Dan Boneh but also Whitfield Diffie, the co-inventor of public-key cryptography. Being in the presence of these pioneers who literally shaped modern cryptography was both humbling and inspiring.

Going Deeper: My Year at Fortanix

That fascination led me to join Fortanix, a startup focused on making confidential computing accessible to developers. For a year, I worked on simplifying the complex process of bringing applications to Intel SGX, building tools and frameworks that would let developers leverage trusted execution environments without needing to become cryptography experts. It was during this time that I also built products around Confidential AI—exploring how machine learning models could run securely in enclaves, protecting both the models and the data being processed. This experience gave me hands-on expertise in the practical challenges of confidential computing and opened my eyes to its transformative potential across industries.

Conclusion: From Mobile Payments to the Future of Cloud Security

So here I am now, a Senior Product Manager at Microsoft, working on confidential computing and helping shape the next generation of cloud security. It's fascinating to look back and see how a journey that started with mobile payments and Android apps led me to this cutting-edge field. What began as curiosity about who controls the keys has evolved into a mission to make cloud computing as secure as the most trusted hardware. I'm excited to see where this journey takes us next.